Malware Analysis Report

2025-03-15 03:50

Sample ID 250222-c5p1bswqfq
Target 1924b09ff1e25fe9d39bad70f094766863f366543658627fe94f435b07da6109.msi
SHA256 1924b09ff1e25fe9d39bad70f094766863f366543658627fe94f435b07da6109
Tags
blackmoon fatalrat banker discovery infostealer persistence privilege_escalation rat spyware stealer trojan vmprotect
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

1924b09ff1e25fe9d39bad70f094766863f366543658627fe94f435b07da6109

Threat Level: Known bad

The file 1924b09ff1e25fe9d39bad70f094766863f366543658627fe94f435b07da6109.msi was found to be: Known bad.

Malicious Activity Summary

blackmoon fatalrat banker discovery infostealer persistence privilege_escalation rat spyware stealer trojan vmprotect

Fatalrat family

FatalRat

Blackmoon family

Detect Blackmoon payload

Blackmoon, KrBanker

Fatal Rat payload

VMProtect packed file

Boot or Logon Autostart Execution: Active Setup

Enumerates connected drives

Event Triggered Execution: Image File Execution Options Injection

Checks computer location settings

Event Triggered Execution: Component Object Model Hijacking

Drops file in System32 directory

Checks system information in the registry

Drops file in Program Files directory

Executes dropped EXE

Checks installed software on the system

Loads dropped DLL

Drops file in Windows directory

Browser Information Discovery

Enumerates physical storage devices

System Network Configuration Discovery: Internet Connection Discovery

System Location Discovery: System Language Discovery

Event Triggered Execution: Installer Packages

Reads user/profile data of web browsers

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Modifies registry class

Checks processor information in registry

Delays execution with timeout.exe

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy service COM API

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-22 02:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-22 02:39

Reported

2025-02-22 02:42

Platform

win7-20250207-en

Max time kernel

149s

Max time network

150s

Command Line

C:\Windows\system32\svchost.exe -k DcomLaunch

Signatures

Blackmoon family

blackmoon

Blackmoon, KrBanker

trojan banker blackmoon

Detect Blackmoon payload

Description Indicator Process Target
N/A N/A N/A N/A

FatalRat

stealer trojan fatalrat

Fatalrat family

fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-677481364-2238709445-1347953534-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdateOnDemand.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\chrome_100_percent.pak C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\VisualElements\Logo.png C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_pl.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_bg.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\WidevineCdm\manifest.json C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Temp\GUTBE04.tmp C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_sr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_gu.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\optimization_guide_internal.dll C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\psmachine.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\Locales\ja.pak C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\vulkan-1.dll C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_mr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_bn.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_lt.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\Locales\it.pak C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\Locales\nl.pak C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\Locales\ur.pak C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\Locales\tr.pak C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_es.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_sl.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\v8_context_snapshot.bin C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_et.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_gu.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_ja.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\Locales\am.pak C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\Locales\fi.pak C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\mojo_core.dll C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_lv.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\109.0.5414.120_chrome_installer.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\Locales\id.pak C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_en-GB.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_pt-PT.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_fr.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\Locales\sl.pak C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\Locales\sr.pak C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_nl.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\psuser.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\Locales\sw.pak C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_de.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_en.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_is.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ar.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_en.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_sv.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\chrome.dll C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\109.0.5414.120_chrome_installer.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_hi.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\psmachine.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_lt.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_te.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\109.0.5414.119.manifest C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\libEGL.dll C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source2264_1004754816\Chrome-bin\109.0.5414.120\chrome.exe.sig C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_fil.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_mr.dll C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSI90DF.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f768cc8.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\f768cc5.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\f768cc5.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8D13.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8DEE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8E5D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI8FC5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\f768cc8.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSI8F09.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\setup\aa.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\setup\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\109.0.5414.120_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\Windows\SysWOW64\cmd.exe N/A
N/A N/A C:\ProgramData\setup\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\109.0.5414.120_chrome_installer.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Smart\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\setup\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\ProgramData\NVIDIARV\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\ProgramData\NVIDIARV\svchost.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\ C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\Group = "Fatal" C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\InstallTime = "2025-02-22 02:40" C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie\devenum\Version = "7" C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\ActiveMovie\devenum C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ = "IProgressWndEvents" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\NumMethods\ = "41" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation\IconReference = "@C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\goopdate.dll,-1004" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine.1.0\CLSID\ = "{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F63F6F8B-ACD5-413C-A44B-0409136D26CB}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\NumMethods\ = "24" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32\ = "\"C:\\Program Files\\Google\\Chrome\\Application\\109.0.5414.120\\notification_helper.exe\"" C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\ChromeHTML C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}\InProcServer32\ = "C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\psmachine_64.dll" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods\ = "11" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VersionIndependentProgID\ = "GoogleUpdate.CredentialDialogMachine" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ = "IGoogleUpdate3" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\ = "Chrome HTML Document" C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}\ = "PSFactoryBuffer" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D656199B-93F2-4D64-AA2F-96BD3F18D40E}\InprocHandler32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.xht\OpenWithProgids C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\ProgID\ = "GoogleUpdate.CredentialDialogMachine.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}\InProcServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ = "IPackage" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\VersionIndependentProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\INPROCSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\NumMethods\ = "24" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine\ = "Google Update Broker Class Factory" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods\ = "11" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\LOCALSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync\CLSID\ = "{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ServiceParameters = "/comsvc" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\ProgramData\Smart\setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1032 wrote to memory of 2736 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1032 wrote to memory of 2736 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1032 wrote to memory of 2736 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1032 wrote to memory of 2736 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1032 wrote to memory of 2736 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1032 wrote to memory of 2736 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1032 wrote to memory of 2736 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2736 wrote to memory of 2576 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 2576 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 2576 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 2576 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 2576 wrote to memory of 2508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2576 wrote to memory of 2508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2576 wrote to memory of 2508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2576 wrote to memory of 2508 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2576 wrote to memory of 1708 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 2576 wrote to memory of 1708 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 2576 wrote to memory of 1708 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 2576 wrote to memory of 1708 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 2576 wrote to memory of 2268 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 2576 wrote to memory of 2268 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 2576 wrote to memory of 2268 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 2576 wrote to memory of 2268 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 2268 wrote to memory of 604 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 2576 wrote to memory of 1284 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2576 wrote to memory of 1284 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2576 wrote to memory of 1284 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2576 wrote to memory of 1284 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2576 wrote to memory of 1620 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2576 wrote to memory of 1620 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2576 wrote to memory of 1620 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2576 wrote to memory of 1620 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2576 wrote to memory of 1088 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2576 wrote to memory of 1088 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2576 wrote to memory of 1088 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2576 wrote to memory of 1088 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 2576 wrote to memory of 2524 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2576 wrote to memory of 2524 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2576 wrote to memory of 2524 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2576 wrote to memory of 2524 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 2576 wrote to memory of 1916 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 2576 wrote to memory of 1916 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 2576 wrote to memory of 1916 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 2576 wrote to memory of 1916 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 1616 wrote to memory of 808 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1616 wrote to memory of 808 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1616 wrote to memory of 808 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1616 wrote to memory of 808 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1616 wrote to memory of 808 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1616 wrote to memory of 808 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1616 wrote to memory of 808 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 1916 wrote to memory of 604 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 2576 wrote to memory of 1052 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 2576 wrote to memory of 1052 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 2576 wrote to memory of 1052 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 2576 wrote to memory of 1052 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 2576 wrote to memory of 1052 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 2576 wrote to memory of 1052 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 2576 wrote to memory of 1052 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 1052 wrote to memory of 2748 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe
PID 1052 wrote to memory of 2748 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe
PID 1052 wrote to memory of 2748 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe
PID 1052 wrote to memory of 2748 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe
PID 1052 wrote to memory of 2748 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\1924b09ff1e25fe9d39bad70f094766863f366543658627fe94f435b07da6109.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000060" "0000000000000574"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 2EF1D04624CE15B6DBAD0356E9A100D4

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /c timeout /nobreak /t 7 & C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData & C:\ProgramData\Packas\scrok.exe & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & timeout /nobreak /t 2 & C:\ProgramData\Smart\TjNkNpAilaYvt.exe start & C:\ProgramData\Packas\scrok.exe & del C:\ProgramData\Packas\scrok.exe & C:\ProgramData\setup\setup.exe

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 7

C:\ProgramData\setup\aa.exe

C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 2

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe start

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

"C:\ProgramData\Smart\TjNkNpAilaYvt.exe"

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\setup.exe

"C:\ProgramData\Smart\setup.exe"

C:\ProgramData\setup\setup.exe

C:\ProgramData\setup\setup.exe

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OERERDk4QzUtQThBNi00RDg3LUEyRUQtMEExRUNDNUQ5NTZEfSIgdXNlcmlkPSJ7QTIxMURDQkQtNTVBMC00MkUzLTg0REQtRDk5MkVCQThGREFDfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0QzNjQ1MjAzLURFNTAtNEMzRi1CRDU0LUQzMkFFMkREMkRCQ30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjE1MSIgbmV4dHZlcnNpb249IjEuMy4zNi4zMTIiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7OUYwQzFGNDQtMUM1MC0zOTZBLTQ4M0EtMDhEQTQ4OTZGRjBCfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIyNDY1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{8DDD98C5-A8A6-4D87-A2ED-0A1ECC5D956D}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\109.0.5414.120_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\109.0.5414.120_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\gui477E.tmp"

C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\gui477E.tmp"

C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f801148,0x13f801158,0x13f801168

C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{65C5E1A7-0788-4B4C-9533-0AC93A3FC1AC}\CR_6F60D.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13f801148,0x13f801158,0x13f801168

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OERERDk4QzUtQThBNi00RDg3LUEyRUQtMEExRUNDNUQ5NTZEfSIgdXNlcmlkPSJ7QTIxMURDQkQtNTVBMC00MkUzLTg0REQtRDk5MkVCQThGREFDfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezUwMjE1RTU0LTJBODQtNDc0My04NTA1LTJDMkREMTYxQjRCRn0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iNi4xLjc2MDEuMCIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTA5LjAuNTQxNC4xMjAiIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTQiIGlpZD0iezlGMEMxRjQ0LTFDNTAtMzk2QS00ODNBLTA4REE0ODk2RkYwQn0iIGNvaG9ydD0iMToxZzh4OiIgY29ob3J0bmFtZT0iV2luZG93cyA3Ij48ZXZlbnQgZXZlbnR0eXBlPSI5IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL2VkZ2VkbC5tZS5ndnQxLmNvbS9lZGdlZGwvcmVsZWFzZTIvY2hyb21lL2N6YW8yaHJ2cGs1d2dxcmt6NGtrczVyNzM0XzEwOS4wLjU0MTQuMTIwLzEwOS4wLjU0MTQuMTIwX2Nocm9tZV9pbnN0YWxsZXIuZXhlIiBkb3dubG9hZGVkPSI5MzEyMjYwMCIgdG90YWw9IjkzMTIyNjAwIiBkb3dubG9hZF90aW1lX21zPSIyMzQ2MiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzA3IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNjI3MSIgZG93bmxvYWRfdGltZV9tcz0iMjQyMTIiIGRvd25sb2FkZWQ9IjkzMTIyNjAwIiB0b3RhbD0iOTMxMjI2MDAiIGluc3RhbGxfdGltZV9tcz0iMjc1NjUiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=109.0.5414.120 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5936b58,0x7fef5936b68,0x7fef5936b78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1052 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1304 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1616 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2132 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2264 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3128 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\109.0.5414.120\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2624 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1548 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2240 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3568 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3692 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3572 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3892 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3972 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3960 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 --field-trial-handle=1200,i,9572370419645573804,1090566134379318640,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 a17.yydsnb1.top udp
US 8.8.8.8:53 a17.nbdsnb2.top udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 216.58.201.99:80 o.pki.goog tcp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.179.238:443 clients2.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.187.238:80 redirector.gvt1.com tcp
US 8.8.8.8:53 r5---sn-aigl6nzk.gvt1.com udp
GB 74.125.175.106:80 r5---sn-aigl6nzk.gvt1.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 142.250.200.4:443 www.google.com tcp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.179.234:443 ogads-pa.googleapis.com tcp
GB 142.250.179.234:443 ogads-pa.googleapis.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
GB 142.250.178.14:443 play.google.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp

Files

C:\Windows\Installer\MSI8D13.tmp

MD5 c7fbd5ee98e32a77edf1156db3fca622
SHA1 3e534fc55882e9fb940c9ae81e6f8a92a07125a0
SHA256 e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6
SHA512 8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

C:\Windows\Installer\MSI8E5D.tmp

MD5 ae463676775a1dd0b7a28ddb265b4065
SHA1 dff64c17885c7628b22631a2cdc9da83e417d348
SHA256 83fbfcaff3da3eb89f9aec29e6574cf15502fd670cbb2ab0c8a84451b2598b22
SHA512 e47c2db249e7a08c5d2864671fbc235e48aebecbe0b2c2334d1a4cba1b5b3037522ff89408589f3559b3a1eaf507bd338645387d55800029bb3b941d4c7744d6

C:\Config.Msi\f768cc9.rbs

MD5 e347e8d1713707deda3f56a7a412a1fd
SHA1 f65aa6d7239139eb8daff092544d153af0e56f87
SHA256 801db2d165b09fb8b1e10ed3947ac91df764304543544aa47a9fdff705a797c6
SHA512 8fbdd938f0920f8ee928441a4d286239f531b6b1655378facdb0ef604b9c207957bd7c9630e44a20a52b15bcf35c38769c5dc5e157658deab86cddfabf4b5a94

\ProgramData\setup\aa.exe

MD5 09c448be7e7d84e6e544cc03afbb05d8
SHA1 ddc13e71a72bc49c60f89b98cbb79c2449cfa07e
SHA256 a0f127a70943b0262060498c1723c795a8e2980f1acf0c42ee8c1dae72ae54b5
SHA512 e5f7a988a999e7e34d0aa2d2a5b2fbb22689588d3def4bed4518ceed38710e3714c5614bab192b0ce6bcac5172a87ebf3b3b923e495eb7344c70bd11f4bf1c12

C:\ProgramData\setup\ddd

MD5 9bd359e3956d119811c3a6abef58e644
SHA1 9f221781f406ebcb15fc2c02d5d259116155c734
SHA256 ead38673817c84de77a4d2fe6118e6a96f863e3db38f73518007caa2af676146
SHA512 7f817794728e532da07424c621eeef161501644d137068895391505d7110f1f8ee9dc76944946e3960f84e462c66fd82ee61b619ca91a07166aed5d3434f618b

memory/1708-56-0x0000000000400000-0x0000000000510000-memory.dmp

\ProgramData\Packas\scrok.exe

MD5 a03b2eaa4d517fd935bb0032d444f22d
SHA1 014864aac638b7c04b4d50e6c39d7266eafda773
SHA256 6fd145b1de7d0a143fd25274544d5e3c4ecee06cf3e31631d51cae8ca3e25f01
SHA512 68a253fcdb3cd1a086fe93fa7c8a7500d6b5414bdfc0dad555973697d4fb552e09088b849573f705ca91b1652ddd4572842b82d40f5821761b3ac299e465be51

memory/2268-63-0x00000000771B0000-0x00000000771B2000-memory.dmp

memory/2268-61-0x00000000771B0000-0x00000000771B2000-memory.dmp

memory/2268-65-0x00000000771B0000-0x00000000771B2000-memory.dmp

\ProgramData\Smart\TjNkNpAilaYvt.exe

MD5 d305d506c0095df8af223ac7d91ca327
SHA1 679cb4c763c84e75ccb0fa3475bd6b7a36e81c4a
SHA256 923111c7142b3dc783a3c722b19b8a21bcb78222d7a136ac33f0ca8a29f4cb66
SHA512 94d369a4db88bff9556a1d7a7fb0188ed935c3592bae09335542c5502ec878e839177be63ac3ab4af75d4dc38a3a4f5d0fd423115ac72cf5dd710c59604db796

memory/2268-66-0x000000013FBA0000-0x0000000140159000-memory.dmp

memory/604-69-0x00000000003F0000-0x0000000000419000-memory.dmp

memory/1284-75-0x00000000011F0000-0x00000000012C6000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.xml

MD5 2c706293a3cfff8cc184a8e9a3b3da08
SHA1 873d7c9f51aa6cebd4ad3ae5930d1de84bb4437d
SHA256 ed28baf8be3a588d50ed246c2cd741bbd498aee74ea0675d57e0b33236e22067
SHA512 4aba3e25507ba5c29219ff51553f3616d07aeeb30f7465f9e921eea94cdcb411d1f48d1eefed647c22405df275e7f9d7506aac52202aae137391c6831463b043

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 67a522173adf4ec840b650a0a2f47f5f
SHA1 5448c63c58feb4e5b4bd58977c1a5134270854e6
SHA256 2ee8c1fdf8f802f533f71750a2c33d62c03db722fe38cb5692141635d95aedf6
SHA512 a66f595d69418b76c199bd0436db703465b29d1fd8e1d12dddf8b6790e2928ab4eb0ba13b7d6701d0ef3f926ba4254da89f231ad1b10302f23ef6b74b04c7afb

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 b323f49b55b812c28850370e672daf4d
SHA1 5899478cc2b285076dae68cd1e8967b69124a41d
SHA256 f07a1896902f9377dddcfae9aeb3f2d935e25d5dd2c9d38e91274ac7e580c5c8
SHA512 907819bc962d1495afdadfe32b51e9ae6419baf8066d2ce76bb6ce1bd8bdaa67264d1cfaf4a5bc6ce9362665c2206a1592a114033137847274dd75e10b46e6f8

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 c9a0ab275b7de85c46d2d031d275bdd4
SHA1 276e1786c9fd357f6371f238c9bbd16a1afb4e93
SHA256 ecc2d685173f64db092d00930ec5b181aeb615c5e2b7793a407f971bcd7e8b96
SHA512 c4dc2dd7eee1a51596a0c88aa631862b0e1f1e00fce2c866beef41323899eb0008e2a74694b4783c238a1bc69adecd2b39311c1dd65b4fdb2fd1c5b8ff4e2a03

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 f5e11959928e655efc73931908ccd657
SHA1 7af003cf92bae3c1e22e44a05ecc1f23ebb11201
SHA256 31b8ac8743e2472acca1ec9070f03ccd59bced7a86bb323116858e61c61bf1da
SHA512 ab71b538382e6af184eeb84baca117f61f33cb2684b58d04dadd98309ca15a68762c4f14c3e225e8720bc8f115167aad41d8a37b73ccc48bc5899bbf5b9bf104

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 1b686ac316b4d48a4ff4d76716d3629f
SHA1 b6b791a87c00c99d1d12020a20a7b2e31b133964
SHA256 8aee323fe5dfcb6a4d022348f28c377c4ca0fa4bdee483a345dc8289d5a9ec7a
SHA512 fa46824c17628ee36ab67c38d0384a6040f876998ee59aae939033fe8cd6f802ba911d1cb961ca3cc99270e9820e4c266010acf02f0d45ea444a0669ae9cf9b3

C:\ProgramData\Smart\setup.exe

MD5 118a9a9f6280e177fdac16989b8aa1a5
SHA1 fc37316439372be17a982d02cd0d294f7aaca751
SHA256 b995e6a0299f2465fd5881157aab1c6c9753c8e459efd661b9cd1e83be7e53f6
SHA512 14c731e7f7e9736f39d6c79a98bf1a3264da9dc76bab4faca82ec64f276f3d39c9bc4638991e30a06f52bf6204619f5da8c3168d11afe058e0c1d21a89d42878

memory/1916-113-0x000000013F5F0000-0x000000013FBA9000-memory.dmp

memory/1916-112-0x00000000771B0000-0x00000000771B2000-memory.dmp

C:\ProgramData\setup\setup.exe

MD5 4a94844260d6a08828d781d488cef61d
SHA1 de8169fdb5ab8a120df577d92eb25a2767431738
SHA256 46d7a8abe3bb9d7302529246cd8ee6e7d0360d1045fe92662cc7580e72ef5132
SHA512 82549c1e525a90003fb0174ebba2bc3b4f58706ef9fd5e6ee07d489ab536ef286e408db6c15a52b039d3f59c09bd55e35d045def79007da5d414d5d589d34f4f

\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdate.exe

MD5 cdf152e23a8cbf68dbe3f419701244fc
SHA1 cb850d3675da418131d90ab01320e4e8842228d7
SHA256 84eaf43f33d95da9ab310fc36dc3cfe53823d2220946f021f18cf3f729b8d64e
SHA512 863e1da5bc779fa02cf08587c4de5f04c56e02902c5c4f92a06f2e631380ecabcc98e35d52609f764727e41b965c0786d24ea23fc4b9776d24d9f13e0d8ae0c2

\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdate.dll

MD5 dae72b4b8bcf62780d63b9cbb5b36b35
SHA1 1d9b764661cfe4ee0f0388ff75fd0f6866a9cd89
SHA256 b0ca6700e7a4ea667d91bcf3338699f28649c2e0a3c0d8b4f2d146ab7c843ab6
SHA512 402c00cab6dac8981e200b6b8b4263038d76afe47c473d5f2abf0406222b32fff727b495c6b754d207af2778288203ce0774a6200b3e580e90299d08ce0c098f

\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_zh-CN.dll

MD5 ca52cc49599bb6bda28c38aea1f9ec4e
SHA1 494f166b530444f39bca27e2b9e10f27e34fc98a
SHA256 f9f144aa2dc0de21b24c93f498a9b4a946b7da42819a776b3283a0bcae18544b
SHA512 05e2d5711eef8f57737b2512de2e73744f17e0a34de0bfd2a06c9cc60a08ebadbafe38e30b66a2ede7fa61d5b9571adddcfbd7e1cafcee1ab2168a563d2d3f0d

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdateCore.exe

MD5 af51ea4d9828e21f72e935b0deae50f2
SHA1 c7fe57c2a16c9f5a5ebdd3cc0910427cba5308bd
SHA256 3575011873d0f6d49c783095dae06e6619f8f5463da578fbe284ca5d1d449619
SHA512 ec9828d0bade39754748fb53cfc7efdc5e57955198bac3c248ea9b5a9a607182bb1477819f220549a8e9eadbe6bf69a12da6c8af3761980d2dd9078eaeaa932f

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_da.dll

MD5 9f2e018a4f9a1d278983d0b677b91218
SHA1 c58ee1fc0d8ef9d99f85426b48c7f28f381a2c17
SHA256 d0dcdc68236eecd6b5f0b437eb92b8935741dabf1fa276a552399815af22edec
SHA512 20b74b6a9f81527d4a5fe30671d2559261fb682576f4ab04da7856280fbbaeb6af83894009c9d7cb83deeae988d0ac5ec7ec32b277b7eb45829faec2857d7014

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_es.dll

MD5 dae64d49ee97339b7327b52c9f720848
SHA1 15f159c4808f9e4fe6a2f1a4a19faa5d84ac630b
SHA256 e76400e62ae0ab31565e50b05d1001b775a91aa487a54dc90e53c0e103c717c2
SHA512 9ae72e5a658aa0e1fb261d62ccef474cd42d9bec2b4a50f71925d131ffea22b8f60fb961772587ce71cb30a32da3b7986e7483ecea960a509e0450d3983c84b0

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_es-419.dll

MD5 1c0b1c3625c9ccace1b23e0c64095ee9
SHA1 3904a80d016e0a9a267c0b5feb8e6747b44b5fa1
SHA256 f030757e1911e9efde0d74a02c22694fa5ef139f73897a7f97acab9da05f7c8b
SHA512 0a988edef8d67cd83c2be65cbfa07059df311732ee92ad73fb9411d7cf7d853a2b8d2ab801733d05ab6afaccab33a2684117bbc1d80b362b677cc53ae9de42f0

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_en-GB.dll

MD5 f82ccf890c3ae14bfd7a263d07276e60
SHA1 6a915d6eb8c99d065e36a721d721d556b74bb377
SHA256 6b07a4fd3039541e30c68a8c31c371cda2cea480787f95e0ddbca3cc2fbff0cc
SHA512 4cbf9e6728e08de8d61f34b17bb20d92b6a699969edb9afa013fe962c8fd39238288adcd826134c9bca459904d8574a804c519daac6b301e0d38f68722c0359e

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_en.dll

MD5 741211652c66a8a6790396e1875eefa9
SHA1 2ccd5653b5fc78bcc19f86b493cef11844ba7a0c
SHA256 e0945deacdb6b75ff2587dea975774b9b800747e2ee3f3917e5b40ddb87eda10
SHA512 b70f847d8ca8828c89bbb67b543950fbd514c733cf62b52ad7fc0dab7b2168fe56d1f21bef3210f5c7f563f72831455d870a5f9aa6c557f1e3543ef7329c42f9

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_el.dll

MD5 ecdd26049573614b6f41d8a102ffcf21
SHA1 5140c6cff5d596267a64df1559ac36c4e8f49e42
SHA256 a3377520f2a95b8cc06bd30e493962c07f97eebf4661a69d03efb36b2ca515c5
SHA512 933c181d7575f20480c8deadac3f3e9190081456169122216c72e7b9a04aa75612140fc37697098c7c20b77001a67966fa1661cdc9110c40634c944f833a65b1

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_de.dll

MD5 96d92500b9a763f4b862c511c17e0a47
SHA1 2fd441eb8685d15e14fa6405e82359adea3e7148
SHA256 58829d135ff41e574ed5fc5e0421e4aa204267b02ca3ffaf08d8efb0a70fdd4c
SHA512 a1014584f1f278160d579848fa188f627676aee819e9395517490b00e273db6f583d7ddd31af6e35c9d251021df7fb26c88512aaa1c865c2ee3ba60c0a2db49a

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_cs.dll

MD5 b9033db8d0e5bf254979b0f47d10e93d
SHA1 2859de0d851b5f4fd3056e8f9015cece2436c307
SHA256 12c41c2f472b6a05fd6392e9d4f8aeb9a40840c2cbefd68b39d20f9d1d4d77ed
SHA512 52075df4ae5c86ebb0bac20604ea072a163761ae058c1473211bf4bb0eeed043cfc5a92386f876b53484cdf4e3f8a7b75d8f4bf9894c24f8c22ec23a50b70b7c

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_ca.dll

MD5 39e25ba8d69f493e6f18c4ef0cf96de8
SHA1 5584a94a85d83514a46030c4165e8f7a942e63e2
SHA256 1f66ebdcaae482a201a6e0fab9c1f4501c23a0d4ad819ccd555fdca9cc7edb94
SHA512 773c995b449d64e36eb8cab174db29e29e29985bcfd714799d6b05b01bb7d4a0fc2aefaf2e27ff02b0e105fbe0d34d7efe29b193a1bc3365ec47e1f1003bed26

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_bn.dll

MD5 dafa45a82ce30cf2fd621e0a0b8c031f
SHA1 e39ed5213f9bb02d9da2c889425fab8ca6978db7
SHA256 d58e5f0fa894123de1d9b687a5b84826e095eca128ee5df8870f2db74f4233a2
SHA512 2b772ebc128eb59d636eec36583329962ead8e0a399fd56394b1244486bf815f4e033ceef74a62a9930ab2bf6ec1ba5e2d3c942183f7cb2355a716a3e2c6c7a1

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_bg.dll

MD5 c523ec13643d74b187b26b410d39569b
SHA1 46aff0297036c60f22ad30d4e58f429890d9e09d
SHA256 80505863866bcd93a7e617dd8160531401d6d05f48d595348cd321cf7d97aeac
SHA512 ecf98e29a3481b05ab23c3ff89fa3caf054b874ed15462a5e33022aacf561d8fea4a0de35cc5f7450f62110ca4ace613e0c67f543ad22eb417e79eb3ebf24ed7

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_ar.dll

MD5 163695df53cea0728f9f58a46a08e102
SHA1 71b39eec83260e2ccc299fac165414acb46958bd
SHA256 f89dddda3e887385b42ea88118ba8fb1cc68fde0c07d44b851164564eb7c1ec8
SHA512 6dfb70a175097f3c96ae815a563c185136cb5a35f361288cc81570facfa1f1d28f49eaa61172d1da4982ebb76bd3e32c4de77cf97dedfb79f18113d7594d0989

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\goopdateres_am.dll

MD5 849bc7e364e30f8ee4c157f50d5b695e
SHA1 b52b8efa1f3a2c84f436f328decd2912efeb1b18
SHA256 f1384a25a6f40e861455c62190d794415f3e9bfca6317c214847e9535dfc3fb9
SHA512 6fd7f542a7073b3bbf1b0c200bb306b30f1b35a64a1fb013f25c7df76f63ef377d9bd736e8da2e9372f1c994785eaeedb6b60e3a0d4a4e8734c266ad61782d3b

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleUpdateComRegisterShell64.exe

MD5 be535d8b68dd064442f73211466e5987
SHA1 aa49313d9513fd9c2d2b25da09ea24d09cc03435
SHA256 c109bcb63391ac3ea93fb97fbdf3f6ed71316cacb592ef46efaea0024bc9ed59
SHA512 eb50eebeaf83be10aea8088e35a807f9001d07d17d2bc1655c3bc0cb254d0f54303348988514ba5590ebd9d3bde3f1149c3f700f62fbce63c0199ea3cfb1f638

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleCrashHandler64.exe

MD5 b659663611a4c2216dff5ab1b60dd089
SHA1 9a14392a5bdb9ea6b8c3e60224b7ff37091d48b5
SHA256 cad4aa1cf58f6b2e2aceb789d53b18418e67066ec406b2fac786cb845ef89d2b
SHA512 1065f9072cd6f1f4364f1354108f2647ee1d89f87e908a22fcd63bd3149c864c457e62268067a439d0486d8d4aa150aa984ad8ac8b51cae49014b67b80496040

C:\Program Files (x86)\Google\Temp\GUMBE03.tmp\GoogleCrashHandler.exe

MD5 a11ce10ac47f5f83b9bc980567331a1b
SHA1 63ee42e347b0328f8d71a3aa4dde4c6dc46da726
SHA256 101dbf984c4b3876defe2699d6160acbf1bb3f213e02a32f08fdcdc06821c542
SHA512 ff2f86c4061188ead1bfeebd36de7dbc312adcc95267537697f2bfcbb0c53e7c4ab0cd268cef22f0182391796c4612c97cbdc1266d9ee1960cdd2610d8c2bcb3

memory/808-361-0x00000000002D0000-0x00000000002D1000-memory.dmp

memory/808-362-0x0000000000400000-0x0000000000BA0000-memory.dmp

memory/808-359-0x00000000002D0000-0x00000000002D1000-memory.dmp

memory/808-357-0x00000000002D0000-0x00000000002D1000-memory.dmp

memory/1968-365-0x0000000000400000-0x000000000090B000-memory.dmp

memory/1196-371-0x0000000000400000-0x000000000090B000-memory.dmp

memory/1312-377-0x0000000002270000-0x0000000002370000-memory.dmp

memory/1312-376-0x0000000002270000-0x0000000002370000-memory.dmp

memory/1312-373-0x0000000010000000-0x000000001002D000-memory.dmp

C:\Program Files\Google\Chrome\Application\109.0.5414.120\Installer\setup.exe

MD5 b42b8ac29ee0a9c3401ac4e7e186282d
SHA1 69dfb1dd33cf845a1358d862eebc4affe7b51223
SHA256 19545e8376807bce8a430c37cab9731e85052103f769dd60a5da3d93ca68c6ec
SHA512 b5269e7392e77a0fa850049ff61e271c5aab90d546945b17a65cc2ea6420432ae56321e1e39cfd97ccdb3dfc37ddbd6ff77907f5685cc2323b8635c8cdb4a84f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 3433ccf3e03fc35b634cd0627833b0ad
SHA1 789a43382e88905d6eb739ada3a8ba8c479ede02
SHA256 f7d5893372edaa08377cb270a99842a9c758b447b7b57c52a7b1158c0c202e6d
SHA512 21a29f0ef89fec310701dcad191ea4ab670edc0fc161496f7542f707b5b9ce619eb8b709a52073052b0f705d657e03a45be7560c80909e92ae7d5939ce688e9c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Temp\scoped_dir2960_1493015902\14b1793d-1f08-4185-93d7-0a337f5094ee.tmp

MD5 541f52e24fe1ef9f8e12377a6ccae0c0
SHA1 189898bb2dcae7d5a6057bc2d98b8b450afaebb6
SHA256 81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82
SHA512 d779d78a15c5efca51ebd6b96a7ccb6d718741bdf7d9a37f53b2eb4b98aa1a78bc4cfa57d6e763aab97276c8f9088940ac0476690d4d46023ff4bf52f3326c88

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8f96fd94d61c6031c4a10e24c054c079
SHA1 9998d64206b430d3c15982f40992fce5580ef209
SHA256 143735584f5235c17ffd812a9ef5676c9f7e78eea69c2c2ce316016cca36f6d5
SHA512 3cf859d8c703c50d4fb32b02bb15783a7d5b735b0f4737a576a220081632238b77902680b4e70de21703e74c07dff40973c88c8083b065a7fe35a4c18cd413a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 69990b913f5108232755d31a73d8c8c0
SHA1 7a5ca404a4af04b8beb0b4f87fceb823ff087a19
SHA256 e7bb56b37ed251e8f6d1f31d408e0d1c4e36331b3138e397e8462009e0590a37
SHA512 8d181cfd16146c64853cca14b62e84693690c1e160a22f6472cbeaab79df1823e70f35caca65025d522612ef8095ff9ae65ec07f127112153456062b833c36a2

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-22 02:39

Reported

2025-02-22 02:42

Platform

win10v2004-20250217-en

Max time kernel

150s

Max time network

151s

Command Line

C:\Windows\system32\svchost.exe -k DcomLaunch -p

Signatures

Blackmoon family

blackmoon

Blackmoon, KrBanker

trojan banker blackmoon

Detect Blackmoon payload

Description Indicator Process Target
N/A N/A N/A N/A

FatalRat

stealer trojan fatalrat

Fatalrat family

fatalrat

Fatal Rat payload

rat infostealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Version = "43,0,0,0" C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\ = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\StubPath = "\"C:\\Program Files\\Google\\Chrome\\Application\\133.0.6943.127\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level --channel=stable" C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Localized Name = "Google Chrome" C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}\IsInstalled = "1" C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidation = "0" C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1479699283-3000499823-2337359760-1000\Control Panel\International\Geo\Nation C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TjNkNpAilaYvt.exe.log C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Checks installed software on the system

discovery

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_tr.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\en-US.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\pl.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdateComRegisterShell64.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateBroker.exe C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\mr.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\nb.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\tr.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\libGLESv2.dll C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\es-419.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_hu.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_ru.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_th.dll C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\133.0.6943.127_chrome_installer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_pt-BR.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\hu.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\chrome_wer.dll C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_iw.dll C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\chrome_100_percent.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\vk_swiftshader_icd.json C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\elevation_service.exe C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ko.dll C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_ms.dll C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\psmachine_64.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_kn.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_es.dll C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_kn.dll C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
File opened for modification C:\Program Files\chrome_installer.log C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\es.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdate.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdateOnDemand.exe C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_te.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\PrivacySandboxAttestationsPreloaded\manifest.json C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_cs.dll C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_en.dll C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\en-GB.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\fi.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\ko.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\lt.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\chrome.dll C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdate.exe C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
File created C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\133.0.6943.127_chrome_installer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\chrome_200_percent.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\th.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\VisualElements\SmallLogoDev.png C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\chrome.dll.sig C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\133.0.6943.127\133.0.6943.127_chrome_installer.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\et.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Update\1.3.36.312\goopdateres_en-GB.dll C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\Locales\sw.pak C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\VisualElements\LogoBeta.png C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_id.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_pl.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_sr.dll C:\ProgramData\setup\setup.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_en-GB.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_gu.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_uk.dll C:\ProgramData\setup\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\d3dcompiler_47.dll C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
File created C:\Program Files\Google\Chrome\Temp\source1440_1818505551\Chrome-bin\133.0.6943.127\vk_swiftshader.dll C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE3B9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE502.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE5EE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE69B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE719.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE787.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57e35b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e57e35b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE59F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{DBB56E52-B2C8-4BD0-96DC-EE1D75DE3BAC} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE873.tmp C:\Windows\system32\msiexec.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\ProgramData\setup\aa.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\setup\setup.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\133.0.6943.127_chrome_installer.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Installer Packages

persistence privilege_escalation
Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A

Reads user/profile data of web browsers

spyware stealer

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\setup\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Smart\setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\setup\aa.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000074e11e240694ce490000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000074e11e240000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090074e11e24000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d74e11e24000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000074e11e2400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\ProgramData\NVIDIARV\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\ProgramData\NVIDIARV\svchost.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Delays execution with timeout.exe

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Services\ C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum\Version = "7" C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\InstallTime = "2025-02-22 02:40" C:\ProgramData\NVIDIARV\svchost.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SYSTEM C:\ProgramData\NVIDIARV\svchost.exe N/A
Key created \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\ C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Services\Group = "Fatal" C:\ProgramData\NVIDIARV\svchost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133846656866230936" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusSvc\CLSID\ = "{1C4CDEFF-756A-4804-9E77-3E8EB9361016}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LOCALSERVER32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods\ = "41" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VersionIndependentProgID\ = "GoogleUpdate.CoCreateAsync" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromePDF\ = "Chrome PDF Document" C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ = "IGoogleUpdate3" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods\ = "7" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.PolicyStatusMachine\ = "Google Update Broker Class Factory" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32\ = "\"C:\\Program Files (x86)\\Google\\Update\\1.3.36.312\\GoogleUpdateOnDemand.exe\"" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\AppUserModelId = "Chrome" C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ProgID\ = "GoogleUpdate.OnDemandCOMClassSvc.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}\InProcServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\ThreadingModel = "Both" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ = "IGoogleUpdate3" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\Elevation C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0\CLSID\ = "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.svg C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods\ = "5" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods\ = "13" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods\ = "9" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ = "IAppVersionWeb" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ = "IAppWeb" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VERSIONINDEPENDENTPROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{05A30352-EB25-45B6-8449-BCA7B0542CE5}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods\ = "8" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NumMethods\ = "10" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32\ = "{82BB48E2-2057-4C07-A383-B2C2F8A0FD01}" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\NumMethods\ = "4" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\NumMethods C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\ChromeHTML C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ProgID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ = "IBrowserHttpRequest2" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods\ = "7" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ProxyStubClsid32 C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\NumMethods\ = "17" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\ProgID\ = "GoogleUpdate.CoCreateAsync.1.0" C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\ChromePDF\shell\open C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods\ = "6" C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8} C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\PROGID C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1C4CDEFF-756A-4804-9E77-3E8EB9361016} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34527502-D3DB-4205-A69B-789B27EE0414}\NumMethods C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TypeLib\ = "{463ABECF-410D-407F-8AF5-0DF35A005CC8}" C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\.html C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D} C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36} C:\Program Files (x86)\Google\Update\GoogleUpdate.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Packas\scrok.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\ProgramData\Smart\setup.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
N/A N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A
N/A N/A C:\ProgramData\NVIDIARV\svchost.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Packas\scrok.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\ProgramData\Smart\setup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3172 wrote to memory of 4696 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 3172 wrote to memory of 4696 N/A C:\Windows\system32\msiexec.exe C:\Windows\system32\srtasks.exe
PID 3172 wrote to memory of 1456 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3172 wrote to memory of 1456 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3172 wrote to memory of 1456 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 1456 wrote to memory of 3580 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 1456 wrote to memory of 3580 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 1456 wrote to memory of 3580 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\cmd.exe
PID 3580 wrote to memory of 4076 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3580 wrote to memory of 4076 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3580 wrote to memory of 4076 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3580 wrote to memory of 952 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 3580 wrote to memory of 952 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 3580 wrote to memory of 952 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\aa.exe
PID 3580 wrote to memory of 3144 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 3580 wrote to memory of 3144 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 3144 wrote to memory of 772 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 3144 wrote to memory of 772 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 3144 wrote to memory of 772 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 3580 wrote to memory of 2424 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3580 wrote to memory of 2424 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3580 wrote to memory of 3892 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3580 wrote to memory of 3892 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3580 wrote to memory of 4088 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3580 wrote to memory of 4088 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3580 wrote to memory of 4088 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3580 wrote to memory of 4048 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3580 wrote to memory of 4048 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Smart\TjNkNpAilaYvt.exe
PID 3580 wrote to memory of 4880 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 3580 wrote to memory of 4880 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\Packas\scrok.exe
PID 4524 wrote to memory of 4724 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 4524 wrote to memory of 4724 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 4524 wrote to memory of 4724 N/A C:\ProgramData\Smart\TjNkNpAilaYvt.exe C:\ProgramData\Smart\setup.exe
PID 4880 wrote to memory of 772 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 4880 wrote to memory of 772 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 4880 wrote to memory of 772 N/A C:\ProgramData\Packas\scrok.exe C:\Windows\system32\svchost.exe
PID 3580 wrote to memory of 2920 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 3580 wrote to memory of 2920 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 3580 wrote to memory of 2920 N/A C:\Windows\SysWOW64\cmd.exe C:\ProgramData\setup\setup.exe
PID 4724 wrote to memory of 4824 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4724 wrote to memory of 4824 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4724 wrote to memory of 4824 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4724 wrote to memory of 2968 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4724 wrote to memory of 2968 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4724 wrote to memory of 2968 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4724 wrote to memory of 2632 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4724 wrote to memory of 2632 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 4724 wrote to memory of 2632 N/A C:\ProgramData\Smart\setup.exe C:\ProgramData\NVIDIARV\svchost.exe
PID 2920 wrote to memory of 3584 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe
PID 2920 wrote to memory of 3584 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe
PID 2920 wrote to memory of 3584 N/A C:\ProgramData\setup\setup.exe C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe
PID 3584 wrote to memory of 3028 N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3584 wrote to memory of 3028 N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3584 wrote to memory of 3028 N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3584 wrote to memory of 2756 N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3584 wrote to memory of 2756 N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 3584 wrote to memory of 2756 N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
PID 2756 wrote to memory of 1564 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 2756 wrote to memory of 1564 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 2756 wrote to memory of 1608 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 2756 wrote to memory of 1608 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 2756 wrote to memory of 1524 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 2756 wrote to memory of 1524 N/A C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe
PID 3584 wrote to memory of 4680 N/A C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p

C:\Windows\system32\msiexec.exe

msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\1924b09ff1e25fe9d39bad70f094766863f366543658627fe94f435b07da6109.msi

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 78A55F46BC55264F495FB1EC7E12F8B6

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\SysWOW64\cmd.exe" /c timeout /nobreak /t 7 & C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData & C:\ProgramData\Packas\scrok.exe & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & C:\ProgramData\Smart\TjNkNpAilaYvt.exe install & timeout /nobreak /t 2 & C:\ProgramData\Smart\TjNkNpAilaYvt.exe start & C:\ProgramData\Packas\scrok.exe & del C:\ProgramData\Packas\scrok.exe & C:\ProgramData\setup\setup.exe

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 7

C:\ProgramData\setup\aa.exe

C:\ProgramData\setup\aa.exe x C:\ProgramData\setup\ddd. -key 000000 -f -to C:\ProgramData

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe install

C:\Windows\SysWOW64\timeout.exe

timeout /nobreak /t 2

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

C:\ProgramData\Smart\TjNkNpAilaYvt.exe start

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

"C:\ProgramData\Smart\TjNkNpAilaYvt.exe"

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Packas\scrok.exe

C:\ProgramData\Smart\setup.exe

"C:\ProgramData\Smart\setup.exe"

C:\ProgramData\setup\setup.exe

C:\ProgramData\setup\setup.exe

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\ProgramData\NVIDIARV\svchost.exe

"C:\ProgramData\NVIDIARV\svchost.exe"

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvc

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateComRegisterShell64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDI2M0NFMzQtNUZBNC00ODgxLTlGRkYtMDMwMzc0NTkwNDRDfSIgdXNlcmlkPSJ7QTM2NzMwREEtMUZGMy00RDA3LUFFNjktNzcxQkU1MURCNjMzfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0JDQUNFQjUyLUQ3MDEtNDVEMS04NjZBLUY5NDM1M0JCNTQzQX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjM3MSIgbmV4dHZlcnNpb249IjEuMy4zNi4zMTIiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaWlkPSJ7OUYwQzFGNDQtMUM1MC0zOTZBLTQ4M0EtMDhEQTQ4OTZGRjBCfSI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSI1NzgiLz48L2FwcD48L3JlcXVlc3Q-

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={9F0C1F44-1C50-396A-483A-08DA4896FF0B}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installsource taggedmi /sessionid "{D263CE34-5FA4-4881-9FFF-03037459044C}"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\133.0.6943.127_chrome_installer.exe

"C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\133.0.6943.127_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\gui9EED.tmp"

C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\gui9EED.tmp"

C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff7affdbed8,0x7ff7affdbee4,0x7ff7affdbef0

C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe" --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1

C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe

"C:\Program Files (x86)\Google\Update\Install\{2B345CE7-8C95-4A5E-AC27-DCEC458ED599}\CR_D4B69.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff7affdbed8,0x7ff7affdbee4,0x7ff7affdbef0

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe"

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe"

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4zMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zNi4zMTEiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RDI2M0NFMzQtNUZBNC00ODgxLTlGRkYtMDMwMzc0NTkwNDRDfSIgdXNlcmlkPSJ7QTM2NzMwREEtMUZGMy00RDA3LUFFNjktNzcxQkU1MURCNjMzfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0iezE5QTRFQzg1LTAwRjAtNEI4Ny05QjNBLTI2Q0VCMkU3NDdEOH0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgcGh5c21lbW9yeT0iOCIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMTMzLjAuNjk0My4xMjciIGFwPSJ4NjQtc3RhYmxlLXN0YXRzZGVmXzEiIGxhbmc9InpoLUNOIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iNCIgaWlkPSJ7OUYwQzFGNDQtMUM1MC0zOTZBLTQ4M0EtMDhEQTQ4OTZGRjBCfSIgY29ob3J0PSIxOmd1L2kxOToiIGNvaG9ydG5hbWU9IlN0YWJsZSBJbnN0YWxscyAmYW1wOyBWZXJzaW9uIFBpbnMiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vZWRnZWRsLm1lLmd2dDEuY29tL2VkZ2VkbC9yZWxlYXNlMi9jaHJvbWUvYXUybjMyaDNobmNuYzVrY241Mnd4YXh6eGFfMTMzLjAuNjk0My4xMjcvMTMzLjAuNjk0My4xMjdfY2hyb21lX2luc3RhbGxlci5leGUiIGRvd25sb2FkZWQ9IjExODkyOTI2NCIgdG90YWw9IjExODkyOTI2NCIgZG93bmxvYWRfdGltZV9tcz0iMTU1OTQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjcwNyIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjEwMjk3IiBkb3dubG9hZF90aW1lX21zPSIxNjY1NiIgZG93bmxvYWRlZD0iMTE4OTI5MjY0IiB0b3RhbD0iMTE4OTI5MjY0IiBpbnN0YWxsX3RpbWVfbXM9IjI5ODQ0Ii8-PC9hcHA-PC9yZXF1ZXN0Pg

C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe

"C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleUpdateOnDemand.exe" -Embedding

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.127 --initial-client-data=0xf8,0xfc,0x100,0x74,0x104,0x7ffd5c58fff8,0x7ffd5c590004,0x7ffd5c590010

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1968,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1964 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1544,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2532 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2932,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2948 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2952,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3000 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3672,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3700 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3704,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3752 /prefetch:2

C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\133.0.6943.127\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4524,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4540 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4760,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4824 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5508,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5640 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5604,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5700 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5628,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5612 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=220,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3764 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4792,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5804 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3752,i,6614318170854392664,16690720086628236928,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4000 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 a17.yydsnb1.top udp
US 8.8.8.8:53 a17.nbdsnb2.top udp
HK 47.76.184.172:1080 a17.yydsnb1.top tcp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 c.pki.goog udp
GB 216.58.201.99:80 c.pki.goog tcp
GB 216.58.201.99:443 c.pki.goog tcp
GB 216.58.201.99:443 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
GB 216.58.201.99:80 o.pki.goog tcp
US 8.8.8.8:53 a17.nbdsnb2.top udp
US 8.8.8.8:53 a17.nbdsnb2.top udp
US 8.8.8.8:53 a17.nbdsnb2.top udp
GB 216.58.201.99:443 o.pki.goog tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.84:443 accounts.google.com udp
GB 142.250.200.4:443 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 216.58.213.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
GB 216.58.201.99:443 update.googleapis.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.178.14:443 play.google.com udp
GB 142.250.178.14:443 play.google.com tcp
GB 142.250.178.14:443 play.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 a17.nbdsnb2.top udp
US 8.8.8.8:53 a17.nbdsnb2.top udp
US 8.8.8.8:53 a17.nbdsnb2.top udp

Files

C:\Windows\Installer\MSIE3B9.tmp

MD5 c7fbd5ee98e32a77edf1156db3fca622
SHA1 3e534fc55882e9fb940c9ae81e6f8a92a07125a0
SHA256 e140990b509dd6884a5742bde64f2cdaa10012d472b0b32de43ebecbc83242b6
SHA512 8691ac8b214cc1e4f34a3ab2bbc0c2391f7f11ebbe5db0dc82825195b5fe5a05310ed1e14d253a9b74a64050d2f2a6623dd2fcd912f80fef51e51845ef1e3a1a

C:\Windows\Installer\MSIE69B.tmp

MD5 ae463676775a1dd0b7a28ddb265b4065
SHA1 dff64c17885c7628b22631a2cdc9da83e417d348
SHA256 83fbfcaff3da3eb89f9aec29e6574cf15502fd670cbb2ab0c8a84451b2598b22
SHA512 e47c2db249e7a08c5d2864671fbc235e48aebecbe0b2c2334d1a4cba1b5b3037522ff89408589f3559b3a1eaf507bd338645387d55800029bb3b941d4c7744d6

C:\Config.Msi\e57e35e.rbs

MD5 9b3915bc11d171ce4fc1592db2dbc27e
SHA1 8a25fa567e721f0f9335ecf4658923ea39bac0ad
SHA256 12800752f7b18d9295e8f8b05312ea90fed3a839c54ca2c3d6484ffe92719ed8
SHA512 d10f1feb860f2a35dc56f3eb26180df6f6bce80ff2ec4a836e1c88625ee4df39b44e251aa20ea1c6ad305949ed4c7bec7875a905956302f3e03172e6138abad7

C:\ProgramData\setup\aa.exe

MD5 09c448be7e7d84e6e544cc03afbb05d8
SHA1 ddc13e71a72bc49c60f89b98cbb79c2449cfa07e
SHA256 a0f127a70943b0262060498c1723c795a8e2980f1acf0c42ee8c1dae72ae54b5
SHA512 e5f7a988a999e7e34d0aa2d2a5b2fbb22689588d3def4bed4518ceed38710e3714c5614bab192b0ce6bcac5172a87ebf3b3b923e495eb7344c70bd11f4bf1c12

C:\ProgramData\setup\ddd

MD5 9bd359e3956d119811c3a6abef58e644
SHA1 9f221781f406ebcb15fc2c02d5d259116155c734
SHA256 ead38673817c84de77a4d2fe6118e6a96f863e3db38f73518007caa2af676146
SHA512 7f817794728e532da07424c621eeef161501644d137068895391505d7110f1f8ee9dc76944946e3960f84e462c66fd82ee61b619ca91a07166aed5d3434f618b

memory/952-64-0x0000000000400000-0x0000000000510000-memory.dmp

C:\ProgramData\Packas\scrok.exe

MD5 a03b2eaa4d517fd935bb0032d444f22d
SHA1 014864aac638b7c04b4d50e6c39d7266eafda773
SHA256 6fd145b1de7d0a143fd25274544d5e3c4ecee06cf3e31631d51cae8ca3e25f01
SHA512 68a253fcdb3cd1a086fe93fa7c8a7500d6b5414bdfc0dad555973697d4fb552e09088b849573f705ca91b1652ddd4572842b82d40f5821761b3ac299e465be51

memory/3144-68-0x00007FFD7B950000-0x00007FFD7B952000-memory.dmp

memory/3144-69-0x00007FF6956E0000-0x00007FF695C99000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.exe

MD5 d305d506c0095df8af223ac7d91ca327
SHA1 679cb4c763c84e75ccb0fa3475bd6b7a36e81c4a
SHA256 923111c7142b3dc783a3c722b19b8a21bcb78222d7a136ac33f0ca8a29f4cb66
SHA512 94d369a4db88bff9556a1d7a7fb0188ed935c3592bae09335542c5502ec878e839177be63ac3ab4af75d4dc38a3a4f5d0fd423115ac72cf5dd710c59604db796

memory/2424-75-0x0000000000C20000-0x0000000000CF6000-memory.dmp

C:\ProgramData\Smart\TjNkNpAilaYvt.xml

MD5 2c706293a3cfff8cc184a8e9a3b3da08
SHA1 873d7c9f51aa6cebd4ad3ae5930d1de84bb4437d
SHA256 ed28baf8be3a588d50ed246c2cd741bbd498aee74ea0675d57e0b33236e22067
SHA512 4aba3e25507ba5c29219ff51553f3616d07aeeb30f7465f9e921eea94cdcb411d1f48d1eefed647c22405df275e7f9d7506aac52202aae137391c6831463b043

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\TjNkNpAilaYvt.exe.log

MD5 122cf3c4f3452a55a92edee78316e071
SHA1 f2caa36d483076c92d17224cf92e260516b3cbbf
SHA256 42f5774d1ee4cae5d7a4e83970da42bb17e61ae93c312247211b5ee3535662e0
SHA512 c98666fb86aaff6471c0a96f12f037b9a607579c5891c9d7ba8cd4e90506ca7aa5b5f6264081d25f703c88fb69d8e2cd87809d508e771770550d0c5d4d17d91c

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 6eae96b659fa1eab18e58765fb006e90
SHA1 20a2c6b7d7df4d858d04ede1c379cc876eb0e405
SHA256 c95cc173517c70b4256e859d76f8e0b9ceb2911e8dad454c10988ec48718b347
SHA512 01d4149182f7b7a816937724e99405f40db75f8f9b8d61a3c00a05ec33d712b2bcf91624dd1251967eab42067a527e9a7aab13e43a7f4a5c07b368890f1fc012

\??\Volume{241ee174-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{2a358559-4cfe-4854-a4cf-0fdda431f5d8}_OnDiskSnapshotProp

MD5 697b26ab3f0ef5bb85f0da9dc5efff1a
SHA1 f3b580de330f71a40b0b2ca3a201a8f98305b5ff
SHA256 ff43c293f07e268d22a650eeb23c8102a63d933c03de211583b9afa31eee412d
SHA512 4d3ebb9c2b52eb659a2fb4de6c6fffc478757511ec254e425b051ef93fbb5f370d7a4040e899cb1646ac394681a0b82101da703e116bdb4707cc6c3ee21ff78d

\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

MD5 0e3b3f6200dff626a1f0ee788dfe7a0a
SHA1 2213ac10497497da2427793328dee2c4a5bf7cdd
SHA256 e9ef5b985a120ff2729946efddcb1fd4e601627f25d581c27641a2eded4744ce
SHA512 01c6b4bcb70523c281e91df18ec87f09f287752a87fb854465f8f958612cc8a523918175e047158e59732a4f09122a859513beb33dac17ca52990687198e1d3a

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 6e33f3b365cf474d2b8c77c29c6fed98
SHA1 3db8d004800a10c79ecdc3db6e34d9547c66c766
SHA256 b73bb8fb92c0299e1ddfe3e4a9d4035a50ffffd077eba847bb3023b32e9b630a
SHA512 48f545d5cd1c7252000e4de3e7667a5ae30f9d54bf7e3ce7d27fe4e949dcb1595bfe6d5037a881d94dc3d3a6787e6bdadba02285c90f7a444eb3e7de8f2fc571

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 7a7404162d0ff687405d9ffac379944a
SHA1 022ce69fa34eabef779d487509d63c1b62eba799
SHA256 706901c7d98fc173c0247678322563efd29cd1b74034155c3fa3327170768ed6
SHA512 0cd3ac0036befb9b64a9d8e888da1b243b5021b0f4293e56a5d4b211604fc6cad40859205ad92441901398f0f4c61c176369c43a5cba3af480a56f4c25699691

C:\ProgramData\Smart\TjNkNpAilaYvt.wrapper.log

MD5 a9277ce415e43429c1ac53b47d671823
SHA1 dc47e40019a81133d948f899b660a0899f56c15a
SHA256 93ea099c101def02b97fdd7fb2a2eebc5ca36ecd100eb621bb84303f5ea39f32
SHA512 7f32ee8f666eda8abafc13380b48e3b5c82aeec0de68b31a2140666cd6f40b1d492168ecc9f6013915442601851dfeff8ee55576d7a78c9a57c322db4d83d333

C:\ProgramData\Smart\setup.exe

MD5 118a9a9f6280e177fdac16989b8aa1a5
SHA1 fc37316439372be17a982d02cd0d294f7aaca751
SHA256 b995e6a0299f2465fd5881157aab1c6c9753c8e459efd661b9cd1e83be7e53f6
SHA512 14c731e7f7e9736f39d6c79a98bf1a3264da9dc76bab4faca82ec64f276f3d39c9bc4638991e30a06f52bf6204619f5da8c3168d11afe058e0c1d21a89d42878

memory/4880-114-0x00007FF6956E0000-0x00007FF695C99000-memory.dmp

C:\ProgramData\setup\setup.exe

MD5 4a94844260d6a08828d781d488cef61d
SHA1 de8169fdb5ab8a120df577d92eb25a2767431738
SHA256 46d7a8abe3bb9d7302529246cd8ee6e7d0360d1045fe92662cc7580e72ef5132
SHA512 82549c1e525a90003fb0174ebba2bc3b4f58706ef9fd5e6ee07d489ab536ef286e408db6c15a52b039d3f59c09bd55e35d045def79007da5d414d5d589d34f4f

memory/4724-121-0x0000000000400000-0x0000000000BA0000-memory.dmp

memory/4724-120-0x00000000001F0000-0x00000000001F1000-memory.dmp

C:\ProgramData\NVIDIARV\svchost.exe

MD5 4ce1a842d3d770f6fa4b4167542408b2
SHA1 43b0c03b176318ce2551d3dfc2c18e18f53c2240
SHA256 ba51980ef9681d849c9331e891cc411c1687d3c011f0acc01da9f4ef640764b6
SHA512 a28f0659af75da93f479359212dc4ffb9440f171cf89b19de929b7a8015b5e087ea53ab979dd6815597865538c79b1e3354e987940da88da4dfcf16bdf1f4337

memory/2968-190-0x0000000000400000-0x000000000090B000-memory.dmp

memory/4824-214-0x0000000010000000-0x000000001002D000-memory.dmp

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdate.dll

MD5 dae72b4b8bcf62780d63b9cbb5b36b35
SHA1 1d9b764661cfe4ee0f0388ff75fd0f6866a9cd89
SHA256 b0ca6700e7a4ea667d91bcf3338699f28649c2e0a3c0d8b4f2d146ab7c843ab6
SHA512 402c00cab6dac8981e200b6b8b4263038d76afe47c473d5f2abf0406222b32fff727b495c6b754d207af2778288203ce0774a6200b3e580e90299d08ce0c098f

memory/4824-211-0x0000000000400000-0x000000000090B000-memory.dmp

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdate.exe

MD5 cdf152e23a8cbf68dbe3f419701244fc
SHA1 cb850d3675da418131d90ab01320e4e8842228d7
SHA256 84eaf43f33d95da9ab310fc36dc3cfe53823d2220946f021f18cf3f729b8d64e
SHA512 863e1da5bc779fa02cf08587c4de5f04c56e02902c5c4f92a06f2e631380ecabcc98e35d52609f764727e41b965c0786d24ea23fc4b9776d24d9f13e0d8ae0c2

memory/2968-204-0x0000000010000000-0x000000001002D000-memory.dmp

memory/2632-225-0x0000000002A00000-0x0000000002C00000-memory.dmp

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_zh-CN.dll

MD5 ca52cc49599bb6bda28c38aea1f9ec4e
SHA1 494f166b530444f39bca27e2b9e10f27e34fc98a
SHA256 f9f144aa2dc0de21b24c93f498a9b4a946b7da42819a776b3283a0bcae18544b
SHA512 05e2d5711eef8f57737b2512de2e73744f17e0a34de0bfd2a06c9cc60a08ebadbafe38e30b66a2ede7fa61d5b9571adddcfbd7e1cafcee1ab2168a563d2d3f0d

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_es.dll

MD5 dae64d49ee97339b7327b52c9f720848
SHA1 15f159c4808f9e4fe6a2f1a4a19faa5d84ac630b
SHA256 e76400e62ae0ab31565e50b05d1001b775a91aa487a54dc90e53c0e103c717c2
SHA512 9ae72e5a658aa0e1fb261d62ccef474cd42d9bec2b4a50f71925d131ffea22b8f60fb961772587ce71cb30a32da3b7986e7483ecea960a509e0450d3983c84b0

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_en-GB.dll

MD5 f82ccf890c3ae14bfd7a263d07276e60
SHA1 6a915d6eb8c99d065e36a721d721d556b74bb377
SHA256 6b07a4fd3039541e30c68a8c31c371cda2cea480787f95e0ddbca3cc2fbff0cc
SHA512 4cbf9e6728e08de8d61f34b17bb20d92b6a699969edb9afa013fe962c8fd39238288adcd826134c9bca459904d8574a804c519daac6b301e0d38f68722c0359e

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_en.dll

MD5 741211652c66a8a6790396e1875eefa9
SHA1 2ccd5653b5fc78bcc19f86b493cef11844ba7a0c
SHA256 e0945deacdb6b75ff2587dea975774b9b800747e2ee3f3917e5b40ddb87eda10
SHA512 b70f847d8ca8828c89bbb67b543950fbd514c733cf62b52ad7fc0dab7b2168fe56d1f21bef3210f5c7f563f72831455d870a5f9aa6c557f1e3543ef7329c42f9

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_el.dll

MD5 ecdd26049573614b6f41d8a102ffcf21
SHA1 5140c6cff5d596267a64df1559ac36c4e8f49e42
SHA256 a3377520f2a95b8cc06bd30e493962c07f97eebf4661a69d03efb36b2ca515c5
SHA512 933c181d7575f20480c8deadac3f3e9190081456169122216c72e7b9a04aa75612140fc37697098c7c20b77001a67966fa1661cdc9110c40634c944f833a65b1

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_de.dll

MD5 96d92500b9a763f4b862c511c17e0a47
SHA1 2fd441eb8685d15e14fa6405e82359adea3e7148
SHA256 58829d135ff41e574ed5fc5e0421e4aa204267b02ca3ffaf08d8efb0a70fdd4c
SHA512 a1014584f1f278160d579848fa188f627676aee819e9395517490b00e273db6f583d7ddd31af6e35c9d251021df7fb26c88512aaa1c865c2ee3ba60c0a2db49a

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_da.dll

MD5 9f2e018a4f9a1d278983d0b677b91218
SHA1 c58ee1fc0d8ef9d99f85426b48c7f28f381a2c17
SHA256 d0dcdc68236eecd6b5f0b437eb92b8935741dabf1fa276a552399815af22edec
SHA512 20b74b6a9f81527d4a5fe30671d2559261fb682576f4ab04da7856280fbbaeb6af83894009c9d7cb83deeae988d0ac5ec7ec32b277b7eb45829faec2857d7014

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_cs.dll

MD5 b9033db8d0e5bf254979b0f47d10e93d
SHA1 2859de0d851b5f4fd3056e8f9015cece2436c307
SHA256 12c41c2f472b6a05fd6392e9d4f8aeb9a40840c2cbefd68b39d20f9d1d4d77ed
SHA512 52075df4ae5c86ebb0bac20604ea072a163761ae058c1473211bf4bb0eeed043cfc5a92386f876b53484cdf4e3f8a7b75d8f4bf9894c24f8c22ec23a50b70b7c

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_ca.dll

MD5 39e25ba8d69f493e6f18c4ef0cf96de8
SHA1 5584a94a85d83514a46030c4165e8f7a942e63e2
SHA256 1f66ebdcaae482a201a6e0fab9c1f4501c23a0d4ad819ccd555fdca9cc7edb94
SHA512 773c995b449d64e36eb8cab174db29e29e29985bcfd714799d6b05b01bb7d4a0fc2aefaf2e27ff02b0e105fbe0d34d7efe29b193a1bc3365ec47e1f1003bed26

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_bn.dll

MD5 dafa45a82ce30cf2fd621e0a0b8c031f
SHA1 e39ed5213f9bb02d9da2c889425fab8ca6978db7
SHA256 d58e5f0fa894123de1d9b687a5b84826e095eca128ee5df8870f2db74f4233a2
SHA512 2b772ebc128eb59d636eec36583329962ead8e0a399fd56394b1244486bf815f4e033ceef74a62a9930ab2bf6ec1ba5e2d3c942183f7cb2355a716a3e2c6c7a1

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_bg.dll

MD5 c523ec13643d74b187b26b410d39569b
SHA1 46aff0297036c60f22ad30d4e58f429890d9e09d
SHA256 80505863866bcd93a7e617dd8160531401d6d05f48d595348cd321cf7d97aeac
SHA512 ecf98e29a3481b05ab23c3ff89fa3caf054b874ed15462a5e33022aacf561d8fea4a0de35cc5f7450f62110ca4ace613e0c67f543ad22eb417e79eb3ebf24ed7

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_ar.dll

MD5 163695df53cea0728f9f58a46a08e102
SHA1 71b39eec83260e2ccc299fac165414acb46958bd
SHA256 f89dddda3e887385b42ea88118ba8fb1cc68fde0c07d44b851164564eb7c1ec8
SHA512 6dfb70a175097f3c96ae815a563c185136cb5a35f361288cc81570facfa1f1d28f49eaa61172d1da4982ebb76bd3e32c4de77cf97dedfb79f18113d7594d0989

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\goopdateres_am.dll

MD5 849bc7e364e30f8ee4c157f50d5b695e
SHA1 b52b8efa1f3a2c84f436f328decd2912efeb1b18
SHA256 f1384a25a6f40e861455c62190d794415f3e9bfca6317c214847e9535dfc3fb9
SHA512 6fd7f542a7073b3bbf1b0c200bb306b30f1b35a64a1fb013f25c7df76f63ef377d9bd736e8da2e9372f1c994785eaeedb6b60e3a0d4a4e8734c266ad61782d3b

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdateComRegisterShell64.exe

MD5 be535d8b68dd064442f73211466e5987
SHA1 aa49313d9513fd9c2d2b25da09ea24d09cc03435
SHA256 c109bcb63391ac3ea93fb97fbdf3f6ed71316cacb592ef46efaea0024bc9ed59
SHA512 eb50eebeaf83be10aea8088e35a807f9001d07d17d2bc1655c3bc0cb254d0f54303348988514ba5590ebd9d3bde3f1149c3f700f62fbce63c0199ea3cfb1f638

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleCrashHandler64.exe

MD5 b659663611a4c2216dff5ab1b60dd089
SHA1 9a14392a5bdb9ea6b8c3e60224b7ff37091d48b5
SHA256 cad4aa1cf58f6b2e2aceb789d53b18418e67066ec406b2fac786cb845ef89d2b
SHA512 1065f9072cd6f1f4364f1354108f2647ee1d89f87e908a22fcd63bd3149c864c457e62268067a439d0486d8d4aa150aa984ad8ac8b51cae49014b67b80496040

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleCrashHandler.exe

MD5 a11ce10ac47f5f83b9bc980567331a1b
SHA1 63ee42e347b0328f8d71a3aa4dde4c6dc46da726
SHA256 101dbf984c4b3876defe2699d6160acbf1bb3f213e02a32f08fdcdc06821c542
SHA512 ff2f86c4061188ead1bfeebd36de7dbc312adcc95267537697f2bfcbb0c53e7c4ab0cd268cef22f0182391796c4612c97cbdc1266d9ee1960cdd2610d8c2bcb3

C:\Program Files (x86)\Google\Temp\GUM13C3.tmp\GoogleUpdateCore.exe

MD5 af51ea4d9828e21f72e935b0deae50f2
SHA1 c7fe57c2a16c9f5a5ebdd3cc0910427cba5308bd
SHA256 3575011873d0f6d49c783095dae06e6619f8f5463da578fbe284ca5d1d449619
SHA512 ec9828d0bade39754748fb53cfc7efdc5e57955198bac3c248ea9b5a9a607182bb1477819f220549a8e9eadbe6bf69a12da6c8af3761980d2dd9078eaeaa932f

memory/2632-224-0x0000000002A00000-0x0000000002C00000-memory.dmp

C:\Program Files\Google\Chrome\Application\133.0.6943.127\Installer\setup.exe

MD5 3eda07f3f5bd229c5a02ca9487dd152d
SHA1 b6b845c42e2316b63a61a058eb1a9714211a54ec
SHA256 cba6ac1785a616fbffb09afb29cc8b5d9a82a019d9b547338aa09b6a06905e11
SHA512 e8a0d0308f955f923753380033ebf12a795d9e3dd57e155e46ff6d709c9a4a71a24227b79a129773e6209eb1039202928a9515294833b36c218f44d787349aa6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6d51a8a8b6b75ed7ddca306262d789c9
SHA1 02c5859b4ec289be59860f433a5ec67c827cfb2b
SHA256 fceb159c2e7df4e022b353165e929e9bd39ba1475d8966dc63cd023264f23f7e
SHA512 34b74e5f6ede662a2221fd0b5bd7fe3bd884d728a7edfa279da510ff833ef419b9752b0f40bf66c134eb3c48c7c0b760529fc7931de0cdc0482be40387a50081

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

MD5 505a174e740b3c0e7065c45a78b5cf42
SHA1 38911944f14a8b5717245c8e6bd1d48e58c7df12
SHA256 024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d
SHA512 7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\trusted_vault.pb

MD5 b77fc97eecd8f7383464171a4edef544
SHA1 bbae26d2a7914a3c95dca35f1f6f820d851f6368
SHA256 93332c49fab1deb87dac6cb5d313900cb20e6e1ba928af128a1d549a44256f68
SHA512 68745413a681fdf4088bf8d6b20e843396ae2e92fbb97239dc6c764233a7e7b700a51548ff4d2ea86420b208b92a5e5420f08231637fbb5dbf7e12a377be3fc3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1392_320360095\Icons\128.png

MD5 654cafa7846b64b91835e202c3efca65
SHA1 4e0fa549b16a47ca9e22e0a510229f528740d51b
SHA256 956bd19ad9a62b83792bed90a6e6457e0812abb36ef85763f62883d70f65241b
SHA512 65db6e4824ee4caa38fa4ec837c2ee4290e34c8d2c5099b33720e7b6ab83997608ae8a6d47961d8506be3d23606b179cf792cc040a7c6c3f251855c294b26223

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons\32.png

MD5 a3a00ef924278ba60be0fffeec04995e
SHA1 69ab25402bb5ef6d99538ec8044c6edb128be0d3
SHA256 a5670fe56dbae316511d6f8c7349477c69c53dc59fe5615984eed5c8cf55a717
SHA512 fd53f2c0e8f493817f5ff5c2f9b87ffb82a11bc2b56a9798072efdf22677d2760bc489a2c8d76fdee6f65a0f4509d4bc257851811b4f720120780e796c6bc4b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons\64.png

MD5 0aa5ac35c79f5cb38dd5fafbabf2983c
SHA1 36658f24dbb49f5ff2a19897b22071f72e523f12
SHA256 3695587d1d40ba3171aa991cb77e6c9080b550db7c3d3b52097c1723ab060f32
SHA512 fcbc8a65c4b852c848a13fa12131fa7b17b1310ad3278e78545e8334ddf199b627110bde2fc0a5e7312fad3a5f12b0db54c665d00f1feb1cf3b7c4b18e7569e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\mdpkiolbdkhdjpekfbkbmhigcaggjagi\Icons\48.png

MD5 5bfbb6b6a7e313f5d67a1219f7866c4a
SHA1 c49ec46ca5fb945b582c99b47a2b7c09da8f766e
SHA256 6dc4e5c4c1722173cb9d40e7edd2947c12677b12fd2fdd6e2544bda6bb456ab1
SHA512 55928faf39965083855cf6e1a8bc477560b41f3d8d8f678de7271960c6b59b7f2a256ae4e03428f86c1fc0e431370512e9c69a5631cad9e103e8978faa10ac13

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 ba241e7cff0eaa45794b33b0e025e3cc
SHA1 2531765b088a12089acd7ab483b8a55a4b6000b1
SHA256 da558e4a8a5dd6a64b374cc47bb9071205d3bfdbabccc2b7cba4b7a5e4210e57
SHA512 7f66c9facb53904e9c02e22eca1c513ba57b0f51b7d00add96887b8e6c9af82c4bba68ef225f8e93bb8a4b77245d971a986a63f23eda378de4050737ff885270

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 49d0628e375d5a02d6285af16d181601
SHA1 02cec2e82a972031626917110c3b812a940e6173
SHA256 6443c8a7e426f306d4c5aa345813e39a0e6448f732d50d0b749ed5f0745d8ead
SHA512 f4ec07c5dec38df53b0cd9318e1baf013c545900fe9ddf32f2face112331df06024c101e3920cb7ea6489bcb52d2ec45df94bbffcdbb7836409a4a3b38b8271d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d1c5b92e59a91ce9baf2afa20edca607
SHA1 f8b5f46ed0b56a2c8aa86d220c31901e80023648
SHA256 7a0c732bd9dc1fe87e305e93f5fade8f65dacf115108e3233650b32f5a6077bc
SHA512 2dda8dc264f52eff704a0334752c4efd5e3f02d672c5e8cc34052f2081783e44f99da52becbe81519517d697a85a33664e829c670bb9a9d7216cf0dfe5b97b66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 60305b791cbee63c262e837e3fd00b04
SHA1 6eb067199a42d39578b5657799c06ac89929a7d0
SHA256 1301442567dcd45d8afe7282413e287f8176f18d5d6bfd9c74f8fafc57db80cb
SHA512 001657d35613d1991d259807cf1e1a55959de5467a7409c0bdf91229f8a52c6062c877ed4427cd7b0c89d9c24033fd904b4b1b6a1a7d278609ea175dc989bd15

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3acc425bca49c581e574c2770985aa08
SHA1 f6ab06ed80427034cd170b7064c09f50446c9b53
SHA256 d71f7c5f5ac18cf6705817364728a6dd450f77ec88f68c0a267e2fe0eb07efb3
SHA512 893de8dc872baeea778192bd1f0b1f85dac22fa591659d968fbba0a8311629e3216098d6bfc08194c62e6df8663aec49dc862ded9910d90322da551d9f68b9dd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5b01a45129fb6d7ca5012716a89b251d
SHA1 6035ede084aba3c960646c9ad7e0c3709a6dd152
SHA256 35e16bea842761b24e485454aa491fc63f4c5e6779138fb6f1f454caffb1e21e
SHA512 d739c7f0ec39b0ab374c070b7711be9c53df26a2f89cb46bd8f0b542240b037dbaae8a9bfba71d9d5f51edef4e5e51b5544650894995f74d79cb7fdf68cf9d74