Malware Analysis Report

2025-03-15 03:50

Sample ID 250221-2njvessnhn
Target Chrome.msi
SHA256 1924b09ff1e25fe9d39bad70f094766863f366543658627fe94f435b07da6109
Tags
blackmoon fatalrat banker discovery infostealer persistence privilege_escalation rat spyware stealer trojan vmprotect
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1924b09ff1e25fe9d39bad70f094766863f366543658627fe94f435b07da6109

Threat Level: Known bad

The file Chrome.msi was found to be: Known bad.

Malicious Activity Summary

blackmoon fatalrat banker discovery infostealer persistence privilege_escalation rat spyware stealer trojan vmprotect

Detect Blackmoon payload

Blackmoon, KrBanker

Blackmoon family

Fatalrat family

FatalRat

Fatal Rat payload

VMProtect packed file

Enumerates connected drives

Event Triggered Execution: Image File Execution Options Injection

Boot or Logon Autostart Execution: Active Setup

Checks computer location settings

Drops file in System32 directory

Event Triggered Execution: Component Object Model Hijacking

Drops file in Program Files directory

Loads dropped DLL

Drops file in Windows directory

Executes dropped EXE

Checks system information in the registry

Checks installed software on the system

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

System Location Discovery: System Language Discovery

Browser Information Discovery

Event Triggered Execution: Installer Packages

Reads user/profile data of web browsers

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Delays execution with timeout.exe

Checks processor information in registry

Checks SCSI registry key(s)

Uses Volume Shadow Copy service COM API

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-21 22:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-21 22:43

Reported

2025-02-21 22:46

Platform

win7-20240903-en

Max time kernel

150s

Max time network

146s

Command Line

C:\Windows\system32\svchost.exe -k DcomLaunch

Signatures

Blackmoon family

blackmoon

Blackmoon, KrBanker

trojan banker blackmoon

Detect Blackmoon payload

Description Indicator Process Target
N/A N/A N/A N/A

FatalRat

stealer trojan fatalrat

Fatalrat family

fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\VisualElements\LogoBeta.png C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\eventlog_provider.dll C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\nacl_irt_x86_64.nexe C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_da.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_en-GB.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\Locales\cs.pak C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\WidevineCdm\LICENSE C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdateOnDemand.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_hi.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_kn.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ur.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\Locales\tr.pak C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_hu.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_lv.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_hi.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\Locales\en-US.pak C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_pt-BR.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_vi.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ta.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdateCore.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_tr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_kn.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\Locales\da.pak C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\Locales\hr.pak C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\libGLESv2.dll C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_ja.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_pt-PT.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\Locales\hi.pak C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2872_1903343570\Filtering Rules C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_fa.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\VisualElements\SmallLogoBeta.png C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_cs.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_zh-CN.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\Locales\lt.pak C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ja.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_sk.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\Locales\th.pak C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\VisualElements\SmallLogoCanary.png C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_lv.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ru.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\vk_swiftshader_icd.json C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdateComRegisterShell64.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\psmachine_64.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_bn.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\Locales\kn.pak C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_mr.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_zh-TW.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleCrashHandler64.exe C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdateSetup.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_sv.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ca.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\chrome_ComponentUnpacker_BeginUnzipping2872_1903343570\manifest.fingerprint C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_fa.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_pt-BR.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\Locales\nl.pak C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_mr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_zh-CN.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ms.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\psuser.dll C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1460_1668739909\Chrome-bin\109.0.5414.120\Locales\el.pak C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\f76d7eb.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\f76d7e8.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID930.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDAF8.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76d7eb.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDC40.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f76d7e8.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID836.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID970.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDA1C.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\setup\aa.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\setup\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\109.0.5414.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\ProgramData\setup\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\109.0.5414.120_chrome_installer.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Smart\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\setup\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\ C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\Group = "Fatal" C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\InstallTime = "2025-02-21 22:44" C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{909489C2-85A6-4322-AA56-D25278649D67} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ = "IProcessLauncher" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\ChromeHTML\DefaultIcon C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachine\ = "Google Update Broker Class Factory" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods\ = "24" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods\ = "9" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ProgID\ = "GoogleUpdate.Update3WebMachine.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\NumMethods\ = "23" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\win32 C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ = "IAppCommand2" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ = "IAppBundleWeb" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID\ = "GoogleUpdate.Update3WebMachine" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{708860E0-F641-4611-8895-7D867DD3675B}\AppID = "{708860E0-F641-4611-8895-7D867DD3675B}" C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\AppID = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D656199B-93F2-4D64-AA2F-96BD3F18D40E}\InprocHandler32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ = "IPolicyStatusValue" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusSvc.1.0\ = "Google Update Policy Status Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ELEVATION C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\ChromeHTML\shell\open C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine\ = "Google Update Broker Class Factory" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LOCALSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ProgID\ = "GoogleUpdate.CoreMachineClass.1" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalizedString = "@C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\goopdate.dll,-3000" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D656199B-93F2-4D64-AA2F-96BD3F18D40E}\InprocHandler32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\ChromeHTML C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods\ = "41" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\ProgramData\Smart\setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1604 wrote to memory of 2640 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1604 wrote to memory of 2640 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1604 wrote to memory of 2640 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1604 wrote to memory of 2640 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1604 wrote to memory of 2640 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1604 wrote to memory of 2640 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1604 wrote to memory of 2640 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2640 wrote to memory of 108 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 2640 wrote to memory of 108 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 2640 wrote to memory of 108 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 2640 wrote to memory of 108 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 108 wrote to memory of 2440 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 108 wrote to memory of 2440 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 108 wrote to memory of 2440 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 108 wrote to memory of 2440 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 108 wrote to memory of 1964 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 108 wrote to memory of 1964 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 108 wrote to memory of 1964 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 108 wrote to memory of 1964 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 108 wrote to memory of 2804 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 108 wrote to memory of 2804 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 108 wrote to memory of 2804 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 108 wrote to memory of 2804 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 2804 wrote to memory of 612 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 108 wrote to memory of 2208 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 108 wrote to memory of 2208 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 108 wrote to memory of 2208 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 108 wrote to memory of 2208 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 108 wrote to memory of 2244 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 108 wrote to memory of 2244 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 108 wrote to memory of 2244 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 108 wrote to memory of 2244 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 108 wrote to memory of 1456 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 108 wrote to memory of 1456 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 108 wrote to memory of 1456 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 108 wrote to memory of 1456 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 108 wrote to memory of 1292 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 108 wrote to memory of 1292 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 108 wrote to memory of 1292 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 108 wrote to memory of 1292 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 108 wrote to memory of 916 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 108 wrote to memory of 916 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 108 wrote to memory of 916 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 108 wrote to memory of 916 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 832 wrote to memory of 1464 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 832 wrote to memory of 1464 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 832 wrote to memory of 1464 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 832 wrote to memory of 1464 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 832 wrote to memory of 1464 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 832 wrote to memory of 1464 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 832 wrote to memory of 1464 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 916 wrote to memory of 612 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 108 wrote to memory of 3068 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 108 wrote to memory of 3068 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 108 wrote to memory of 3068 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 108 wrote to memory of 3068 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 108 wrote to memory of 3068 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 108 wrote to memory of 3068 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 108 wrote to memory of 3068 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 3068 wrote to memory of 2852 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe
PID 3068 wrote to memory of 2852 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe
PID 3068 wrote to memory of 2852 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe
PID 3068 wrote to memory of 2852 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe
PID 3068 wrote to memory of 2852 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Chrome.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005D4" "000000000000058C"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding D03C715E2789432E81318CFC5491180E

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /c timeout /nobreak /t 7 & C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData & C:\ProgramData\Packas\scrok.exe & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & timeout /nobreak /t 2 & C:\ProgramData\Smart\TjNkNpAilaYvt.exe start & C:\ProgramData\Packas\scrok.exe & del C:\ProgramData\Packas\scrok.exe & C:\ProgramData\setup\setup.exe

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 7

C:\ProgramData\setup\aa.exe

C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 2

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe start

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

"C:\ProgramData\Smart\TjNkNpAilaYvt.exe"

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\setup.exe

"C:\ProgramData\Smart\setup.exe"

C:\ProgramData\setup\setup.exe

C:\ProgramData\setup\setup.exe

C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEYzMzNERTAtQzM4MS00MzAxLTg0N0EtQUFBOUU2QjhGODI3fSIgdXNlcmlkPSJ7OTE5NjU1M0ItNUUyQy00NzNGLThCNjctRTRDRTdDREVDNzFGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezU5RTFEOEI1LURGQzEtNDJBQi1BRTIzLUU2REU5MzVEMEFDNX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjE1MSIgbmV4dHZlcnNpb249IjEuMy4zNi4zMTIiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7OUYwQzFGNDQtMUM1MC0zOTZBLTQ4M0EtMDhEQTQ4OTZGRjBCfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxMjMyIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{8F333DE0-C381-4301-847A-AAA9E6B8F827}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\109.0.5414.120_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\109.0.5414.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\gui4CAC.tmp"

C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\gui4CAC.tmp"

C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fde1148,0x13fde1158,0x13fde1168

C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{F5316017-323B-4E05-865C-7C55DEB6206A}\CR_DED34.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fde1148,0x13fde1158,0x13fde1168

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEYzMzNERTAtQzM4MS00MzAxLTg0N0EtQUFBOUU2QjhGODI3fSIgdXNlcmlkPSJ7OTE5NjU1M0ItNUUyQy00NzNGLThCNjctRTRDRTdDREVDNzFGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0JCNDNDOTU3LUZEN0QtNDkwOS1BRjcxLTNENDJERTFFQThENH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuNTQxNC4xMjAiIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTcxIiBpaWQ9Ins5RjBDMUY0NC0xQzUwLTM5NkEtNDgzQS0wOERBNDg5NkZGMEJ9IiBjb2hvcnQ9IjE6MWc4eDoiIGNvaG9ydG5hbWU9IldpbmRvd3MgNyI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9lZGdlZGwubWUuZ3Z0MS5jb20vZWRnZWRsL3JlbGVhc2UyL2Nocm9tZS9jemFvMmhydnBrNXdncXJrejRra3M1cjczNF8xMDkuMC41NDE0LjEyMC8xMDkuMC41NDE0LjEyMF9jaHJvbWVfaW5zdGFsbGVyLmV4ZSIgZG93bmxvYWRlZD0iOTMxMjI2MDAiIHRvdGFsPSI5MzEyMjYwMCIgZG93bmxvYWRfdGltZV9tcz0iMTA5OTgiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjM0NDciIGRvd25sb2FkX3RpbWVfbXM9IjExNzkzIiBkb3dubG9hZGVkPSI5MzEyMjYwMCIgdG90YWw9IjkzMTIyNjAwIiBpbnN0YWxsX3RpbWVfbXM9IjI3MDAzIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5ec6b58,0x7fef5ec6b68,0x7fef5ec6b78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1436 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1200 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2092 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2104 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3116 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3288 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1428 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3388 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3592 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3712 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3608 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3844 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3688 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3692 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4016 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4032 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3772 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1664 --field-trial-handle=1336,i,6533139064998072625,6217458064254603255,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 a17.nbdsnb2.top udp
US 8.8.8.8:53 a17.yydsnb1.top udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 216.58.201.99:80 o.pki.goog tcp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.117.145:80 crl.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.17.5.133:80 www.microsoft.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
GB 172.217.169.78:443 clients2.google.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.206:80 redirector.gvt1.com tcp
US 8.8.8.8:53 r5---sn-aigl6nzk.gvt1.com udp
GB 74.125.175.106:80 r5---sn-aigl6nzk.gvt1.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.234:443 ogads-pa.googleapis.com tcp
GB 172.217.16.234:443 ogads-pa.googleapis.com udp
GB 216.58.201.99:443 o.pki.goog tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
GB 142.250.178.14:443 play.google.com udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 216.58.201.99:443 update.googleapis.com udp

Files

C:\Windows\Installer\MSID836.tmp

MD5 c7fbd5ee98e32a77edf1156db3fca622
SHA1 3e534fc55882e9fb940c9ae81e6f8a92a07125a0
SHA256 e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6
SHA512 8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

C:\Windows\Installer\MSID970.tmp

MD5 ae463676775a1dd0b7a28ddb265b4065
SHA1 dff64c17885c7628b22631a2cdc9da83e417d348
SHA256 83fbfcaff3da3eb89f9aec29e6574cf15502fd670cbb2ab0c8a84451b2598b22
SHA512 e47c2db249e7a08c5d2864671fbc235e48aebecbe0b2c2334d1a4cba1b5b3037522ff89408589f3559b3a1eaf507bd338645387d55800029bb3b941d4c7744d6

C:\Config.Msi\f76d7ec.rbs

MD5 8f0fb5bbbdf9d209670b8aaaf8f9dc41
SHA1 e0cf54954f65bc97f2b9f6378d11220385fdf134
SHA256 d1f9676bc51acd01862c1c6a4dbc72d9cd429a7fc80757cd179d6ea0f778ad55
SHA512 5b3b34b46b5fbdea197b33a23bd60382045b6d18e10bc4ec395e10143fdaf59b602b3b4f9ffcec6cc14964fcdda67505dab62032e853dbcd69214876bbf279fc

\ProgramData\setup\aa.exe

MD5 09c448be7e7d84e6e544cc03afbb05d8
SHA1 ddc13e71a72bc49c60f89b98cbb79c2449cfa07e
SHA256 a0f127a70943b0262060498c1723c795a8e2980f1acf0c42ee8c1dae72ae54b5
SHA512 e5f7a988a999e7e34d0aa2d2a5b2fbb22689588d3def4bed4518ceed38710e3714c5614bab192b0ce6bcac5172a87ebf3b3b923e495eb7344c70bd11f4bf1c12

C:\ProgramData\setup\ddd

MD5 9bd359e3956d119811c3a6abef58e644
SHA1 9f221781f406ebcb15fc2c02d5d259116155c734
SHA256 ead38673817c84de77a4d2fe6118e6a96f863e3db38f73518007caa2af676146
SHA512 7f817794728e532da07424c621eeef161501644d137068895391505d7110f1f8ee9dc76944946e3960f84e462c66fd82ee61b619ca91a07166aed5d3434f618b

memory/1964-56-0x0000000000400000-0x0000000000510000-memory.dmp

\ProgramData\Packas\scrok.exe

MD5 a03b2eaa4d517fd935bb0032d444f22d
SHA1 014864aac638b7c04b4d50e6c39d7266eafda773
SHA256 6fd145b1de7d0a143fd25274544d5e3c4ecee06cf3e31631d51cae8ca3e25f01
SHA512 68a253fcdb3cd1a086fe93fa7c8a7500d6b5414bdfc0dad555973697d4fb552e09088b849573f705ca91b1652ddd4572842b82d40f5821761b3ac299e465be51

memory/2804-63-0x0000000077010000-0x0000000077012000-memory.dmp

memory/2804-61-0x0000000077010000-0x0000000077012000-memory.dmp

memory/2804-65-0x0000000077010000-0x0000000077012000-memory.dmp

memory/612-69-0x00000000011A0000-0x00000000011C9000-memory.dmp

memory/2804-66-0x000000013F3B0000-0x000000013F969000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

MD5 d305d506c0095df8af223ac7d91ca327
SHA1 679cb4c763c84e75ccb0fa3475bd6b7a36e81c4a
SHA256 923111c7142b3dc783a3c722b19b8a21bcb78222d7a136ac33f0ca8a29f4cb66
SHA512 94d369a4db88bff9556a1d7a7fb0188ed935c3592bae09335542c5502ec878e839177be63ac3ab4af75d4dc38a3a4f5d0fd423115ac72cf5dd710c59604db796

memory/2208-75-0x0000000000E90000-0x0000000000F66000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.xml

MD5 2c706293a3cfff8cc184a8e9a3b3da08
SHA1 873d7c9f51aa6cebd4ad3ae5930d1de84bb4437d
SHA256 ed28baf8be3a588d50ed246c2cd741bbd498aee74ea0675d57e0b33236e22067
SHA512 4aba3e25507ba5c29219ff51553f3616d07aeeb30f7465f9e921eea94cdcb411d1f48d1eefed647c22405df275e7f9d7506aac52202aae137391c6831463b043

memory/2244-83-0x0000000000170000-0x0000000000246000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 3ecd298425f9d44fb6725edb0c2a2cc4
SHA1 73e7e75bbb72ab07f36fd4ae61426dd4fc367a2f
SHA256 6d2c618eaba5494ef3ebd83b4ba0c455c50faf710342c946ed2336463b4feaae
SHA512 f79de0a7e00d2a6cf264787645fe5eef588f27d4aec3b873443ad5d49c6411cdddc90c84c3a028249380a3df0bc4f527ece0b2e8d0af8247d55e2fd2deb0d19c

memory/1292-92-0x0000000000EC0000-0x0000000000F96000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 f6abe9aa69ab889269eabf135f5001c1
SHA1 e80df0acd049c98fddace82450bb86f3eddb6e1f
SHA256 97209b2bcb35025385a41dcb133ea4d41702bbfabdadf434e1ddb1909af2295a
SHA512 3162ad7aa7cc13ea79981be13aaf5482509c13c40934badb609dce5627a93aff4d12983b06df680feb852e67f744547761665b8e1d6fd43a3e6738149c86f2c0

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 6a8f842a9eadaf0f5278680172d933dc
SHA1 324e46eb2f943f3e1030ac617c50d8ea2dbdcd89
SHA256 ed04f52fb4b3bca8a0e3c6623d8c6583e10bab1e80c047dfb096584045095bb4
SHA512 6dbd70b06bd13f49965272e90a773fe9d08a6e612c091593a675e9b6d8a6ebe50b95bc25bcb16c8770e8bc157d7d0f90957aaa13fe927e1aa5603ef2af39314c

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 2ce5ed306f9a0517fd064b543d345d15
SHA1 522b916b56114c4bf98891fc1b5e4799099e311f
SHA256 44375c898168aa22fd4fd9692e689aba3a9d3cb649201e40e83f16e5f9391bd9
SHA512 e25cbc52b9f096593e2149e783c8a436ec7121015e22cb308d94f6ee5e0df64519913946b90e0e2ce45f34dd2d44611fb95ddae4d28de80bc23ad5004730024f

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 427c8d2ce7d4aab327b3c974f62757f9
SHA1 ce372d5062e210314eb056728cd9c02be89ce09c
SHA256 4d203716a4831bda26ba7b7f9aa8ab24d117e937e391969e09106d175d4c7869
SHA512 82473eeabd2fa0d1fc093ca93e9347639ccf7a285d8845633c58bfc2a5ea3daa6e38524a564513f7a908bdd13d8ec8d47309abd8f0fe277120a96bc62583b5b5

C:\ProgramData\Smart\setup.exe

MD5 118a9a9f6280e177fdac16989b8aa1a5
SHA1 fc37316439372be17a982d02cd0d294f7aaca751
SHA256 b995e6a0299f2465fd5881157aab1c6c9753c8e459efd661b9cd1e83be7e53f6
SHA512 14c731e7f7e9736f39d6c79a98bf1a3264da9dc76bab4faca82ec64f276f3d39c9bc4638991e30a06f52bf6204619f5da8c3168d11afe058e0c1d21a89d42878

C:\ProgramData\setup\setup.exe

MD5 4a94844260d6a08828d781d488cef61d
SHA1 de8169fdb5ab8a120df577d92eb25a2767431738
SHA256 46d7a8abe3bb9d7302529246cd8ee6e7d0360d1045fe92662cc7580e72ef5132
SHA512 82549c1e525a90003fb0174ebba2bc3b4f58706ef9fd5e6ee07d489ab536ef286e408db6c15a52b039d3f59c09bd55e35d045def79007da5d414d5d589d34f4f

memory/916-118-0x000000013F3D0000-0x000000013F989000-memory.dmp

memory/916-117-0x0000000077010000-0x0000000077012000-memory.dmp

memory/1464-126-0x00000000002E0000-0x00000000002E1000-memory.dmp

memory/1464-131-0x0000000000400000-0x0000000000BA0000-memory.dmp

memory/1464-130-0x00000000002E0000-0x00000000002E1000-memory.dmp

memory/1464-128-0x00000000002E0000-0x00000000002E1000-memory.dmp

\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdate.exe

MD5 cdf152e23a8cbf68dbe3f419701244fc
SHA1 cb850d3675da418131d90ab01320e4e8842228d7
SHA256 84eaf43f33d95da9ab310fc36dc3cfe53823d2220946f021f18cf3f729b8d64e
SHA512 863e1da5bc779fa02cf08587c4de5f04c56e02902c5c4f92a06f2e631380ecabcc98e35d52609f764727e41b965c0786d24ea23fc4b9776d24d9f13e0d8ae0c2

C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdate.dll

MD5 dae72b4b8bcf62780d63b9cbb5b36b35
SHA1 1d9b764661cfe4ee0f0388ff75fd0f6866a9cd89
SHA256 b0ca6700e7a4ea667d91bcf3338699f28649c2e0a3c0d8b4f2d146ab7c843ab6
SHA512 402c00cab6dac8981e200b6b8b4263038d76afe47c473d5f2abf0406222b32fff727b495c6b754d207af2778288203ce0774a6200b3e580e90299d08ce0c098f

C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_zh-CN.dll

MD5 ca52cc49599bb6bda28c38aea1f9ec4e
SHA1 494f166b530444f39bca27e2b9e10f27e34fc98a
SHA256 f9f144aa2dc0de21b24c93f498a9b4a946b7da42819a776b3283a0bcae18544b
SHA512 05e2d5711eef8f57737b2512de2e73744f17e0a34de0bfd2a06c9cc60a08ebadbafe38e30b66a2ede7fa61d5b9571adddcfbd7e1cafcee1ab2168a563d2d3f0d

C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdateCore.exe

MD5 af51ea4d9828e21f72e935b0deae50f2
SHA1 c7fe57c2a16c9f5a5ebdd3cc0910427cba5308bd
SHA256 3575011873d0f6d49c783095dae06e6619f8f5463da578fbe284ca5d1d449619
SHA512 ec9828d0bade39754748fb53cfc7efdc5e57955198bac3c248ea9b5a9a607182bb1477819f220549a8e9eadbe6bf69a12da6c8af3761980d2dd9078eaeaa932f

C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleCrashHandler64.exe

MD5 b659663611a4c2216dff5ab1b60dd089
SHA1 9a14392a5bdb9ea6b8c3e60224b7ff37091d48b5
SHA256 cad4aa1cf58f6b2e2aceb789d53b18418e67066ec406b2fac786cb845ef89d2b
SHA512 1065f9072cd6f1f4364f1354108f2647ee1d89f87e908a22fcd63bd3149c864c457e62268067a439d0486d8d4aa150aa984ad8ac8b51cae49014b67b80496040

\ProgramData\NVIDIARV\svchost.exe

MD5 4ce1a842d3d770f6fa4b4167542408b2
SHA1 43b0c03b176318ce2551d3dfc2c18e18f53c2240
SHA256 ba51980ef9681d849c9331e891cc411c1687d3c011f0acc01da9f4ef640764b6
SHA512 a28f0659af75da93f479359212dc4ffb9440f171cf89b19de929b7a8015b5e087ea53ab979dd6815597865538c79b1e3354e987940da88da4dfcf16bdf1f4337

C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleCrashHandler.exe

MD5 a11ce10ac47f5f83b9bc980567331a1b
SHA1 63ee42e347b0328f8d71a3aa4dde4c6dc46da726
SHA256 101dbf984c4b3876defe2699d6160acbf1bb3f213e02a32f08fdcdc06821c542
SHA512 ff2f86c4061188ead1bfeebd36de7dbc312adcc95267537697f2bfcbb0c53e7c4ab0cd268cef22f0182391796c4612c97cbdc1266d9ee1960cdd2610d8c2bcb3

C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_cs.dll

MD5 b9033db8d0e5bf254979b0f47d10e93d
SHA1 2859de0d851b5f4fd3056e8f9015cece2436c307
SHA256 12c41c2f472b6a05fd6392e9d4f8aeb9a40840c2cbefd68b39d20f9d1d4d77ed
SHA512 52075df4ae5c86ebb0bac20604ea072a163761ae058c1473211bf4bb0eeed043cfc5a92386f876b53484cdf4e3f8a7b75d8f4bf9894c24f8c22ec23a50b70b7c

C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_ca.dll

MD5 39e25ba8d69f493e6f18c4ef0cf96de8
SHA1 5584a94a85d83514a46030c4165e8f7a942e63e2
SHA256 1f66ebdcaae482a201a6e0fab9c1f4501c23a0d4ad819ccd555fdca9cc7edb94
SHA512 773c995b449d64e36eb8cab174db29e29e29985bcfd714799d6b05b01bb7d4a0fc2aefaf2e27ff02b0e105fbe0d34d7efe29b193a1bc3365ec47e1f1003bed26

C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_bn.dll

MD5 dafa45a82ce30cf2fd621e0a0b8c031f
SHA1 e39ed5213f9bb02d9da2c889425fab8ca6978db7
SHA256 d58e5f0fa894123de1d9b687a5b84826e095eca128ee5df8870f2db74f4233a2
SHA512 2b772ebc128eb59d636eec36583329962ead8e0a399fd56394b1244486bf815f4e033ceef74a62a9930ab2bf6ec1ba5e2d3c942183f7cb2355a716a3e2c6c7a1

C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_bg.dll

MD5 c523ec13643d74b187b26b410d39569b
SHA1 46aff0297036c60f22ad30d4e58f429890d9e09d
SHA256 80505863866bcd93a7e617dd8160531401d6d05f48d595348cd321cf7d97aeac
SHA512 ecf98e29a3481b05ab23c3ff89fa3caf054b874ed15462a5e33022aacf561d8fea4a0de35cc5f7450f62110ca4ace613e0c67f543ad22eb417e79eb3ebf24ed7

C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_ar.dll

MD5 163695df53cea0728f9f58a46a08e102
SHA1 71b39eec83260e2ccc299fac165414acb46958bd
SHA256 f89dddda3e887385b42ea88118ba8fb1cc68fde0c07d44b851164564eb7c1ec8
SHA512 6dfb70a175097f3c96ae815a563c185136cb5a35f361288cc81570facfa1f1d28f49eaa61172d1da4982ebb76bd3e32c4de77cf97dedfb79f18113d7594d0989

C:\Program Files (x86)\Google\Temp\GUM56E.tmp\goopdateres_am.dll

MD5 849bc7e364e30f8ee4c157f50d5b695e
SHA1 b52b8efa1f3a2c84f436f328decd2912efeb1b18
SHA256 f1384a25a6f40e861455c62190d794415f3e9bfca6317c214847e9535dfc3fb9
SHA512 6fd7f542a7073b3bbf1b0c200bb306b30f1b35a64a1fb013f25c7df76f63ef377d9bd736e8da2e9372f1c994785eaeedb6b60e3a0d4a4e8734c266ad61782d3b

C:\Program Files (x86)\Google\Temp\GUM56E.tmp\GoogleUpdateComRegisterShell64.exe

MD5 be535d8b68dd064442f73211466e5987
SHA1 aa49313d9513fd9c2d2b25da09ea24d09cc03435
SHA256 c109bcb63391ac3ea93fb97fbdf3f6ed71316cacb592ef46efaea0024bc9ed59
SHA512 eb50eebeaf83be10aea8088e35a807f9001d07d17d2bc1655c3bc0cb254d0f54303348988514ba5590ebd9d3bde3f1149c3f700f62fbce63c0199ea3cfb1f638

memory/2508-368-0x0000000000400000-0x000000000090B000-memory.dmp

memory/1384-370-0x0000000000400000-0x000000000090B000-memory.dmp

memory/2456-372-0x0000000000400000-0x000000000090B000-memory.dmp

memory/1384-373-0x0000000010000000-0x000000001002D000-memory.dmp

C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\setup.exe

MD5 b42b8ac29ee0a9c3401ac4e7e186282d
SHA1 69dfb1dd33cf845a1358d862eebc4affe7b51223
SHA256 19545e8376807bce8a430c37cab9731e85052103f769dd60a5da3d93ca68c6ec
SHA512 b5269e7392e77a0fa850049ff61e271c5aab90d546945b17a65cc2ea6420432ae56321e1e39cfd97ccdb3dfc37ddbd6ff77907f5685cc2323b8635c8cdb4a84f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Temp\scoped_dir2872_1716166108\8d55111c-8c33-4c03-8134-c95e00c88788.tmp

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Temp\scoped_dir2872_1716166108\CRX_INSTALL\_locales\en\messages.json

MD5 dbedf86fa9afb3a23dbb126674f166d2
SHA1 5628affbcf6f897b9d7fd9c17deb9aa75036f1cc
SHA256 c0945dd5fdecab40c45361bec068d1996e6ae01196dce524266d740808f753fe
SHA512 931d7ba6da84d4bb073815540f35126f2f035a71bfe460f3ccaed25ad7c1b1792ab36cd7207b99fddf5eaf8872250b54a8958cf5827608f0640e8aafe11e0071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en\messages.json

MD5 91f5bc87fd478a007ec68c4e8adf11ac
SHA1 d07dd49e4ef3b36dad7d038b7e999ae850c5bef6
SHA256 92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9
SHA512 fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\000002.dbtmp

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1dba37f198d28073268288e2ab709d60
SHA1 281236243d7fa7cbdf35f83eddf42f14b8b1178a
SHA256 b3d9926be7f89c253108bf1a29b1d15b23783eba23a25c341356632ce6d22e4d
SHA512 9bbcd7eae51deab2de225b2eac911516f8de0ba38e456b65e49867b6355b88544c4f4b40ee02c2ab28823d5c8199bfea345718aed47c24cbbf9c6f42617c053b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\90b22c2c-8bf9-4c9e-8121-55e66a863c6d.tmp

MD5 b563dc53d8f9c1a8e1114c962bfaa74c
SHA1 933d57307f5184a3988e55b861806ad6024cafa5
SHA256 84a501894bd1baf321e62fff254198cb3ecf476fb794b750694bab691312e42a
SHA512 8177fe857a1eb9d681064b317bc0b08c744661e45d6e9b7859f7768451ceb8d71482a381d7ba248b3265da998364f1a7e82cd3c35aab758099b6aace976a8591

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4df568b7cd61b3c763013ef4f18da52e
SHA1 d196fd3a2b3d82c333c483edcd31bda6384fa166
SHA256 ad80e2e221bdd9f3865cfbef10a05b622811d05054401271b5a7f16c3f434cc8
SHA512 20e0ab913cc6a494b80689492794fd1ab0aeb27a7c4ed93327e38f67b8805cce1dac11890c0da94474c5fd91f62c93ce2d1767d8298bc4b15d99bb20d3a13972

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 99c43637b3354aa84f4ba4bdf4269dda
SHA1 58acf0e8bf70fdbf556c38b7570d4b2c05479130
SHA256 b7d0a8eded5f4c93d4498f290107e01256a395f56e632837c200a7929f12ac9e
SHA512 5cb75a9070cfa2ce67aa54c698f37da907659e0b1299efb4bb82f6368559dde518df20199cb541a79d597027216c3dfd7da5778dc20c856ea38d3f237c0120e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 244fd7bfd6d4f91a8dbb8fae786ec8fb
SHA1 aa13bd18d2ff27e5c3e1bdfc34d9d1d4fc8eb0fe
SHA256 8c37efca290d72e8b82b114548e95bbbfb73bf3f061ae37ba2c4d13285a64236
SHA512 cc69419fba998fa60b3c859dc93d80fdc974ac4b9346d5bb96536ecdd365079ddda12648cb9501742b00ac1bcce0829f7ebb670ffe1e82a1c2d9e0fa051f0957

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-21 22:43

Reported

2025-02-21 22:46

Platform

win10ltsc2021-20250217-en

Max time kernel

149s

Max time network

154s

Command Line

C:\Windows\system32\svchost.exe -k DcomLaunch -p

Signatures

Blackmoon family

blackmoon

Blackmoon, KrBanker

trojan banker blackmoon

Detect Blackmoon payload

Description Indicator Process Target
N/A N/A N/A N/A

FatalRat

stealer trojan fatalrat

Fatalrat family

fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\133.0.6943.127\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TjNkNpAilaYvt.exe.log C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\bg.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\bn.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\gu.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\lt.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateCore.exe C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_uk.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\ms.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\ru.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\tr.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\ur.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\dxcompiler.dll C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ta.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\fi.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\hr.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\optimization_guide_internal.dll C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\vk_swiftshader.dll C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_sw.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\es.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\mr.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\uk.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_de.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_el.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_pl.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\133.0.6943.127_chrome_installer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\guiDE3.tmp C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\icudtl.dat C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\am.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_en.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_sk.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\ca.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\cs.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\de.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\es-419.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\VisualElements\Logo.png C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\VisualElements\LogoDev.png C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_en-GB.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_fr.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_id.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\zh-CN.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\MEIPreload\preloaded_data.pb C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\chrome.dll.sig C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\133.0.6943.127\133.0.6943.127_chrome_installer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\chrome_100_percent.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\ar.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\Locales\en-US.pak C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\133.0.6943.127_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\elevated_tracing_service.exe C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_lt.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_zh-TW.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\default_apps\external_extensions.json C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\PrivacySandboxAttestationsPreloaded\manifest.json C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\chrome.VisualElementsManifest.xml C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdate.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_et.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ms.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4608_1163545197\Chrome-bin\133.0.6943.127\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_da.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_is.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ur.dll C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\SystemTemp\GUM632B.tmp\psuser_64.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\GoogleCrashHandler64.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_fil.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_zh-CN.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI348D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_te.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_bg.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_cs.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_fi.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_sw.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_uk.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_vi.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_zh-TW.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\e58316b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI3351.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\GoogleCrashHandler.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_ur.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdateBroker.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_hu.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_is.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_kn.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_sk.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\settings.dat C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File opened for modification C:\Windows\Installer\MSI31C9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI347D.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_am.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_fr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_gu.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_id.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_iw.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_ja.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\Installer\MSI33EF.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\psuser.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_ca.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_lt.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_ml.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_tr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdateSetup.exe C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\chrome_installer.log C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_ar.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_da.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_et.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_pl.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_ro.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_sr.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File opened for modification C:\Windows\Installer\MSI357A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdate.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\psmachine_64.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdateCore.exe C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
File created C:\Windows\Installer\e58316b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_bn.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_es-419.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_ms.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_no.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_pt-BR.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_sv.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\Installer\MSI349E.tmp C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\setup\aa.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\setup\setup.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\133.0.6943.127_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Smart\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\setup\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\setup\aa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000003fd43b55c343aeda0000000000000000000000000000000000000000000000000000000000000000000000000000000000001071020000000000c01200000000ffffffff0000000027010100008838013fd43b550000000000001071020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d083020000000000c050e1000000ffffffff000000000700010000e841013fd43b55000000000000d08302000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090d4e30000000000000005000000ffffffff00000000070001000048ea713fd43b5500000000000090d4e300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000003fd43b5500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\InstallTime = "2025-02-21 22:44" C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133846515349491529" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\ C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SYSTEM C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\ C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\Group = "Fatal" C:\ProgramData\NVIDIARV\svchost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0\ = "Update3COMClass" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\AppID = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods\ = "5" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\ = "ICoCreateAsync" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass\ = "Google Update Core Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ = "IProcessLauncher" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ = "IApp2" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}\InProcServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ = "IGoogleUpdate" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1\ = "Google Update Core Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ = "Google Update Process Launcher Class" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016}\VersionIndependentProgID\ = "GoogleUpdate.PolicyStatusSvc" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VersionIndependentProgID\ = "GoogleUpdate.CredentialDialogMachine" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods\ = "8" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine.1.0\CLSID\ = "{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachineFallback.1.0\CLSID\ = "{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\APPID\{9465B4B4-5216-4042-9A2C-754D3BCDC410} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation\IconReference = "@C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\goopdate.dll,-1004" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation\IconReference = "@C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\goopdate.dll,-1004" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{909489C2-85A6-4322-AA56-D25278649D67} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass\CLSID\ = "{9B2340A0-4068-43D6-B404-32E27217859D}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib\Version = "1.0" C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\ChromeHTML C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LOCALSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ = "IPolicyStatus2" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID\ = "GoogleUpdate.OnDemandCOMClassSvc" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ = "IProgressWndEvents" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Packas\scrok.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\ProgramData\Smart\setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4768 wrote to memory of 2452 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4768 wrote to memory of 2452 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4768 wrote to memory of 5308 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4768 wrote to memory of 5308 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4768 wrote to memory of 5308 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 5308 wrote to memory of 4304 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 5308 wrote to memory of 4304 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 5308 wrote to memory of 4304 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 4304 wrote to memory of 2196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4304 wrote to memory of 2196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4304 wrote to memory of 2196 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4304 wrote to memory of 5044 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 4304 wrote to memory of 5044 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 4304 wrote to memory of 5044 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 4304 wrote to memory of 3476 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 4304 wrote to memory of 3476 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 3476 wrote to memory of 812 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 3476 wrote to memory of 812 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 3476 wrote to memory of 812 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 4304 wrote to memory of 4596 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4304 wrote to memory of 4596 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4304 wrote to memory of 1424 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4304 wrote to memory of 1424 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4304 wrote to memory of 2364 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4304 wrote to memory of 2364 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4304 wrote to memory of 2364 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4304 wrote to memory of 4260 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4304 wrote to memory of 4260 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4304 wrote to memory of 4152 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 4304 wrote to memory of 4152 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 5520 wrote to memory of 5568 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 5520 wrote to memory of 5568 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 5520 wrote to memory of 5568 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 4152 wrote to memory of 812 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 4152 wrote to memory of 812 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 4152 wrote to memory of 812 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 4304 wrote to memory of 5528 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 4304 wrote to memory of 5528 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 4304 wrote to memory of 5528 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 5528 wrote to memory of 1040 N/A C:\ProgramData\setup\setup.exe C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe
PID 5528 wrote to memory of 1040 N/A C:\ProgramData\setup\setup.exe C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe
PID 5528 wrote to memory of 1040 N/A C:\ProgramData\setup\setup.exe C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe
PID 5568 wrote to memory of 2328 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 5568 wrote to memory of 2328 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 5568 wrote to memory of 2328 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 5568 wrote to memory of 6124 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 5568 wrote to memory of 6124 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 5568 wrote to memory of 6124 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 5568 wrote to memory of 3384 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 5568 wrote to memory of 3384 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 5568 wrote to memory of 3384 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 1040 wrote to memory of 3984 N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1040 wrote to memory of 3984 N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1040 wrote to memory of 3984 N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1040 wrote to memory of 4208 N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1040 wrote to memory of 4208 N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 1040 wrote to memory of 4208 N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4208 wrote to memory of 4176 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 4208 wrote to memory of 4176 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 4208 wrote to memory of 1748 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 4208 wrote to memory of 1748 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 4208 wrote to memory of 1680 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 4208 wrote to memory of 1680 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 1040 wrote to memory of 2672 N/A C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Chrome.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding BA519B25DEF5262FF0A6FC21B983B06B

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /c timeout /nobreak /t 7 & C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData & C:\ProgramData\Packas\scrok.exe & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & timeout /nobreak /t 2 & C:\ProgramData\Smart\TjNkNpAilaYvt.exe start & C:\ProgramData\Packas\scrok.exe & del C:\ProgramData\Packas\scrok.exe & C:\ProgramData\setup\setup.exe

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 7

C:\ProgramData\setup\aa.exe

C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 2

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe start

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

"C:\ProgramData\Smart\TjNkNpAilaYvt.exe"

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\setup.exe

"C:\ProgramData\Smart\setup.exe"

C:\ProgramData\setup\setup.exe

C:\ProgramData\setup\setup.exe

C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe

C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODVEMTA3QjAtNUEzRC00QjlELUJEOTctMEYxOUI2MTI0ODEzfSIgdXNlcmlkPSJ7NjBCMTM5MUYtQ0E3QS00NkY2LThBOTYtODEyRTM3NEIxOTc4fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0VCOEJGQTQxLTA3NzQtNDlFMC1BMTMwLTdFQkYxRDRBQThCNX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjM3MSIgbmV4dHZlcnNpb249IjEuMy4zNi4zMTIiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7OUYwQzFGNDQtMUM1MC0zOTZBLTQ4M0EtMDhEQTQ4OTZGRjBCfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxMDE1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{85D107B0-5A3D-4B9D-BD97-0F19B6124813}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\133.0.6943.127_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\133.0.6943.127_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\guiDE3.tmp"

C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\guiDE3.tmp"

C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x294,0x298,0x29c,0x254,0x2a0,0x7ff64d71bed8,0x7ff64d71bee4,0x7ff64d71bef0

C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{FF326FF5-CF4E-44DA-B8B3-D14B0ED8ADDB}\CR_26634.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff64d71bed8,0x7ff64d71bee4,0x7ff64d71bef0

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODVEMTA3QjAtNUEzRC00QjlELUJEOTctMEYxOUI2MTI0ODEzfSIgdXNlcmlkPSJ7NjBCMTM5MUYtQ0E3QS00NkY2LThBOTYtODEyRTM3NEIxOTc4fSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0IyRkEzOThBLUNCN0MtNDIyMi04Rjk0LUZCNDNENDBGRkUwMH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMzLjAuNjk0My4xMjciIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNCIgaWlkPSJ7OUYwQzFGNDQtMUM1MC0zOTZBLTQ4M0EtMDhEQTQ4OTZGRjBCfSIgY29ob3J0PSIxOmd1L2kxOToiIGNvaG9ydG5hbWU9IlN0YWJsZSBJbnN0YWxscyAmYW1wOyBWZXJzaW9uIFBpbnMiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vZWRnZWRsLm1lLmd2dDEuY29tL2VkZ2VkbC9yZWxlYXNlMi9jaHJvbWUvYXUybjMyaDNobmNuYzVrY241Mnd4YXh6eGFfMTMzLjAuNjk0My4xMjcvMTMzLjAuNjk0My4xMjdfY2hyb21lX2luc3RhbGxlci5leGUiIGRvd25sb2FkZWQ9IjExODkyOTI2NCIgdG90YWw9IjExODkyOTI2NCIgZG93bmxvYWRfdGltZV9tcz0iMzQwNjIiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjUzMSIgZG93bmxvYWRfdGltZV9tcz0iMzUxMjUiIGRvd25sb2FkZWQ9IjExODkyOTI2NCIgdG90YWw9IjExODkyOTI2NCIgaW5zdGFsbF90aW1lX21zPSIyOTI1MCIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x1f8,0x220,0x224,0x21c,0x228,0x7ffc6300fff8,0x7ffc63010004,0x7ffc63010010

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1944,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1696 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1588,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2392,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2572 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3020,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3040 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3000,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3012 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3720,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3732 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3780,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3868 /prefetch:2

C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4448,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4492 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4836,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5012,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5008 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5156,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5548 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5604,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5620,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5956,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5968 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6196,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6096 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5540,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5552 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6076,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4788 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5572,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6172 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6360,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5568 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6336,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6052 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5780,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4888 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6168,i,14237436478547720902,18268883264160138900,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6416 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 a17.yydsnb1.top udp
US 8.8.8.8:53 a17.nbdsnb2.top udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 216.58.201.99:80 o.pki.goog tcp
US 8.8.8.8:53 a17.nbdsnb2.top udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 a17.nbdsnb2.top udp
US 8.8.8.8:53 a17.nbdsnb2.top udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 a17.nbdsnb2.top udp
GB 216.58.201.99:443 o.pki.goog tcp
US 8.8.8.8:53 clients2.google.com udp
GB 172.217.169.78:443 clients2.google.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.206:80 redirector.gvt1.com tcp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.4:443 www.google.com udp
US 8.8.8.8:53 r5---sn-aigl6nzk.gvt1.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 74.125.175.106:80 r5---sn-aigl6nzk.gvt1.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 172.217.169.74:443 ogads-pa.googleapis.com udp
GB 172.217.169.74:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.14:443 play.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 play.google.com tcp
GB 142.250.178.14:443 play.google.com udp
US 8.8.8.8:53 a17.nbdsnb2.top udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 a17.nbdsnb2.top udp

Files

C:\Windows\Installer\MSI31C9.tmp

MD5 c7fbd5ee98e32a77edf1156db3fca622
SHA1 3e534fc55882e9fb940c9ae81e6f8a92a07125a0
SHA256 e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6
SHA512 8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

C:\Windows\Installer\MSI347D.tmp

MD5 ae463676775a1dd0b7a28ddb265b4065
SHA1 dff64c17885c7628b22631a2cdc9da83e417d348
SHA256 83fbfcaff3da3eb89f9aec29e6574cf15502fd670cbb2ab0c8a84451b2598b22
SHA512 e47c2db249e7a08c5d2864671fbc235e48aebecbe0b2c2334d1a4cba1b5b3037522ff89408589f3559b3a1eaf507bd338645387d55800029bb3b941d4c7744d6

C:\Config.Msi\e58316e.rbs

MD5 8964eda45537c489f9a837f200a1649f
SHA1 8864527c298c26ec8a34c500fce21248d6a5a8b5
SHA256 cf27604431a4237a26d6c466730130843900a055ce5931ce9ebcdf12b1db7faa
SHA512 0860ecad332b7c685388ad1df675704edf3eda666606b40a4efdfc0bdf2e229e01d05082f1065c0d2b8941dcf2903152f30e88063af16ee5eb1051ccaa36dbe0

C:\ProgramData\setup\aa.exe

MD5 09c448be7e7d84e6e544cc03afbb05d8
SHA1 ddc13e71a72bc49c60f89b98cbb79c2449cfa07e
SHA256 a0f127a70943b0262060498c1723c795a8e2980f1acf0c42ee8c1dae72ae54b5
SHA512 e5f7a988a999e7e34d0aa2d2a5b2fbb22689588d3def4bed4518ceed38710e3714c5614bab192b0ce6bcac5172a87ebf3b3b923e495eb7344c70bd11f4bf1c12

C:\ProgramData\setup\ddd

MD5 9bd359e3956d119811c3a6abef58e644
SHA1 9f221781f406ebcb15fc2c02d5d259116155c734
SHA256 ead38673817c84de77a4d2fe6118e6a96f863e3db38f73518007caa2af676146
SHA512 7f817794728e532da07424c621eeef161501644d137068895391505d7110f1f8ee9dc76944946e3960f84e462c66fd82ee61b619ca91a07166aed5d3434f618b

memory/5044-64-0x0000000000400000-0x0000000000510000-memory.dmp

C:\ProgramData\Packas\scrok.exe

MD5 a03b2eaa4d517fd935bb0032d444f22d
SHA1 014864aac638b7c04b4d50e6c39d7266eafda773
SHA256 6fd145b1de7d0a143fd25274544d5e3c4ecee06cf3e31631d51cae8ca3e25f01
SHA512 68a253fcdb3cd1a086fe93fa7c8a7500d6b5414bdfc0dad555973697d4fb552e09088b849573f705ca91b1652ddd4572842b82d40f5821761b3ac299e465be51

memory/3476-68-0x00007FFC823B0000-0x00007FFC823B2000-memory.dmp

memory/3476-69-0x00007FF6F1B30000-0x00007FF6F20E9000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

MD5 d305d506c0095df8af223ac7d91ca327
SHA1 679cb4c763c84e75ccb0fa3475bd6b7a36e81c4a
SHA256 923111c7142b3dc783a3c722b19b8a21bcb78222d7a136ac33f0ca8a29f4cb66
SHA512 94d369a4db88bff9556a1d7a7fb0188ed935c3592bae09335542c5502ec878e839177be63ac3ab4af75d4dc38a3a4f5d0fd423115ac72cf5dd710c59604db796

memory/4596-75-0x00000000005F0000-0x00000000006C6000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.xml

MD5 2c706293a3cfff8cc184a8e9a3b3da08
SHA1 873d7c9f51aa6cebd4ad3ae5930d1de84bb4437d
SHA256 ed28baf8be3a588d50ed246c2cd741bbd498aee74ea0675d57e0b33236e22067
SHA512 4aba3e25507ba5c29219ff51553f3616d07aeeb30f7465f9e921eea94cdcb411d1f48d1eefed647c22405df275e7f9d7506aac52202aae137391c6831463b043

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TjNkNpAilaYvt.exe.log

MD5 065ba7ab4a148dd96ec21e112d3f71db
SHA1 18e9ca2d097e6f1e3b0b944e8d32b321bcde667d
SHA256 6a36e0ff68fc9afc92361191bedcde371ed1a05a9e8e19290583a890493f7b62
SHA512 049d43d80cb6806aef2f3828c6505660d53d05e5fb338f00f830a231da836b3ea493994b78d4ed4d7b7939cf4cc27ca927c765c2372e9b385caf64f4a906c720

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 42082fbeb56beaab1e78c49958ecccdc
SHA1 afe3be87081e9187b5c37e984dc81e50358c8b51
SHA256 90c15b61a6cb510f46746c48b108beb8031feb8888c13452ea1281fffbda942b
SHA512 9a94bb61a711a3723a8487f3ac7c3afc74c2e1bcb58cd6b3a03f68ec80835c889fb311b050177e89c6064ca2a0d8ab05b2d911764610a511021f0d072741f189

\??\Volume{553bd43f-0000-0000-0000-d08302000000}\System Volume Information\SPP\OnlineMetadataCache\{fa81e3e7-2f0a-405e-9ca2-40f6b58521ab}_OnDiskSnapshotProp

MD5 8ff6eaca9711acea4e3854ce201d0e94
SHA1 785a1b17f9cc1f941a85e1a1988c32ad015bb7be
SHA256 bca0d6b30813f6d63c2701b8d4f0da52e7c607cc7deae976e4e9bff7d9ac4fa7
SHA512 ce93243bd5e6506015b5b467b8fbd4988bc6db604c7b8323da0de4ad79b2f37f3f8ca2799b69f7bc81c4eb7637b8e933da0ac73d2e3d5d39569cc9b07a4dda62

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 5cc7864a3aa7b01dcfe98969632636fe
SHA1 35c8cc22fd38ebc0e30b4d4f3ef3102af175ca30
SHA256 49a0259cd41eee3b67c08438275d0e7a56716f7d792dde9d27cce0d773accbf2
SHA512 3384bfe7a48a7e8b6d04a7129fdca133afeaab31687b9429415dbf4a438918b041d56c262bee2eea6c25e363439c89cdc3e15f1a17cc4dde74990c294d1f3c01

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 2241347a9020bc93af4e8d96d3bbc834
SHA1 545cbfe63420620d58e9a08173f8c68c7a1521bf
SHA256 557d68c6bd85a24f1718f50fafc99d4978c5c4679dd26280288223ea6a5e72fc
SHA512 2309ea1b5d00d9ea90b2e721a42260709e2b67cad24ca5fab3a69a54363ca87b2bbd80f31925cbf95b21b941dbc5d3edee2456baf5d26a771abda8270b1fe9a7

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 1736ab4c3ffe08db1ef536ec66a37294
SHA1 0cfbfc6b811e8dc6831b80da6294f3e3be2b9c44
SHA256 39f2428082c70584ed9764050d0a70355f6c5c07f8cec265fdd8bb6272d57e23
SHA512 33db11aded3f66b56dffa25876e20183470fa09f63e21e652bc92c39d047dd53d2efd07b5bf0923dd7728f7ecc41ea1c387294e3b7d08f7b8c49b4c8e5b6a9e4

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 2e7e3c2ce33bc262d63a21c442ed153b
SHA1 1358a12a65ab2983ce49197e2985371a24e4f4ce
SHA256 0ed90361f83ca4da1dfe086c114c0b5716f9bc409f4de79c2295ea9304ce5998
SHA512 4188e6b57324f6dcf1d3eed0f55ac4f3189c0a2b4ff8d91c36dc6ad2a2f7ee09e8a8c08838ec8f290c1d5f2d315d9f95328e5413d8dbf0acde372330e9526060

C:\ProgramData\Smart\setup.exe

MD5 118a9a9f6280e177fdac16989b8aa1a5
SHA1 fc37316439372be17a982d02cd0d294f7aaca751
SHA256 b995e6a0299f2465fd5881157aab1c6c9753c8e459efd661b9cd1e83be7e53f6
SHA512 14c731e7f7e9736f39d6c79a98bf1a3264da9dc76bab4faca82ec64f276f3d39c9bc4638991e30a06f52bf6204619f5da8c3168d11afe058e0c1d21a89d42878

memory/5568-117-0x0000000000400000-0x0000000000BA0000-memory.dmp

memory/5568-115-0x00000000001F0000-0x00000000001F1000-memory.dmp

memory/4152-114-0x00007FF6F1B30000-0x00007FF6F20E9000-memory.dmp

C:\ProgramData\setup\setup.exe

MD5 4a94844260d6a08828d781d488cef61d
SHA1 de8169fdb5ab8a120df577d92eb25a2767431738
SHA256 46d7a8abe3bb9d7302529246cd8ee6e7d0360d1045fe92662cc7580e72ef5132
SHA512 82549c1e525a90003fb0174ebba2bc3b4f58706ef9fd5e6ee07d489ab536ef286e408db6c15a52b039d3f59c09bd55e35d045def79007da5d414d5d589d34f4f

C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdate.exe

MD5 cdf152e23a8cbf68dbe3f419701244fc
SHA1 cb850d3675da418131d90ab01320e4e8842228d7
SHA256 84eaf43f33d95da9ab310fc36dc3cfe53823d2220946f021f18cf3f729b8d64e
SHA512 863e1da5bc779fa02cf08587c4de5f04c56e02902c5c4f92a06f2e631380ecabcc98e35d52609f764727e41b965c0786d24ea23fc4b9776d24d9f13e0d8ae0c2

C:\Windows\SystemTemp\GUM632B.tmp\goopdate.dll

MD5 dae72b4b8bcf62780d63b9cbb5b36b35
SHA1 1d9b764661cfe4ee0f0388ff75fd0f6866a9cd89
SHA256 b0ca6700e7a4ea667d91bcf3338699f28649c2e0a3c0d8b4f2d146ab7c843ab6
SHA512 402c00cab6dac8981e200b6b8b4263038d76afe47c473d5f2abf0406222b32fff727b495c6b754d207af2778288203ce0774a6200b3e580e90299d08ce0c098f

C:\ProgramData\NVIDIARV\svchost.exe

MD5 4ce1a842d3d770f6fa4b4167542408b2
SHA1 43b0c03b176318ce2551d3dfc2c18e18f53c2240
SHA256 ba51980ef9681d849c9331e891cc411c1687d3c011f0acc01da9f4ef640764b6
SHA512 a28f0659af75da93f479359212dc4ffb9440f171cf89b19de929b7a8015b5e087ea53ab979dd6815597865538c79b1e3354e987940da88da4dfcf16bdf1f4337

memory/6124-210-0x0000000010000000-0x000000001002D000-memory.dmp

memory/2328-215-0x0000000010000000-0x000000001002D000-memory.dmp

memory/3384-225-0x0000000002A00000-0x0000000002C00000-memory.dmp

memory/3384-224-0x0000000002A00000-0x0000000002C00000-memory.dmp

C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_bn.dll

MD5 dafa45a82ce30cf2fd621e0a0b8c031f
SHA1 e39ed5213f9bb02d9da2c889425fab8ca6978db7
SHA256 d58e5f0fa894123de1d9b687a5b84826e095eca128ee5df8870f2db74f4233a2
SHA512 2b772ebc128eb59d636eec36583329962ead8e0a399fd56394b1244486bf815f4e033ceef74a62a9930ab2bf6ec1ba5e2d3c942183f7cb2355a716a3e2c6c7a1

C:\Windows\SystemTemp\GUM632B.tmp\GoogleCrashHandler.exe

MD5 a11ce10ac47f5f83b9bc980567331a1b
SHA1 63ee42e347b0328f8d71a3aa4dde4c6dc46da726
SHA256 101dbf984c4b3876defe2699d6160acbf1bb3f213e02a32f08fdcdc06821c542
SHA512 ff2f86c4061188ead1bfeebd36de7dbc312adcc95267537697f2bfcbb0c53e7c4ab0cd268cef22f0182391796c4612c97cbdc1266d9ee1960cdd2610d8c2bcb3

C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_bg.dll

MD5 c523ec13643d74b187b26b410d39569b
SHA1 46aff0297036c60f22ad30d4e58f429890d9e09d
SHA256 80505863866bcd93a7e617dd8160531401d6d05f48d595348cd321cf7d97aeac
SHA512 ecf98e29a3481b05ab23c3ff89fa3caf054b874ed15462a5e33022aacf561d8fea4a0de35cc5f7450f62110ca4ace613e0c67f543ad22eb417e79eb3ebf24ed7

C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_ar.dll

MD5 163695df53cea0728f9f58a46a08e102
SHA1 71b39eec83260e2ccc299fac165414acb46958bd
SHA256 f89dddda3e887385b42ea88118ba8fb1cc68fde0c07d44b851164564eb7c1ec8
SHA512 6dfb70a175097f3c96ae815a563c185136cb5a35f361288cc81570facfa1f1d28f49eaa61172d1da4982ebb76bd3e32c4de77cf97dedfb79f18113d7594d0989

C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_am.dll

MD5 849bc7e364e30f8ee4c157f50d5b695e
SHA1 b52b8efa1f3a2c84f436f328decd2912efeb1b18
SHA256 f1384a25a6f40e861455c62190d794415f3e9bfca6317c214847e9535dfc3fb9
SHA512 6fd7f542a7073b3bbf1b0c200bb306b30f1b35a64a1fb013f25c7df76f63ef377d9bd736e8da2e9372f1c994785eaeedb6b60e3a0d4a4e8734c266ad61782d3b

C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdateComRegisterShell64.exe

MD5 be535d8b68dd064442f73211466e5987
SHA1 aa49313d9513fd9c2d2b25da09ea24d09cc03435
SHA256 c109bcb63391ac3ea93fb97fbdf3f6ed71316cacb592ef46efaea0024bc9ed59
SHA512 eb50eebeaf83be10aea8088e35a807f9001d07d17d2bc1655c3bc0cb254d0f54303348988514ba5590ebd9d3bde3f1149c3f700f62fbce63c0199ea3cfb1f638

C:\Windows\SystemTemp\GUM632B.tmp\GoogleCrashHandler64.exe

MD5 b659663611a4c2216dff5ab1b60dd089
SHA1 9a14392a5bdb9ea6b8c3e60224b7ff37091d48b5
SHA256 cad4aa1cf58f6b2e2aceb789d53b18418e67066ec406b2fac786cb845ef89d2b
SHA512 1065f9072cd6f1f4364f1354108f2647ee1d89f87e908a22fcd63bd3149c864c457e62268067a439d0486d8d4aa150aa984ad8ac8b51cae49014b67b80496040

C:\Windows\SystemTemp\GUM632B.tmp\GoogleUpdateCore.exe

MD5 af51ea4d9828e21f72e935b0deae50f2
SHA1 c7fe57c2a16c9f5a5ebdd3cc0910427cba5308bd
SHA256 3575011873d0f6d49c783095dae06e6619f8f5463da578fbe284ca5d1d449619
SHA512 ec9828d0bade39754748fb53cfc7efdc5e57955198bac3c248ea9b5a9a607182bb1477819f220549a8e9eadbe6bf69a12da6c8af3761980d2dd9078eaeaa932f

C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_zh-CN.dll

MD5 ca52cc49599bb6bda28c38aea1f9ec4e
SHA1 494f166b530444f39bca27e2b9e10f27e34fc98a
SHA256 f9f144aa2dc0de21b24c93f498a9b4a946b7da42819a776b3283a0bcae18544b
SHA512 05e2d5711eef8f57737b2512de2e73744f17e0a34de0bfd2a06c9cc60a08ebadbafe38e30b66a2ede7fa61d5b9571adddcfbd7e1cafcee1ab2168a563d2d3f0d

memory/2328-207-0x0000000000400000-0x000000000090B000-memory.dmp

memory/6124-204-0x0000000000400000-0x000000000090B000-memory.dmp

C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_es.dll

MD5 dae64d49ee97339b7327b52c9f720848
SHA1 15f159c4808f9e4fe6a2f1a4a19faa5d84ac630b
SHA256 e76400e62ae0ab31565e50b05d1001b775a91aa487a54dc90e53c0e103c717c2
SHA512 9ae72e5a658aa0e1fb261d62ccef474cd42d9bec2b4a50f71925d131ffea22b8f60fb961772587ce71cb30a32da3b7986e7483ecea960a509e0450d3983c84b0

C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_en-GB.dll

MD5 f82ccf890c3ae14bfd7a263d07276e60
SHA1 6a915d6eb8c99d065e36a721d721d556b74bb377
SHA256 6b07a4fd3039541e30c68a8c31c371cda2cea480787f95e0ddbca3cc2fbff0cc
SHA512 4cbf9e6728e08de8d61f34b17bb20d92b6a699969edb9afa013fe962c8fd39238288adcd826134c9bca459904d8574a804c519daac6b301e0d38f68722c0359e

C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_en.dll

MD5 741211652c66a8a6790396e1875eefa9
SHA1 2ccd5653b5fc78bcc19f86b493cef11844ba7a0c
SHA256 e0945deacdb6b75ff2587dea975774b9b800747e2ee3f3917e5b40ddb87eda10
SHA512 b70f847d8ca8828c89bbb67b543950fbd514c733cf62b52ad7fc0dab7b2168fe56d1f21bef3210f5c7f563f72831455d870a5f9aa6c557f1e3543ef7329c42f9

C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_el.dll

MD5 ecdd26049573614b6f41d8a102ffcf21
SHA1 5140c6cff5d596267a64df1559ac36c4e8f49e42
SHA256 a3377520f2a95b8cc06bd30e493962c07f97eebf4661a69d03efb36b2ca515c5
SHA512 933c181d7575f20480c8deadac3f3e9190081456169122216c72e7b9a04aa75612140fc37697098c7c20b77001a67966fa1661cdc9110c40634c944f833a65b1

C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_de.dll

MD5 96d92500b9a763f4b862c511c17e0a47
SHA1 2fd441eb8685d15e14fa6405e82359adea3e7148
SHA256 58829d135ff41e574ed5fc5e0421e4aa204267b02ca3ffaf08d8efb0a70fdd4c
SHA512 a1014584f1f278160d579848fa188f627676aee819e9395517490b00e273db6f583d7ddd31af6e35c9d251021df7fb26c88512aaa1c865c2ee3ba60c0a2db49a

C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_da.dll

MD5 9f2e018a4f9a1d278983d0b677b91218
SHA1 c58ee1fc0d8ef9d99f85426b48c7f28f381a2c17
SHA256 d0dcdc68236eecd6b5f0b437eb92b8935741dabf1fa276a552399815af22edec
SHA512 20b74b6a9f81527d4a5fe30671d2559261fb682576f4ab04da7856280fbbaeb6af83894009c9d7cb83deeae988d0ac5ec7ec32b277b7eb45829faec2857d7014

C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_cs.dll

MD5 b9033db8d0e5bf254979b0f47d10e93d
SHA1 2859de0d851b5f4fd3056e8f9015cece2436c307
SHA256 12c41c2f472b6a05fd6392e9d4f8aeb9a40840c2cbefd68b39d20f9d1d4d77ed
SHA512 52075df4ae5c86ebb0bac20604ea072a163761ae058c1473211bf4bb0eeed043cfc5a92386f876b53484cdf4e3f8a7b75d8f4bf9894c24f8c22ec23a50b70b7c

C:\Windows\SystemTemp\GUM632B.tmp\goopdateres_ca.dll

MD5 39e25ba8d69f493e6f18c4ef0cf96de8
SHA1 5584a94a85d83514a46030c4165e8f7a942e63e2
SHA256 1f66ebdcaae482a201a6e0fab9c1f4501c23a0d4ad819ccd555fdca9cc7edb94
SHA512 773c995b449d64e36eb8cab174db29e29e29985bcfd714799d6b05b01bb7d4a0fc2aefaf2e27ff02b0e105fbe0d34d7efe29b193a1bc3365ec47e1f1003bed26

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 164c74963190ffd67fde601db7ac7cd9
SHA1 08a44ee8f17b199711ba0090b6c43e5b632a4d07
SHA256 bddd93ba5d2c9d6e1c96b590d58d554fc3ad34d0b7845afa1af3127a2beeb1e0
SHA512 a39330257e6291543a6ef61b284898c9f1e273747fa59738338610c514bf360a4cf2f247c42fb231234fcc0558a5bf5f301b67d89a3e4e5f0906c38d621a91ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 b77fc97eecd8f7383464171a4edef544
SHA1 bbae26d2a7914a3c95dca35f1f6f820d851f6368
SHA256 93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68
SHA512 68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3

C:\Users\Admin\AppData\Local\Temp\scoped_dir412_1123118706\CRX_INSTALL\_locales\en\messages.json

MD5 dbedf86fa9afb3a23dbb126674f166d2
SHA1 5628affbcf6f897b9d7fd9c17deb9aa75036f1cc
SHA256 c0945dd5fdecab40c45361bec068d1996e6ae01196dce524266d740808f753fe
SHA512 931d7ba6da84d4bb073815540f35126f2f035a71bfe460f3ccaed25ad7c1b1792ab36cd7207b99fddf5eaf8872250b54a8958cf5827608f0640e8aafe11e0071

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\en\messages.json

MD5 91f5bc87fd478a007ec68c4e8adf11ac
SHA1 d07dd49e4ef3b36dad7d038b7e999ae850c5bef6
SHA256 92f1246c21dd5fd7266ebfd65798c61e403d01a816cc3cf780db5c8aa2e3d9c9
SHA512 fdc2a29b04e67ddbbd8fb6e8d2443e46badcb2b2fb3a850bbd6198cdccc32ee0bd8a9769d929feefe84d1015145e6664ab5fea114df5a864cf963bf98a65ffd9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnGraphiteCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnGraphiteCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnGraphiteCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnGraphiteCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 c92e8e6045f009c8b0b72a4591daef3e
SHA1 57ccf283ae0c4ffe09b9f9c54372d0e3f39c01eb
SHA256 4dcefaf3f50dec532bfd3fc207f3e5e0bb4cad4dd05347cd92c7c9843646c73d
SHA512 91f7bade5da947a63e65464e5f08416776d9948807fee4e407822cefdec244e622da110045a7630a0fde93a761d2dbd4ae555f60bb585c2861e7f1b130673cd6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 74fea16825acfcb6624492f335fb497b
SHA1 5db30ca233704ad27f28ffc42748e54fb4e0d859
SHA256 074798fe56a735ad32b63ef4183ecfd9344fb4c93293b3b3550f57f1043e6dbb
SHA512 6529320a6782f25725cd3182efe6da8a42627dba25d07e771bf6df5934c4f259f74456bcf7d6fce3ecfccdeb5450ffff445514d857c7e1c42ddb4899d28edfa5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 681dde4b157ea6ba6e8024a438ace5e9
SHA1 9d874232203b1dff95e766926d794885cff7f30f
SHA256 c49270a94d31e1b17dca9340b03a9208dd2bd5d80a7cb31ddd563d27aac18359
SHA512 96396d03c3469bced2350d8cc325088f0c399504da3fd631331bc50ada5ef0a4e6d68e9c8243f076ed0dd770b71672647a3a542c0201778e234b2b501bb3d487

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 97760d5ee2008093c145293c50761df9
SHA1 dace0cc151bc55f53e3b574e394a5735e386a3de
SHA256 5711cc65b82a6dd51cbad6e46e3c4b9be8ca31fbfeeec6c14b93efa4a8f74701
SHA512 5c817bbd5ac898ff1d8e3367c776030f2c702534986ec255f583fa7e710146b7997f38848e1f6dcfc40af4ff1de810a707acd330c80f3a8b0b7e82392bb62179

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnGraphiteCache\index

MD5 6a00c541b74a1b6fa4ffe262f80d9968
SHA1 282f246380aa9cffba47e5ac76426115f923675f
SHA256 17abd7f68a139804ad498c47ce39eb3a85bf98d3fb5b9f7c730c69b881d51363
SHA512 b6ce45295fb72881005477a444c85104f20ea4f22f9040defd8e576b2f645a926a7984d0779397eb5ecaf78c892a61411e8d5ee54fc426fc934681b1c6f15013

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7249b03f3c5d0933cb4af31a9548b5bb
SHA1 7c2b1177b3f623bbd4609620417cc4b6428afe6c
SHA256 d8f949052f71149454663d2369bc85418c0e8a114d071fd6a30ba04cf60e547b
SHA512 43ddc5e7e5df386cdd2ebea7f31d8e4e91aaef454663c090281a2b40b1eef6d4fab3ce80f1fd3db57b8bd0c7f75596c28d8badaf17cf7957d0faf99f8a9533e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\the-real-index

MD5 1fb47e693ffd918eba824d3ef2d8cd16
SHA1 eac7ab1faaf5dcae2ee944947ccc52b0c9d1708c
SHA256 114d2a3030c8f0094c131f527e6d3e42383dd38c1bcb761610a8ce6927bbb57b
SHA512 b7643cb7c158e1bfe4c7d4ef167f8ebf0df4c7b3223a27f7b4162082386cb959b8aaad41b585d4c3eefbecdc548b0b7acc60bbac2ccfeebbf4163dda874ae840

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\the-real-index

MD5 836f1e0a6232b656d52711a402c66bec
SHA1 a5d892a275c2d1f03c18971521d49ec9345889ce
SHA256 bed783144100d68d95e3cbc64593b7495cc4ef7329be3a9d7f2bf4a7117373a3
SHA512 a157fb57cdec38be3256f4d029c1fed863f594777e06e54733548e48806b29e74697951d4da17b3c3c04079f7865de531fe876deba1a09619ab173455eff77a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 46d080397898a40ed0f5f801f227a479
SHA1 cc09c718e930f99f9b28382a2748d578dd0b2d63
SHA256 b69fc4d776d3e3adaab00a2d921438d28b014fc5dd75071428f33fa84cf4f43f
SHA512 cdb2fa23596e8c107cc5ec45d2a1b5a6c40dac1e3838fb7fd8d88f38ed4b286080f8ffd2f526f2b89795380c8db4eb948710c17b14b8e0d80abb509433749101

Analysis: behavioral3

Detonation Overview

Submitted

2025-02-21 22:43

Reported

2025-02-21 22:46

Platform

win11-20250217-en

Max time kernel

149s

Max time network

152s

Command Line

C:\Windows\system32\svchost.exe -k DcomLaunch -p

Signatures

Blackmoon family

blackmoon

Blackmoon, KrBanker

trojan banker blackmoon

Detect Blackmoon payload

Description Indicator Process Target
N/A N/A N/A N/A

FatalRat

stealer trojan fatalrat

Fatalrat family

fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\133.0.6943.127\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TjNkNpAilaYvt.exe.log C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\eventlog_provider.dll C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\os_update_handler.exe C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_hu.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\nb.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ml.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_mr.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\chrome_200_percent.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\en-GB.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\resources.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_en.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\psmachine_64.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\it.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\sk.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\ur.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_zh-CN.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\es-419.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\gu.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\VisualElements\LogoDev.png C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\libGLESv2.dll C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\vk_swiftshader.dll C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_et.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_vi.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\133.0.6943.127_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\am.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\fil.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\nl.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\133.0.6943.127\Installer\chrmstp.exe C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_sr.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\VisualElements\LogoCanary.png C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_sw.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\psmachine.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\el.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\et.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\zh-TW.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\WidevineCdm\manifest.json C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_zh-TW.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\WidevineCdm\LICENSE C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\dxcompiler.dll C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\elevated_tracing_service.exe C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\elevation_service.exe C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_gu.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ja.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_te.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\hu.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\ml.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\sw.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\v8_context_snapshot.bin C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_es.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_hr.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\133.0.6943.127_chrome_installer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\MEIPreload\preloaded_data.pb C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\VisualElements\Logo.png C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\chrome_pwa_launcher.exe C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_el.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_hi.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_pt-BR.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\psuser_64.dll C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\es.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\Locales\he.pak C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source4668_806430172\Chrome-bin\133.0.6943.127\vk_swiftshader_icd.json C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIED3E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEF76.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdateCore.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_es-419.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_no.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_ru.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_sl.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_sw.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\Installer\e57ece0.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdateOnDemand.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_ar.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_cs.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_fa.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_mr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_uk.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_zh-CN.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_fr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_hu.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_sr.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Windows\Installer\MSIEF26.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_hr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_id.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_sv.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\chrome_installer.log C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File opened for modification C:\Windows\Installer\MSIEF65.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_ca.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_en.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_lv.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_pt-PT.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_tr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_zh-TW.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdateBroker.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdateComRegisterShell64.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_fi.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_hi.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_te.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_th.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdateSetup.exe C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdateSetup.exe C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\Installer\MSIEEF6.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF639F300FF42D62F0.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_am.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_da.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_lt.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_sk.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\SystemTemp C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File opened for modification C:\Windows\SystemTemp\Crashpad\metadata C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
File created C:\Windows\Installer\e57ece0.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_bn.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_ms.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_vi.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_gu.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\~DF1BC3264FCD36D810.TMP C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\psmachine.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_es.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_ko.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\GoogleCrashHandler64.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_de.dll C:\ProgramData\setup\setup.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\setup\aa.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\setup\setup.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\133.0.6943.127_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\setup\aa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\setup\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Smart\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008628da5cf44c13110000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008628da5c0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809008628da5c000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d8628da5c000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008628da5c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\ C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SYSTEM C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\Group = "Fatal" C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\ C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\InstallTime = "2025-02-21 22:44" C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133846515165292626" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ = "IGoogleUpdate3Web" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ = "IAppBundleWeb" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine\CurVer\ = "GoogleUpdate.OnDemandCOMClassMachine.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32\ = "\"C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\GoogleUpdateBroker.exe\"" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync.1.0\ = "CoCreateAsync" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D656199B-93F2-4D64-AA2F-96BD3F18D40E} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods\ = "5" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher.1.0\CLSID\ = "{ABC01078-F197-4B0B-ADBC-CFE684B39C82}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ELEVATION C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD} C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID\ = "GoogleUpdate.ProcessLauncher.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8} C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\win64\ = "C:\\Program Files\\Google\\Chrome\\Application\\133.0.6943.127\\elevation_service.exe" C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine.1.0\ = "Google Update Broker Class Factory" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\DefaultIcon\ = "C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe,10" C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\NumMethods\ = "23" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ = "IApp" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\NumMethods\ = "11" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0\ = "Google Update Legacy On Demand" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\VersionIndependentProgID\ = "GoogleUpdate.OnDemandCOMClassMachineFallback" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.mhtml\OpenWithProgids C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.webp\OpenWithProgids C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe\AppID = "{9465B4B4-5216-4042-9A2C-754D3BCDC410}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ = "ICoCreateAsyncStatus" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation\IconReference = "@C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\goopdate.dll,-1004" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ELEVATION C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods\ = "43" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32 C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods\ = "12" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass\CLSID\ = "{9B2340A0-4068-43D6-B404-32E27217859D}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1\CLSID\ = "{E225E692-4B47-4777-9BED-4FD7FE257F0E}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachine\ = "Google Update Broker Class Factory" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback\CurVer\ = "GoogleUpdate.Update3WebMachineFallback.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Packas\scrok.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\ProgramData\Smart\setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4192 wrote to memory of 4700 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4192 wrote to memory of 4700 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 4192 wrote to memory of 1044 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4192 wrote to memory of 1044 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4192 wrote to memory of 1044 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1044 wrote to memory of 4832 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 1044 wrote to memory of 4832 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 1044 wrote to memory of 4832 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 4832 wrote to memory of 4852 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4832 wrote to memory of 4852 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4832 wrote to memory of 4852 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4832 wrote to memory of 1216 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 4832 wrote to memory of 1216 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 4832 wrote to memory of 1216 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 4832 wrote to memory of 1296 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 4832 wrote to memory of 1296 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 1296 wrote to memory of 824 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 1296 wrote to memory of 824 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 1296 wrote to memory of 824 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 4832 wrote to memory of 1508 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4832 wrote to memory of 1508 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4832 wrote to memory of 2884 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4832 wrote to memory of 2884 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4832 wrote to memory of 2532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4832 wrote to memory of 2532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4832 wrote to memory of 2532 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 4832 wrote to memory of 2636 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4832 wrote to memory of 2636 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 4832 wrote to memory of 772 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 4832 wrote to memory of 772 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 4900 wrote to memory of 972 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 4900 wrote to memory of 972 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 4900 wrote to memory of 972 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 772 wrote to memory of 824 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 772 wrote to memory of 824 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 772 wrote to memory of 824 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 4832 wrote to memory of 4712 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 4832 wrote to memory of 4712 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 4832 wrote to memory of 4712 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 972 wrote to memory of 1816 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 972 wrote to memory of 1816 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 972 wrote to memory of 1816 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 972 wrote to memory of 2552 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 972 wrote to memory of 2552 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 972 wrote to memory of 2552 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 972 wrote to memory of 3488 N/A C:\ProgramData\Smart\setup.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 972 wrote to memory of 3488 N/A C:\ProgramData\Smart\setup.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 972 wrote to memory of 3488 N/A C:\ProgramData\Smart\setup.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4712 wrote to memory of 4636 N/A C:\ProgramData\setup\setup.exe C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe
PID 4712 wrote to memory of 4636 N/A C:\ProgramData\setup\setup.exe C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe
PID 4712 wrote to memory of 4636 N/A C:\ProgramData\setup\setup.exe C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe
PID 4636 wrote to memory of 4836 N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4636 wrote to memory of 4836 N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4636 wrote to memory of 4836 N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4636 wrote to memory of 4528 N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4636 wrote to memory of 4528 N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4636 wrote to memory of 4528 N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 4528 wrote to memory of 1548 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 4528 wrote to memory of 1548 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 4528 wrote to memory of 2600 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 4528 wrote to memory of 2600 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 4528 wrote to memory of 2756 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 4528 wrote to memory of 2756 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 4636 wrote to memory of 4812 N/A C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Chrome.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 7E2488391F0B9060D3A105704FF0C754

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /c timeout /nobreak /t 7 & C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData & C:\ProgramData\Packas\scrok.exe & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & timeout /nobreak /t 2 & C:\ProgramData\Smart\TjNkNpAilaYvt.exe start & C:\ProgramData\Packas\scrok.exe & del C:\ProgramData\Packas\scrok.exe & C:\ProgramData\setup\setup.exe

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 7

C:\ProgramData\setup\aa.exe

C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 2

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe start

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

"C:\ProgramData\Smart\TjNkNpAilaYvt.exe"

C:\ProgramData\Smart\setup.exe

"C:\ProgramData\Smart\setup.exe"

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\setup\setup.exe

C:\ProgramData\setup\setup.exe

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe

C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDRCNUU0QUUtRUZEMy00QjVFLUIxMDgtOTk1OEY1RjdDQjY2fSIgdXNlcmlkPSJ7NTU5QkY2NkItOTdGMC00QjAxLTg3NjktNjlFMzExNDMzQTMzfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezVCOTZBRjZGLUJCODQtNDg2Ri1BNkExLUYyOUYyMjY4NzQ0OX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins0MzBGRDREMC1CNzI5LTRGNjEtQUEzNC05MTUyNjQ4MTc5OUR9IiB2ZXJzaW9uPSIxLjMuMzYuMzcxIiBuZXh0dmVyc2lvbj0iMS4zLjM2LjMxMiIgbGFuZz0iemgtQ04iIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9Ins5RjBDMUY0NC0xQzUwLTM5NkEtNDgzQS0wOERBNDg5NkZGMEJ9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9Ijc2NSIvPjwvYXBwPjwvcmVxdWVzdD4

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{D4B5E4AE-EFD3-4B5E-B108-9958F5F7CB66}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\133.0.6943.127_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\133.0.6943.127_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\gui84CD.tmp"

C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\gui84CD.tmp"

C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff635bebed8,0x7ff635bebee4,0x7ff635bebef0

C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{31457A37-2301-4D41-AF8A-8BB7C153D407}\CR_C2D85.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff635bebed8,0x7ff635bebee4,0x7ff635bebef0

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDRCNUU0QUUtRUZEMy00QjVFLUIxMDgtOTk1OEY1RjdDQjY2fSIgdXNlcmlkPSJ7NTU5QkY2NkItOTdGMC00QjAxLTg3NjktNjlFMzExNDMzQTMzfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0RFQ0YzOTRDLUNCMkMtNEQ3QS05QURBLUQ5QUIyNEE4QzM5N30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M0MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMzMuMC42OTQzLjEyNyIgYXA9Ing2NC1zdGFibGUtc3RhdHNkZWZfMSIgbGFuZz0iemgtQ04iIGJyYW5kPSIiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI0IiBpaWQ9Ins5RjBDMUY0NC0xQzUwLTM5NkEtNDgzQS0wOERBNDg5NkZGMEJ9IiBjb2hvcnQ9IjE6Z3UvaTE5OiIgY29ob3J0bmFtZT0iU3RhYmxlIEluc3RhbGxzICZhbXA7IFZlcnNpb24gUGlucyI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9lZGdlZGwubWUuZ3Z0MS5jb20vZWRnZWRsL3JlbGVhc2UyL2Nocm9tZS9hdTJuMzJoM2huY25jNWtjbjUyd3hheHp4YV8xMzMuMC42OTQzLjEyNy8xMzMuMC42OTQzLjEyN19jaHJvbWVfaW5zdGFsbGVyLmV4ZSIgZG93bmxvYWRlZD0iMTE4OTI5MjY0IiB0b3RhbD0iMTE4OTI5MjY0IiBkb3dubG9hZF90aW1lX21zPSIxNjc2NSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNjcyIiBkb3dubG9hZF90aW1lX21zPSIxNzg1OSIgZG93bmxvYWRlZD0iMTE4OTI5MjY0IiB0b3RhbD0iMTE4OTI5MjY0IiBpbnN0YWxsX3RpbWVfbXM9IjMwMjUwIi8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbced3fff8,0x7ffbced40004,0x7ffbced40010

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1884,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1880 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1424,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2152 /prefetch:11

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2276,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2232 /prefetch:13

C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3168 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3228 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3740 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3716,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3920 /prefetch:9

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3276,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4584 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4696,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5456,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5464 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5548,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5584 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5576,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5640 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3932,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3936 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3924,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3732 /prefetch:14

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4108,i,15774481183621382788,14135382186652478567,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5696 /prefetch:14

Network

Country Destination Domain Proto
US 8.8.8.8:53 a17.nbdsnb2.top udp
US 8.8.8.8:53 a17.yydsnb1.top udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
GB 216.58.201.99:80 o.pki.goog tcp
GB 216.58.201.99:80 o.pki.goog tcp
GB 216.58.201.99:80 o.pki.goog tcp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
GB 216.58.201.99:443 o.pki.goog tcp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 142.250.178.14:443 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.178.14:443 play.google.com udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
GB 216.58.201.99:443 update.googleapis.com tcp

Files

C:\Windows\Installer\MSIED3E.tmp

MD5 c7fbd5ee98e32a77edf1156db3fca622
SHA1 3e534fc55882e9fb940c9ae81e6f8a92a07125a0
SHA256 e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6
SHA512 8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

C:\Windows\Installer\MSIEF65.tmp

MD5 ae463676775a1dd0b7a28ddb265b4065
SHA1 dff64c17885c7628b22631a2cdc9da83e417d348
SHA256 83fbfcaff3da3eb89f9aec29e6574cf15502fd670cbb2ab0c8a84451b2598b22
SHA512 e47c2db249e7a08c5d2864671fbc235e48aebecbe0b2c2334d1a4cba1b5b3037522ff89408589f3559b3a1eaf507bd338645387d55800029bb3b941d4c7744d6

C:\Config.Msi\e57ece3.rbs

MD5 50af36bdb099da8bf0f80d4f235ee0a7
SHA1 806a6c07c496b6bce021abb3e209a255a4d0c923
SHA256 b6b0dfb4e9a2013911ea18085d67bd35a0e6f1f018f86730e91d13faf7c63f7c
SHA512 a31660b0eac3acdae6fd5cd9fdd7661c7c3f7d52bcd30ac6788d239f0cc2e4c098e6390868ba28825ee2f29e3611f7b76eb336f242809465043e3edef10a3bc2

C:\ProgramData\setup\aa.exe

MD5 09c448be7e7d84e6e544cc03afbb05d8
SHA1 ddc13e71a72bc49c60f89b98cbb79c2449cfa07e
SHA256 a0f127a70943b0262060498c1723c795a8e2980f1acf0c42ee8c1dae72ae54b5
SHA512 e5f7a988a999e7e34d0aa2d2a5b2fbb22689588d3def4bed4518ceed38710e3714c5614bab192b0ce6bcac5172a87ebf3b3b923e495eb7344c70bd11f4bf1c12

C:\ProgramData\setup\ddd

MD5 9bd359e3956d119811c3a6abef58e644
SHA1 9f221781f406ebcb15fc2c02d5d259116155c734
SHA256 ead38673817c84de77a4d2fe6118e6a96f863e3db38f73518007caa2af676146
SHA512 7f817794728e532da07424c621eeef161501644d137068895391505d7110f1f8ee9dc76944946e3960f84e462c66fd82ee61b619ca91a07166aed5d3434f618b

memory/1216-64-0x0000000000400000-0x0000000000510000-memory.dmp

C:\ProgramData\Packas\scrok.exe

MD5 a03b2eaa4d517fd935bb0032d444f22d
SHA1 014864aac638b7c04b4d50e6c39d7266eafda773
SHA256 6fd145b1de7d0a143fd25274544d5e3c4ecee06cf3e31631d51cae8ca3e25f01
SHA512 68a253fcdb3cd1a086fe93fa7c8a7500d6b5414bdfc0dad555973697d4fb552e09088b849573f705ca91b1652ddd4572842b82d40f5821761b3ac299e465be51

memory/1296-68-0x00007FFBF09B0000-0x00007FFBF09B2000-memory.dmp

memory/1296-69-0x00007FF794FC0000-0x00007FF795579000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

MD5 d305d506c0095df8af223ac7d91ca327
SHA1 679cb4c763c84e75ccb0fa3475bd6b7a36e81c4a
SHA256 923111c7142b3dc783a3c722b19b8a21bcb78222d7a136ac33f0ca8a29f4cb66
SHA512 94d369a4db88bff9556a1d7a7fb0188ed935c3592bae09335542c5502ec878e839177be63ac3ab4af75d4dc38a3a4f5d0fd423115ac72cf5dd710c59604db796

memory/1508-75-0x0000000000F10000-0x0000000000FE6000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.xml

MD5 2c706293a3cfff8cc184a8e9a3b3da08
SHA1 873d7c9f51aa6cebd4ad3ae5930d1de84bb4437d
SHA256 ed28baf8be3a588d50ed246c2cd741bbd498aee74ea0675d57e0b33236e22067
SHA512 4aba3e25507ba5c29219ff51553f3616d07aeeb30f7465f9e921eea94cdcb411d1f48d1eefed647c22405df275e7f9d7506aac52202aae137391c6831463b043

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TjNkNpAilaYvt.exe.log

MD5 8005734c5c8a27f0225756ad8ab852df
SHA1 5a611231e25aa2a4dec287c01750da7fa743e981
SHA256 c7fe4d0b82bec7d44e817c76123b381269d494e2ff4a7f539ad53eb3ef5c4371
SHA512 d2c653d0c22503817c9176f93c5e330c9c0d4a244d2e254f9bc895955ef8630e5fd83b5c22459dee5f18a3e1e016a638918087106e54b2fd169b435030d7c60b

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 91096cda41621409cf7d40786e70ade1
SHA1 e6b7df467b318c978967cd3dc380f955ff68f48e
SHA256 78e221ebd5a8a598c66b871ec3bdb64b5bdd60fd033af3486d56c654c8d00d16
SHA512 158d4c8912b8bd7c1dd35c4199d4cfb4a11be38f209dfe31d96cec070a2f0c11aada032be98e948d8e49baaa1dc101b84ce9da75c14f9cf96163a878b3c6f607

\??\Volume{5cda2886-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{5a7d2ff0-8812-4c96-a374-692a0b092a78}_OnDiskSnapshotProp

MD5 50e8cb36154a06f2af1acc5487b0ee65
SHA1 fd549c3750dd0ffe26576d815b8a596f869f88cd
SHA256 bee2174f589da9530a0017e7d53cef92c1f7cfaddf5be6defaa758379d12ba39
SHA512 78704ff548b82bff657dee0991722b5e98cd99817dfd40b980688186604ac2d83a9a74d1d8a3994f00b9e78cebceebc1894199ea716524d921785325ad16fd21

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 020191ff3bd7c4031430e8077ebc9034
SHA1 cd92c66db8b2305f9356ac31419e72ed794c9d88
SHA256 da071e010e8518a308dfb17d3416b3bad4e803731c7f16ddc25cf25947c39eb1
SHA512 caff71d2581bf4ada14527d0923bd79f357af4263fb647f998c383247ffc8798ae271c85166ce20655af08d4b3b2a1faa3aac212251e27d2b69a8417c8805961

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 d2e83b37891e38c727813994eaa109d6
SHA1 ed0bd3065150dd42f0ca142cde085f4453c3b8a3
SHA256 6d136298617f815bcfaa9b744f7a92f056e96640b5a4939caba445a78ffdcd26
SHA512 13b0334155757e7670154115f9caa4e72122ef2d5a7323fc0b0fe6b568ce1cf7e4e5aa73f619f3fac2b966cb9fa149f609b767ade18d92b54b0be96b7f06c296

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 c0a55b43b02d152525d0a46ca82ee60f
SHA1 0311ca1bec84e63178a8fc66fa83af8e594be851
SHA256 f6d3755a15fff4618c85a0f97b6db7f7e30810e96ceba4e91e2958183e492d19
SHA512 758f4adaa047864a941b9c8c948215ec767a4112cbf4e7c9e669071bd4e6c7362724a29eca899bad25e17e92fa26942f1d0a72cbb9f02ed90118d51c0be8ef33

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 98b47370ab972c9305cadea2debeaff2
SHA1 7d1671214c25f32a20e3026be2eaefb7c2274868
SHA256 d2d8b8323183bcb0deea43b5e03c5451fe825e8d55b90ae75086e618981b90d4
SHA512 a1fb95df29617833cd1b7c7c5c35f73c392691dc01db8561030ecf33aaedb87723c6e846adc45fe819a42765a20aedb7a7979f34b4c430b2090b056fad98f83e

C:\ProgramData\Smart\setup.exe

MD5 118a9a9f6280e177fdac16989b8aa1a5
SHA1 fc37316439372be17a982d02cd0d294f7aaca751
SHA256 b995e6a0299f2465fd5881157aab1c6c9753c8e459efd661b9cd1e83be7e53f6
SHA512 14c731e7f7e9736f39d6c79a98bf1a3264da9dc76bab4faca82ec64f276f3d39c9bc4638991e30a06f52bf6204619f5da8c3168d11afe058e0c1d21a89d42878

memory/972-114-0x0000000000400000-0x0000000000BA0000-memory.dmp

memory/972-113-0x0000000000D70000-0x0000000000D71000-memory.dmp

memory/772-117-0x00007FF794FC0000-0x00007FF795579000-memory.dmp

C:\ProgramData\setup\setup.exe

MD5 4a94844260d6a08828d781d488cef61d
SHA1 de8169fdb5ab8a120df577d92eb25a2767431738
SHA256 46d7a8abe3bb9d7302529246cd8ee6e7d0360d1045fe92662cc7580e72ef5132
SHA512 82549c1e525a90003fb0174ebba2bc3b4f58706ef9fd5e6ee07d489ab536ef286e408db6c15a52b039d3f59c09bd55e35d045def79007da5d414d5d589d34f4f

C:\ProgramData\NVIDIARV\svchost.exe

MD5 4ce1a842d3d770f6fa4b4167542408b2
SHA1 43b0c03b176318ce2551d3dfc2c18e18f53c2240
SHA256 ba51980ef9681d849c9331e891cc411c1687d3c011f0acc01da9f4ef640764b6
SHA512 a28f0659af75da93f479359212dc4ffb9440f171cf89b19de929b7a8015b5e087ea53ab979dd6815597865538c79b1e3354e987940da88da4dfcf16bdf1f4337

memory/3488-169-0x0000000000400000-0x000000000090B000-memory.dmp

memory/1816-212-0x0000000002A00000-0x0000000002C00000-memory.dmp

memory/1816-209-0x0000000010000000-0x000000001002D000-memory.dmp

C:\Windows\SystemTemp\GUM1D58.tmp\goopdate.dll

MD5 dae72b4b8bcf62780d63b9cbb5b36b35
SHA1 1d9b764661cfe4ee0f0388ff75fd0f6866a9cd89
SHA256 b0ca6700e7a4ea667d91bcf3338699f28649c2e0a3c0d8b4f2d146ab7c843ab6
SHA512 402c00cab6dac8981e200b6b8b4263038d76afe47c473d5f2abf0406222b32fff727b495c6b754d207af2778288203ce0774a6200b3e580e90299d08ce0c098f

C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_zh-CN.dll

MD5 ca52cc49599bb6bda28c38aea1f9ec4e
SHA1 494f166b530444f39bca27e2b9e10f27e34fc98a
SHA256 f9f144aa2dc0de21b24c93f498a9b4a946b7da42819a776b3283a0bcae18544b
SHA512 05e2d5711eef8f57737b2512de2e73744f17e0a34de0bfd2a06c9cc60a08ebadbafe38e30b66a2ede7fa61d5b9571adddcfbd7e1cafcee1ab2168a563d2d3f0d

C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdateCore.exe

MD5 af51ea4d9828e21f72e935b0deae50f2
SHA1 c7fe57c2a16c9f5a5ebdd3cc0910427cba5308bd
SHA256 3575011873d0f6d49c783095dae06e6619f8f5463da578fbe284ca5d1d449619
SHA512 ec9828d0bade39754748fb53cfc7efdc5e57955198bac3c248ea9b5a9a607182bb1477819f220549a8e9eadbe6bf69a12da6c8af3761980d2dd9078eaeaa932f

C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_es.dll

MD5 dae64d49ee97339b7327b52c9f720848
SHA1 15f159c4808f9e4fe6a2f1a4a19faa5d84ac630b
SHA256 e76400e62ae0ab31565e50b05d1001b775a91aa487a54dc90e53c0e103c717c2
SHA512 9ae72e5a658aa0e1fb261d62ccef474cd42d9bec2b4a50f71925d131ffea22b8f60fb961772587ce71cb30a32da3b7986e7483ecea960a509e0450d3983c84b0

C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_en-GB.dll

MD5 f82ccf890c3ae14bfd7a263d07276e60
SHA1 6a915d6eb8c99d065e36a721d721d556b74bb377
SHA256 6b07a4fd3039541e30c68a8c31c371cda2cea480787f95e0ddbca3cc2fbff0cc
SHA512 4cbf9e6728e08de8d61f34b17bb20d92b6a699969edb9afa013fe962c8fd39238288adcd826134c9bca459904d8574a804c519daac6b301e0d38f68722c0359e

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

MD5 cdf152e23a8cbf68dbe3f419701244fc
SHA1 cb850d3675da418131d90ab01320e4e8842228d7
SHA256 84eaf43f33d95da9ab310fc36dc3cfe53823d2220946f021f18cf3f729b8d64e
SHA512 863e1da5bc779fa02cf08587c4de5f04c56e02902c5c4f92a06f2e631380ecabcc98e35d52609f764727e41b965c0786d24ea23fc4b9776d24d9f13e0d8ae0c2

C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_en.dll

MD5 741211652c66a8a6790396e1875eefa9
SHA1 2ccd5653b5fc78bcc19f86b493cef11844ba7a0c
SHA256 e0945deacdb6b75ff2587dea975774b9b800747e2ee3f3917e5b40ddb87eda10
SHA512 b70f847d8ca8828c89bbb67b543950fbd514c733cf62b52ad7fc0dab7b2168fe56d1f21bef3210f5c7f563f72831455d870a5f9aa6c557f1e3543ef7329c42f9

C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_el.dll

MD5 ecdd26049573614b6f41d8a102ffcf21
SHA1 5140c6cff5d596267a64df1559ac36c4e8f49e42
SHA256 a3377520f2a95b8cc06bd30e493962c07f97eebf4661a69d03efb36b2ca515c5
SHA512 933c181d7575f20480c8deadac3f3e9190081456169122216c72e7b9a04aa75612140fc37697098c7c20b77001a67966fa1661cdc9110c40634c944f833a65b1

C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_de.dll

MD5 96d92500b9a763f4b862c511c17e0a47
SHA1 2fd441eb8685d15e14fa6405e82359adea3e7148
SHA256 58829d135ff41e574ed5fc5e0421e4aa204267b02ca3ffaf08d8efb0a70fdd4c
SHA512 a1014584f1f278160d579848fa188f627676aee819e9395517490b00e273db6f583d7ddd31af6e35c9d251021df7fb26c88512aaa1c865c2ee3ba60c0a2db49a

C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_da.dll

MD5 9f2e018a4f9a1d278983d0b677b91218
SHA1 c58ee1fc0d8ef9d99f85426b48c7f28f381a2c17
SHA256 d0dcdc68236eecd6b5f0b437eb92b8935741dabf1fa276a552399815af22edec
SHA512 20b74b6a9f81527d4a5fe30671d2559261fb682576f4ab04da7856280fbbaeb6af83894009c9d7cb83deeae988d0ac5ec7ec32b277b7eb45829faec2857d7014

C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_cs.dll

MD5 b9033db8d0e5bf254979b0f47d10e93d
SHA1 2859de0d851b5f4fd3056e8f9015cece2436c307
SHA256 12c41c2f472b6a05fd6392e9d4f8aeb9a40840c2cbefd68b39d20f9d1d4d77ed
SHA512 52075df4ae5c86ebb0bac20604ea072a163761ae058c1473211bf4bb0eeed043cfc5a92386f876b53484cdf4e3f8a7b75d8f4bf9894c24f8c22ec23a50b70b7c

C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_ca.dll

MD5 39e25ba8d69f493e6f18c4ef0cf96de8
SHA1 5584a94a85d83514a46030c4165e8f7a942e63e2
SHA256 1f66ebdcaae482a201a6e0fab9c1f4501c23a0d4ad819ccd555fdca9cc7edb94
SHA512 773c995b449d64e36eb8cab174db29e29e29985bcfd714799d6b05b01bb7d4a0fc2aefaf2e27ff02b0e105fbe0d34d7efe29b193a1bc3365ec47e1f1003bed26

C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_bn.dll

MD5 dafa45a82ce30cf2fd621e0a0b8c031f
SHA1 e39ed5213f9bb02d9da2c889425fab8ca6978db7
SHA256 d58e5f0fa894123de1d9b687a5b84826e095eca128ee5df8870f2db74f4233a2
SHA512 2b772ebc128eb59d636eec36583329962ead8e0a399fd56394b1244486bf815f4e033ceef74a62a9930ab2bf6ec1ba5e2d3c942183f7cb2355a716a3e2c6c7a1

C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_bg.dll

MD5 c523ec13643d74b187b26b410d39569b
SHA1 46aff0297036c60f22ad30d4e58f429890d9e09d
SHA256 80505863866bcd93a7e617dd8160531401d6d05f48d595348cd321cf7d97aeac
SHA512 ecf98e29a3481b05ab23c3ff89fa3caf054b874ed15462a5e33022aacf561d8fea4a0de35cc5f7450f62110ca4ace613e0c67f543ad22eb417e79eb3ebf24ed7

C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_ar.dll

MD5 163695df53cea0728f9f58a46a08e102
SHA1 71b39eec83260e2ccc299fac165414acb46958bd
SHA256 f89dddda3e887385b42ea88118ba8fb1cc68fde0c07d44b851164564eb7c1ec8
SHA512 6dfb70a175097f3c96ae815a563c185136cb5a35f361288cc81570facfa1f1d28f49eaa61172d1da4982ebb76bd3e32c4de77cf97dedfb79f18113d7594d0989

memory/1816-213-0x0000000002A00000-0x0000000002C00000-memory.dmp

C:\Windows\SystemTemp\GUM1D58.tmp\goopdateres_am.dll

MD5 849bc7e364e30f8ee4c157f50d5b695e
SHA1 b52b8efa1f3a2c84f436f328decd2912efeb1b18
SHA256 f1384a25a6f40e861455c62190d794415f3e9bfca6317c214847e9535dfc3fb9
SHA512 6fd7f542a7073b3bbf1b0c200bb306b30f1b35a64a1fb013f25c7df76f63ef377d9bd736e8da2e9372f1c994785eaeedb6b60e3a0d4a4e8734c266ad61782d3b

C:\Windows\SystemTemp\GUM1D58.tmp\GoogleUpdateComRegisterShell64.exe

MD5 be535d8b68dd064442f73211466e5987
SHA1 aa49313d9513fd9c2d2b25da09ea24d09cc03435
SHA256 c109bcb63391ac3ea93fb97fbdf3f6ed71316cacb592ef46efaea0024bc9ed59
SHA512 eb50eebeaf83be10aea8088e35a807f9001d07d17d2bc1655c3bc0cb254d0f54303348988514ba5590ebd9d3bde3f1149c3f700f62fbce63c0199ea3cfb1f638

C:\Windows\SystemTemp\GUM1D58.tmp\GoogleCrashHandler64.exe

MD5 b659663611a4c2216dff5ab1b60dd089
SHA1 9a14392a5bdb9ea6b8c3e60224b7ff37091d48b5
SHA256 cad4aa1cf58f6b2e2aceb789d53b18418e67066ec406b2fac786cb845ef89d2b
SHA512 1065f9072cd6f1f4364f1354108f2647ee1d89f87e908a22fcd63bd3149c864c457e62268067a439d0486d8d4aa150aa984ad8ac8b51cae49014b67b80496040

C:\Windows\SystemTemp\GUM1D58.tmp\GoogleCrashHandler.exe

MD5 a11ce10ac47f5f83b9bc980567331a1b
SHA1 63ee42e347b0328f8d71a3aa4dde4c6dc46da726
SHA256 101dbf984c4b3876defe2699d6160acbf1bb3f213e02a32f08fdcdc06821c542
SHA512 ff2f86c4061188ead1bfeebd36de7dbc312adcc95267537697f2bfcbb0c53e7c4ab0cd268cef22f0182391796c4612c97cbdc1266d9ee1960cdd2610d8c2bcb3

memory/1816-207-0x0000000000400000-0x000000000090B000-memory.dmp

memory/2552-173-0x0000000010000000-0x000000001002D000-memory.dmp

C:\Program Files\Google\Chrome\Application\133.0.6943.127\Installer\setup.exe

MD5 3eda07f3f5bd229c5a02ca9487dd152d
SHA1 b6b845c42e2316b63a61a058eb1a9714211a54ec
SHA256 cba6ac1785a616fbffb09afb29cc8b5d9a82a019d9b547338aa09b6a06905e11
SHA512 e8a0d0308f955f923753380033ebf12a795d9e3dd57e155e46ff6d709c9a4a71a24227b79a129773e6209eb1039202928a9515294833b36c218f44d787349aa6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 23810d0139fb5da5dd6bb342ae5a7dd4
SHA1 be27ec888765ce79edcf9224ed264ff4565c8b6b
SHA256 ad63c855ad97d69ddb74c2ed5331c576532f8a30b84df33c93ab4a4cc9b580c5
SHA512 de4a173d2258faf20386184f559dd842b11844baf42d3621c91cff0ea11e2628b6e7204a7a844d6b1f71c5370d1732b7016da147a20941ba05a68e130063de6d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 b77fc97eecd8f7383464171a4edef544
SHA1 bbae26d2a7914a3c95dca35f1f6f820d851f6368
SHA256 93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68
SHA512 68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 1fc8c22b9b297bf981a817f857c64dcd
SHA1 df694d4f45af84aa37d2a512335b13db4c42e9ab
SHA256 324726277f41d3b8e93c7c5912d16509b92957d0bcbec0ddfaad26d275855054
SHA512 a608c54ca9e64b8300209008de39c3ffa2f2c7b855128721b3ec1d2fa3138f35f301c97aaecc7642a91131e358219bffa3300d715edb7dea0168285f7e0c292e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 38d556e93471442e021bb43e896dd530
SHA1 aec23624a01159c95096d3c75be32903581b741b
SHA256 385686ea971b656a59a7ac42cfd5f18b911d13b8ea869b3dbb33db8a98a3a6d0
SHA512 a1300cd5685e6eb3920c8fedfc827bc0948e0207ae2b8f19a91cdae7d800dc4e526160a88e9701dddd0d6158788f92e40401127186c16e1d380ee9c34360b658

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8d4287ea0cdb2c4ec9e0680184b4a73
SHA1 4341d0cefc2ad5d33d887814a98e3def14a42d51
SHA256 b0623f4b39fe02134133fa659827b6d0a5b1fca483bed496ba67d8989f68cb97
SHA512 fef1c765ded29dd0a83028085026265f81f1cf9bcc2267f142a455154817c379ed73ca19be456d3972a46dd203669256c6648a299c03d337108a295bc43774ca

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 5a4d73300631980ac3f2fb8d67449181
SHA1 f1eaca234c2764e14622b13a6137817a0265c921
SHA256 8da0d59fc2346da112421259aad2a73afa1c90323900b9df324e17a8049fb152
SHA512 18746df84a01767a808aeeb3e6b522693117853527d16997ddfd591e8599db867f3db2717819784d2c58eada76712a5057e0b8f46acc308ea9aa067556912f9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 42f2eca9223345f140b8cb8a8ad35bcd
SHA1 0bb64f779dac739f76e1a76ad7a72135e615a64f
SHA256 bd4bba23d619c0cf37c287523be82f4daf05eec1e43f7669a50dad09b49397ca
SHA512 8419764cf30be25540191a5c6257484f20c467e6e2599824db45a003eef1579284d5a4d88e1fe9c6e9021da1b842b0cb7adc3560b7118b1f36ceff8b72cf9604

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 de816953bc01a7b59479c0a397f4e582
SHA1 1d9599dafeeaea070c8d02f9c640fddacd4fcc11
SHA256 3b84fab0f3d06e7a668944dfe30e8e278656430a46e416b66716d797de40499f
SHA512 bb0b12ed9be857e0b604c85801b1f0f61611275adf194bb069e0aa3a07b3d1e799ff10e2e37c0d22db798c7d0288095cfdf1c615eecf7debe3e20402fbef7916