General Info

URL

http://download.free-browser.co/chrome/chrome_setup_en.exe

Full analysis
https://app.any.run/tasks/49947cf5-7c2a-4c20-9621-f4e75a1e5f96
Verdict
Malicious activity
Analysis date
1/11/2019, 03:23:14
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
loader
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
120 seconds
Additional time used
60 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Application was dropped or rewritten from another process
  • chrome.exe (PID: 3160)
  • chrome.exe (PID: 2536)
  • chrome.exe (PID: 2844)
  • chrome.exe (PID: 180)
  • chrome.exe (PID: 3696)
  • chrome.exe (PID: 3544)
  • chrome.exe (PID: 1636)
  • chrome.exe (PID: 3524)
  • chrome.exe (PID: 876)
  • chrome.exe (PID: 4060)
  • chrome.exe (PID: 3120)
  • GoogleUpdateOnDemand.exe (PID: 2652)
  • chrome.exe (PID: 3840)
  • GoogleUpdate.exe (PID: 3252)
  • chrome.exe (PID: 3448)
  • GoogleUpdate.exe (PID: 2588)
  • chrome.exe (PID: 3892)
  • chrome.exe (PID: 3648)
  • setup.exe (PID: 3752)
  • setup.exe (PID: 3816)
  • GoogleUpdate.exe (PID: 2464)
  • GoogleUpdate.exe (PID: 2316)
  • GoogleUpdate.exe (PID: 3428)
  • GoogleUpdate.exe (PID: 3308)
  • GoogleUpdate.exe (PID: 2304)
  • GoogleUpdate.exe (PID: 3888)
  • GoogleUpdate.exe (PID: 1156)
  • chrome_setup_en[1].exe (PID: 2784)
  • GoogleUpdateSetup.exe (PID: 3684)
Loads dropped or rewritten executable
  • chrome.exe (PID: 4060)
  • svchost.exe (PID: 680)
  • GoogleUpdate.exe (PID: 2588)
  • GoogleUpdate.exe (PID: 3252)
  • GoogleUpdate.exe (PID: 2464)
  • GoogleUpdate.exe (PID: 3428)
  • GoogleUpdate.exe (PID: 3308)
  • GoogleUpdate.exe (PID: 2316)
  • GoogleUpdate.exe (PID: 3888)
  • GoogleUpdate.exe (PID: 2304)
  • GoogleUpdate.exe (PID: 1156)
Changes the autorun value in the registry
  • setup.exe (PID: 3816)
Changes settings of System certificates
  • GoogleUpdate.exe (PID: 3308)
Loads the Task Scheduler COM API
  • GoogleUpdate.exe (PID: 1156)
Downloads executable files from the Internet
  • iexplore.exe (PID: 3272)
Creates a software uninstall entry
  • setup.exe (PID: 3816)
Application launched itself
  • GoogleUpdate.exe (PID: 2464)
  • setup.exe (PID: 3816)
Modifies the open verb of a shell class
  • setup.exe (PID: 3816)
Removes files from Windows directory
  • setup.exe (PID: 3816)
Executable content was dropped or overwritten
  • setup.exe (PID: 3816)
  • 71.0.3578.98_chrome_installer.exe (PID: 2456)
  • iexplore.exe (PID: 2984)
  • iexplore.exe (PID: 3272)
  • GoogleUpdateSetup.exe (PID: 3684)
  • chrome_setup_en[1].exe (PID: 2784)
  • GoogleUpdate.exe (PID: 1156)
Creates files in the Windows directory
  • GoogleUpdate.exe (PID: 2464)
  • setup.exe (PID: 3752)
Creates files in the program directory
  • GoogleUpdate.exe (PID: 2464)
  • GoogleUpdate.exe (PID: 1156)
  • GoogleUpdateSetup.exe (PID: 3684)
  • setup.exe (PID: 3816)
Adds / modifies Windows certificates
  • GoogleUpdate.exe (PID: 3308)
Creates COM task schedule object
  • GoogleUpdate.exe (PID: 1156)
  • GoogleUpdate.exe (PID: 2316)
Disables SEHOP
  • GoogleUpdate.exe (PID: 1156)
Starts itself from another location
  • GoogleUpdate.exe (PID: 1156)
Application launched itself
  • chrome.exe (PID: 3448)
Dropped object may contain Bitcoin addresses
  • setup.exe (PID: 3816)
Reads Internet Cache Settings
  • iexplore.exe (PID: 3272)
Creates files in the user directory
  • iexplore.exe (PID: 2984)
  • iexplore.exe (PID: 3272)
Changes internet zones settings
  • iexplore.exe (PID: 2984)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
65
Monitored processes
33
Malicious processes
14
Suspicious processes
4

Behavior graph

+
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe chrome_setup_en[1].exe googleupdate.exe no specs googleupdatesetup.exe googleupdate.exe googleupdate.exe no specs googleupdate.exe no specs googleupdate.exe googleupdate.exe no specs googleupdate.exe 71.0.3578.98_chrome_installer.exe setup.exe setup.exe no specs googleupdateondemand.exe no specs googleupdate.exe no specs googleupdate.exe svchost.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
680
CMD
C:\Windows\system32\svchost.exe -k RPCSS
Path
C:\Windows\System32\svchost.exe
Indicators
No indicators
Parent process
––
User
NETWORK SERVICE
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Host Process for Windows Services
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\rpcepmap.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\google\update\1.3.33.5\goopdate.dll

PID
2984
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
1
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\cryptbase.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\url.dll
c:\windows\system32\version.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\propsys.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\msfeeds.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\shdocvw.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\r9zewh8d\chrome_setup_en[1].exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll
c:\windows\system32\mlang.dll

PID
3272
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71937
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
8.00.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\program files\internet explorer\iexplore.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\comdlg32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rsaenh.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\program files\java\jre1.8.0_92\bin\ssv.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\version.dll
c:\progra~1\micros~1\office14\urlredir.dll
c:\windows\system32\secur32.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\progra~1\micros~1\office14\msohev.dll
c:\program files\java\jre1.8.0_92\bin\jp2ssv.dll
c:\program files\java\jre1.8.0_92\bin\msvcr100.dll
c:\program files\java\jre1.8.0_92\bin\deploy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wship6.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorwks.dll
c:\windows\system32\wpc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\netutils.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
2784
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\chrome_setup_en[1].exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\chrome_setup_en[1].exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Update Setup
Version
1.3.33.5
Modules
Image
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\r9zewh8d\chrome_setup_en[1].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\gum2e.tmp\googleupdate.exe

PID
3888
CMD
C:\Users\admin\AppData\Local\Temp\GUM2E.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={430A1D05-49A5-2C1C-2EF8-4850213B7F42}&lang=en&browser=2&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=-statsdef_1&installdataindex=defaultbrowser"
Path
C:\Users\admin\AppData\Local\Temp\GUM2E.tmp\GoogleUpdate.exe
Indicators
No indicators
Parent process
chrome_setup_en[1].exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.5
Modules
Image
c:\users\admin\appdata\local\temp\gum2e.tmp\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\users\admin\appdata\local\temp\gum2e.tmp\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\users\admin\appdata\local\temp\gum2e.tmp\goopdateres_en.dll
c:\windows\system32\propsys.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\mpr.dll

PID
3684
CMD
"C:\Users\admin\AppData\Local\Temp\GUM2E.tmp\GoogleUpdateSetup.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={430A1D05-49A5-2C1C-2EF8-4850213B7F42}&lang=en&browser=2&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=-statsdef_1&installdataindex=defaultbrowser" /installelevated /nomitag
Path
C:\Users\admin\AppData\Local\Temp\GUM2E.tmp\GoogleUpdateSetup.exe
Indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Update Setup
Version
1.3.33.5
Modules
Image
c:\users\admin\appdata\local\temp\gum2e.tmp\googleupdatesetup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\program files\gum6a6.tmp\googleupdate.exe

PID
1156
CMD
"C:\Program Files\GUM6A6.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={430A1D05-49A5-2C1C-2EF8-4850213B7F42}&lang=en&browser=2&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=-statsdef_1&installdataindex=defaultbrowser" /installelevated
Path
C:\Program Files\GUM6A6.tmp\GoogleUpdate.exe
Indicators
Parent process
GoogleUpdateSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.5
Modules
Image
c:\program files\gum6a6.tmp\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\gum6a6.tmp\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\program files\gum6a6.tmp\goopdateres_en.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\program files\google\update\googleupdate.exe
c:\windows\system32\taskschd.dll
c:\windows\system32\sspicli.dll
c:\program files\google\update\1.3.33.17\npgoogleupdate3.dll
c:\program files\google\update\1.3.33.5\npgoogleupdate3.dll

PID
2304
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /regsvc
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
No indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.5
Modules
Image
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\google\update\1.3.33.5\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\program files\google\update\1.3.33.5\goopdateres_en.dll

PID
2316
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /regserver
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
No indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.5
Modules
Image
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\google\update\1.3.33.5\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\program files\google\update\1.3.33.5\psmachine.dll

PID
3308
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMzMuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjMzLjUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUU2NUM1NTQtMUIyNy00NkI1LUE4MDktRUFFOTkyRDI5NDlGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0VDQ0M2QUVBLURDOTMtNDg2NS1CNjk2LTUzQzVCQzI3MzkyNn0iIGRlZHVwPSJjciI-PGh3IHBoeXNtZW1vcnk9IjMiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IjEuMy4zMy4xNyIgbmV4dHZlcnNpb249IjEuMy4zMy41IiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiIGlpZD0iezQzMEExRDA1LTQ5QTUtMkMxQy0yRUY4LTQ4NTAyMTNCN0Y0Mn0iPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMTcwMyIvPjwvYXBwPjwvcmVxdWVzdD4
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.5
Modules
Image
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\google\update\1.3.33.5\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll

PID
3428
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={430A1D05-49A5-2C1C-2EF8-4850213B7F42}&lang=en&browser=2&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=-statsdef_1&installdataindex=defaultbrowser" /installsource taggedmi /sessionid "{9E65C554-1B27-46B5-A809-EAE992D2949F}"
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
No indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.5
Modules
Image
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\google\update\1.3.33.5\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\program files\google\update\1.3.33.5\goopdateres_en.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\google\update\1.3.33.5\psmachine.dll

PID
2464
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.5
Modules
Image
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\google\update\1.3.33.5\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\program files\google\update\1.3.33.5\goopdateres_en.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\google\update\1.3.33.5\psmachine.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\bitsprx4.dll
c:\windows\system32\apphelp.dll
c:\program files\google\update\install\{e573aec5-11ad-49ce-b9c2-adc3d2db87aa}\71.0.3578.98_chrome_installer.exe
c:\windows\system32\propsys.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll

PID
2456
CMD
"C:\Program Files\Google\Update\Install\{E573AEC5-11AD-49CE-B9C2-ADC3D2DB87AA}\71.0.3578.98_chrome_installer.exe" --verbose-logging --do-not-launch-chrome /installerdata="C:\Windows\TEMP\gui3E12.tmp"
Path
C:\Program Files\Google\Update\Install\{E573AEC5-11AD-49CE-B9C2-ADC3D2DB87AA}\71.0.3578.98_chrome_installer.exe
Indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome Installer
Version
71.0.3578.98
Modules
Image
c:\program files\google\update\install\{e573aec5-11ad-49ce-b9c2-adc3d2db87aa}\71.0.3578.98_chrome_installer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\cr_008c5.tmp\setup.exe

PID
3816
CMD
"C:\Users\admin\AppData\Local\Temp\CR_008C5.tmp\setup.exe" --install-archive="C:\Users\admin\AppData\Local\Temp\CR_008C5.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome /installerdata="C:\Windows\TEMP\gui3E12.tmp"
Path
C:\Users\admin\AppData\Local\Temp\CR_008C5.tmp\setup.exe
Indicators
Parent process
71.0.3578.98_chrome_installer.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome Installer
Version
71.0.3578.98
Modules
Image
c:\users\admin\appdata\local\temp\cr_008c5.tmp\setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\psapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\program files\google\chrome\application\chrome.exe

PID
3752
CMD
C:\Users\admin\AppData\Local\Temp\CR_008C5.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=71.0.3578.98 --initial-client-data=0x10c,0x114,0x118,0x108,0x11c,0xc46550,0xc46560,0xc4656c
Path
C:\Users\admin\AppData\Local\Temp\CR_008C5.tmp\setup.exe
Indicators
No indicators
Parent process
setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome Installer
Version
71.0.3578.98
Modules
Image
c:\users\admin\appdata\local\temp\cr_008c5.tmp\setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
2652
CMD
"C:\Program Files\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe" -Embedding
Path
C:\Program Files\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Update
Version
1.3.33.5
Modules
Image
c:\program files\google\update\1.3.33.5\googleupdateondemand.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\apphelp.dll
c:\program files\google\update\googleupdate.exe

PID
3252
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /ondemand
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
No indicators
Parent process
GoogleUpdateOnDemand.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.5
Modules
Image
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\program files\google\update\1.3.33.5\goopdate.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\google\update\1.3.33.5\goopdateres_en.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\program files\google\update\1.3.33.5\psmachine.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\apphelp.dll

PID
2588
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB2ZXJzaW9uPSIxLjMuMzMuNSIgc2hlbGxfdmVyc2lvbj0iMS4zLjMzLjUiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OUU2NUM1NTQtMUIyNy00NkI1LUE4MDktRUFFOTkyRDI5NDlGfSIgaW5zdGFsbHNvdXJjZT0idGFnZ2VkbWkiIHJlcXVlc3RpZD0ie0Q1MkFCQzBELTlDRTUtNDFDMC1BRUM2LUVFNTJCNDJFQTBFMX0iIGRlZHVwPSJjciI-PGh3IHBoeXNtZW1vcnk9IjMiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDg2Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzQy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjcxLjAuMzU3OC45OCIgYXA9Ii1zdGF0c2RlZl8xIiBsYW5nPSJlbiIgYnJhbmQ9IiIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjEzNSIgaW5zdGFsbGRhdGU9IjQyNTYiIGlpZD0iezQzMEExRDA1LTQ5QTUtMkMxQy0yRUY4LTQ4NTAyMTNCN0Y0Mn0iIGNvaG9ydD0iMTpndS9pMTk6IiBjb2hvcnRuYW1lPSJTdGFibGUgSW5zdGFsbHMgT25seSI-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9yZWRpcmVjdG9yLmd2dDEuY29tL2VkZ2VkbC9yZWxlYXNlMi9jaHJvbWUvRXA2cGJqRjB4bFFfNzEuMC4zNTc4Ljk4LzcxLjAuMzU3OC45OF9jaHJvbWVfaW5zdGFsbGVyLmV4ZSIgZG93bmxvYWRlZD0iNTM0MDg0OTYiIHRvdGFsPSI1MzQwODQ5NiIgZG93bmxvYWRfdGltZV9tcz0iNjkyMiIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjMyMTkiIGRvd25sb2FkX3RpbWVfbXM9Ijc1MTYiIGRvd25sb2FkZWQ9IjUzNDA4NDk2IiB0b3RhbD0iNTM0MDg0OTYiIGluc3RhbGxfdGltZV9tcz0iODY0MSIvPjxkYXRhIG5hbWU9Imluc3RhbGwiIGluZGV4PSJkZWZhdWx0YnJvd3NlciIvPjwvYXBwPjwvcmVxdWVzdD4
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.5
Modules
Image
c:\program files\google\update\googleupdate.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ole32.dll
c:\program files\google\update\1.3.33.5\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msxml3.dll

PID
3448
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe"
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\imagehlp.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\progra~1\micros~1\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\windows\system32\mf.dll
c:\windows\system32\shdocvw.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_child.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\winspool.drv
c:\windows\system32\comdlg32.dll

PID
3648
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=71.0.3578.98 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x70c13090,0x70c130a0,0x70c130ac
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3892
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2388 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_watcher.dll

PID
4060
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=940,809667028686203420,4141929163930540506,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=6754600025956135008 --mojo-platform-channel-handle=992 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\71.0.3578.98\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\71.0.3578.98\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\71.0.3578.98\swiftshader\libegl.dll

PID
3840
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,809667028686203420,4141929163930540506,131072 --enable-features=PasswordImport --service-pipe-token=16524921105366589728 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16524921105366589728 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3120
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,809667028686203420,4141929163930540506,131072 --enable-features=PasswordImport --service-pipe-token=11007347768418419446 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=11007347768418419446 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3544
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,809667028686203420,4141929163930540506,131072 --enable-features=PasswordImport --service-pipe-token=4546983552036286839 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4546983552036286839 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
876
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,809667028686203420,4141929163930540506,131072 --enable-features=PasswordImport --service-pipe-token=14659368434125456460 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14659368434125456460 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2536
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,809667028686203420,4141929163930540506,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=14872249057805344645 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=14872249057805344645 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2632 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2844
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=940,809667028686203420,4141929163930540506,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=14986751471918412853 --mojo-platform-channel-handle=4036 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3524
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,809667028686203420,4141929163930540506,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=5733349950631343903 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=5733349950631343903 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3160
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=940,809667028686203420,4141929163930540506,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAAAAAAAAAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=9153823551395663157 --mojo-platform-channel-handle=3432 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
3696
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=940,809667028686203420,4141929163930540506,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=13844109054185060138 --mojo-platform-channel-handle=664 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
1636
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=940,809667028686203420,4141929163930540506,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=3329512560399027076 --mojo-platform-channel-handle=2264 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
180
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=940,809667028686203420,4141929163930540506,131072 --enable-features=PasswordImport --disable-gpu-compositing --service-pipe-token=8890897848376438123 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=8890897848376438123 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
71.0.3578.98
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\71.0.3578.98\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

Registry activity

Total events
3297
Read events
1914
Write events
1269
Delete events
114

Modification events

PID
Process
Operation
Key
Name
Value
680
svchost.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\61\52C64B7E
LanguageList
en-US
680
svchost.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\61\52C64B7E
@C:\Program Files\Google\Update\1.3.33.5\goopdate.dll,-3000
Google Update
2984
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018082720180903
2984
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012018090920180910
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{E2032411-1547-11E9-AA93-5254004A04AF}
0
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Type
4
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Count
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore
Time
E307010005000B00020017001E00D602
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Type
4
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Count
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore
Time
E307010005000B00020017001E00D602
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links
Order
08000000020000000C01000001000000020000007E0000000000000070003200EC000000464B245120005355474745537E312E55524C0000540008000400EFBE454B974D464B24512A000000F94300000000020000000000000000000000000000005300750067006700650073007400650064002000530069007400650073002E00750072006C0000001C00000000000000820000000100000074003200E2000000464B24512000574542534C497E312E55524C0000580008000400EFBE454B864A464B24512A000000743E0000000003000000000000000000000000000000570065006200200053006C006900630065002000470061006C006C006500720079002E00750072006C0000001C00000000000000
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E307010005000B00020017001E006203
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
LoadTime
12
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E307010005000B00020017001E008103
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
LoadTime
29
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
3
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E307010005000B00020017001E00C003
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
LoadTime
25
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E307010005000B000200170024007E0100000000
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
NotifyDownloadComplete
yes
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019011120190112
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CachePrefix
:2019011120190112:
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CacheLimit
8192
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CacheOptions
11
2984
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012019011120190112
CacheRepair
0
3272
iexplore.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012018082820180829
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CachePath
%USERPROFILE%\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012019011120190112
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CachePrefix
:2019011120190112:
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CacheLimit
8192
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CacheOptions
11
3272
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Extensible Cache\MSHist012019011120190112
CacheRepair
0
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\MimeTypes\application/x-vnd.google.oneclickctrl.9
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9\MimeTypes
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C442AC41-9200-4770-8CC0-7CDB4F245C55}
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore\AllowedDomains\*
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore\AllowedDomains
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\iexplore
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickCtrl.9\CLSID
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickCtrl.9
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\ProgID
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\Implemented Categories
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.9
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3\MimeTypes\application/x-vnd.google.update3webcontrol.3
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3\MimeTypes
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\iexplore\AllowedDomains\*
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\iexplore\AllowedDomains
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\iexplore
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.Update3WebControl.3\CLSID
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.Update3WebControl.3
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\ProgID
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\Implemented Categories
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.google.update3webcontrol.3
1156
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{ECCC6AEA-DC93-4865-B696-53C5BC273926}
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
PendingFileRenameOperations
\??\C:\Users\admin\AppData\Local\Temp\GoogleUpdate.exe.old2108f8
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update
path
C:\Program Files\Google\Update\GoogleUpdate.exe
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update
UninstallCmdLine
"C:\Program Files\Google\Update\GoogleUpdate.exe" /uninstall
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
pv
1.3.33.5
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
name
Google Update
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
pv
1.3.33.5
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
DisableExceptionChainValidation
0
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update
IsMSIHelperRegistered
0
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update
LastOSVersion
1C0100000600000001000000B11D000002000000530065007200760069006300650020005000610063006B00200031000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000010100
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update
version
1.3.33.5
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
Path
C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
Description
Google Update
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
ProductName
Google Update
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
Vendor
Google Inc.
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9
Version
9
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}
AppName
GoogleUpdateWebPlugin.exe
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}
AppPath
C:\Program Files\Google\Update\1.3.33.5
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}
Policy
3
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickCtrl.9
Google Update Plugin
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickCtrl.9\CLSID
{C442AC41-9200-4770-8CC0-7CDB4F245C55}
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}
Google Update Plugin
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\ProgID
Google.OneClickCtrl.9
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32
C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32
ThreadingModel
Apartment
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}
CATID_AppContainerCompatible
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.9
CLSID
{C442AC41-9200-4770-8CC0-7CDB4F245C55}
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
Path
C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
Description
Google Update
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
ProductName
Google Update
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
Vendor
Google Inc.
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3
Version
3
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}
AppName
GoogleUpdateBroker.exe
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}
AppPath
C:\Program Files\Google\Update\1.3.33.5
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}
Policy
3
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.Update3WebControl.3
Google Update Plugin
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.Update3WebControl.3\CLSID
{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}
Google Update Plugin
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\ProgID
Google.Update3WebControl.3
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32
C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32
ThreadingModel
Apartment
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}
CATID_AppContainerCompatible
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.google.update3webcontrol.3
CLSID
{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
iid
{430A1D05-49A5-2C1C-2EF8-4850213B7F42}
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{ECCC6AEA-DC93-4865-B696-53C5BC273926}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.33.5" shell_version="1.3.33.5" ismachine="1" sessionid="{9E65C554-1B27-46B5-A809-EAE992D2949F}" installsource="taggedmi" requestid="{ECCC6AEA-DC93-4865-B696-53C5BC273926}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{430FD4D0-B729-4F61-AA34-91526481799D}" version="1.3.33.17" nextversion="1.3.33.5" lang="en" brand="" client="" iid="{430A1D05-49A5-2C1C-2EF8-4850213B7F42}"><event eventtype="2" eventresult="1" errorcode="0" extracode1="0" install_time_ms="1703"/></app></request>
1156
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{ECCC6AEA-DC93-4865-B696-53C5BC273926}
PersistedPingTime
131916470201322500
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ProgID
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ProgID
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ProgID
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VersionIndependentProgID
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID
2304
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}
ServiceModule
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe
AppID
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}
LocalService
gupdate
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}
ServiceParameters
/comsvc
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0
Update3COMClass
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService.1.0\CLSID
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService
Update3COMClass
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\CLSID
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3COMClassService\CurVer
GoogleUpdate.Update3COMClassService.1.0
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}
Update3COMClass
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\ProgID
GoogleUpdate.Update3COMClassService.1.0
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}\VersionIndependentProgID
GoogleUpdate.Update3COMClassService
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4EB61BAC-A3B6-4760-9581-655041EF4D69}
AppID
{4EB61BAC-A3B6-4760-9581-655041EF4D69}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}
ServiceModule
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\GoogleUpdate.exe
AppID
{9465B4B4-5216-4042-9A2C-754D3BCDC410}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}
LocalService
gupdatem
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}
ServiceParameters
/comsvc
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc.1.0
Google Update Legacy On Demand
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc.1.0\CLSID
{9465B4B4-5216-4042-9A2C-754D3BCDC410}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc
Google Update Legacy On Demand
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc\CLSID
{9465B4B4-5216-4042-9A2C-754D3BCDC410}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassSvc\CurVer
GoogleUpdate.OnDemandCOMClassSvc.1.0
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}
Google Update Legacy On Demand
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\ProgID
GoogleUpdate.OnDemandCOMClassSvc.1.0
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}\VersionIndependentProgID
GoogleUpdate.OnDemandCOMClassSvc
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9465B4B4-5216-4042-9A2C-754D3BCDC410}
AppID
{9465B4B4-5216-4042-9A2C-754D3BCDC410}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc.1.0
GoogleUpdate Update3Web
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc.1.0\CLSID
{534F5323-3569-4F42-919D-1E1CF93E5BF6}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc
GoogleUpdate Update3Web
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc\CLSID
{534F5323-3569-4F42-919D-1E1CF93E5BF6}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebSvc\CurVer
GoogleUpdate.Update3WebSvc.1.0
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}
GoogleUpdate Update3Web
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\ProgID
GoogleUpdate.Update3WebSvc.1.0
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}\VersionIndependentProgID
GoogleUpdate.Update3WebSvc
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{534F5323-3569-4F42-919D-1E1CF93E5BF6}
AppID
{9465B4B4-5216-4042-9A2C-754D3BCDC410}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1
Google Update Core Class
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass.1\CLSID
{E225E692-4B47-4777-9BED-4FD7FE257F0E}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass
Google Update Core Class
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass\CLSID
{E225E692-4B47-4777-9BED-4FD7FE257F0E}
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreClass\CurVer
GoogleUpdate.CoreClass.1
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}
Google Update Core Class
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\ProgID
GoogleUpdate.CoreClass.1
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}\VersionIndependentProgID
GoogleUpdate.CoreClass
2304
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E225E692-4B47-4777-9BED-4FD7FE257F0E}
AppID
{9465B4B4-5216-4042-9A2C-754D3BCDC410}
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{667ABD49-6DCA-4B5D-A1F8-F1243CB404B0}\InprocHandler32
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{667ABD49-6DCA-4B5D-A1F8-F1243CB404B0}
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\ProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VersionIndependentProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\LocalServer32
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\ProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\VersionIndependentProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\VersionIndependentProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\VersionIndependentProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VersionIndependentProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\ProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VersionIndependentProgID
2316
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32
C:\Program Files\Google\Update\1.3.33.5\psmachine.dll
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32
ThreadingModel
Both
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{667ABD49-6DCA-4B5D-A1F8-F1243CB404B0}\InprocHandler32
C:\Program Files\Google\Update\1.3.33.5\psmachine.dll
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{667ABD49-6DCA-4B5D-A1F8-F1243CB404B0}\InprocHandler32
ThreadingModel
Both
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}\InProcServer32
C:\Program Files\Google\Update\1.3.33.5\psmachine.dll
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}\InProcServer32
ThreadingModel
Both
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
PSFactoryBuffer
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}
ICoCreateAsyncStatus
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2E629606-312A-482F-9B12-2C4ABF6F0B6D}\NumMethods
10
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}
IJobObserver2
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{19692F10-ADD2-4EFF-BE54-E61C62E40D13}\NumMethods
4
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}
IGoogleUpdate
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31AC3F11-E5EA-4A85-8A3D-8E095A39C27B}\NumMethods
5
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}
IAppCommandWeb
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8476CE12-AE1F-4198-805C-BA0F9B783F57}\NumMethods
11
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}
IAppVersionWeb
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0CD01D1E-4A1C-489D-93B9-9B6672877C57}\NumMethods
10
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}
IRegistrationUpdateHook
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E223325-C16B-4EEB-AEDC-19AA99A237FA}\NumMethods
8
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}
IAppVersion
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BCDCB538-01C0-46D1-A6A7-52F4D021C272}\NumMethods
10
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}
IJobObserver
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49D7563B-2DDB-4831-88C8-768A53833837}\NumMethods
13
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}
ICoCreateAsync
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAB1D343-1B2A-47F9-B445-93DC50704BFE}\NumMethods
4
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}
IAppCommand2
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3D05F64F-71E3-48A5-BF6B-83315BC8AE1F}\NumMethods
12
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}
IGoogleUpdate3
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6DB17455-4E85-46E7-9D23-E555E4B005AF}\NumMethods
10
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}
IAppBundleWeb
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD42475D-6D46-496A-924E-BD5630B4CBBA}\NumMethods
24
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}
IProcessLauncher2
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D106AB5F-A70E-400E-A21B-96208C1D8DBB}\NumMethods
7
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}
ICredentialDialog
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3A47570-0A85-4AEA-8270-529D47899603}\NumMethods
4
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}
IAppWeb
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{18D0F672-18B4-48E6-AD36-6E6BF01DBBC4}\NumMethods
17
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}
IGoogleUpdate3WebSecurity
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D363682-561D-4C3A-81C6-F2F82107562A}\NumMethods
4
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}
IPackage
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DCAB8386-4F03-4DBD-A366-D90BC9F68DE6}\NumMethods
10
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}
IApp
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{76F7B787-A67C-4C73-82C7-31F5E3AABC5C}\NumMethods
41
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}
IProcessLauncher
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{128C2DA6-2BC0-44C0-B3F6-4EC22E647964}\NumMethods
6
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}
IApp2
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{084D78A8-B084-4E14-A629-A2C419B0E3D9}\NumMethods
43
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}
IGoogleUpdateCore
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{909489C2-85A6-4322-AA56-D25278649D67}\NumMethods
4
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}
IGoogleUpdate3Web
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{494B20CF-282E-4BDD-9F5D-B70CB09D351E}\NumMethods
8
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}
IBrowserHttpRequest2
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B25A8DC-1780-4178-A629-6BE8B8DEFAA2}\NumMethods
4
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}
IAppBundle
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE908CDD-22BB-472A-9870-1A0390E42F36}\NumMethods
41
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}
IProgressWndEvents
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C642CED-CA3B-4013-A9DF-CA6CE5FF6503}\NumMethods
9
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}
IOneClickProcessLauncher
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5CCCB0EF-7073-4516-8028-4C628D0C8AAB}\NumMethods
4
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}
ICurrentState
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{247954F9-9EDC-4E68-8CC3-150C2B89EADF}\NumMethods
24
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\ProxyStubClsid32
{75BC6B63-B6F3-4F56-BD5B-26A290AD0F3C}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}
IAppCommand
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4DE778FE-F195-4EE3-9DAB-FE446C239221}\NumMethods
11
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine.1.0
Google Update Broker Class Factory
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine.1.0\CLSID
{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine
Google Update Broker Class Factory
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine\CLSID
{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachine\CurVer
GoogleUpdate.OnDemandCOMClassMachine.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}
Google Update Broker Class Factory
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\ProgID
GoogleUpdate.OnDemandCOMClassMachine.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\VersionIndependentProgID
GoogleUpdate.OnDemandCOMClassMachine
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32
"C:\Program Files\Google\Update\1.3.33.5\GoogleUpdateBroker.exe"
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}
LocalizedString
@C:\Program Files\Google\Update\1.3.33.5\goopdate.dll,-3000
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation
Enabled
1
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\Elevation
IconReference
@C:\Program Files\Google\Update\1.3.33.5\goopdate.dll,-1004
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine.1.0
Google Update Broker Class Factory
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine.1.0\CLSID
{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine
Google Update Broker Class Factory
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine\CLSID
{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachine\CurVer
GoogleUpdate.Update3WebMachine.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}
Google Update Broker Class Factory
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\ProgID
GoogleUpdate.Update3WebMachine.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\VersionIndependentProgID
GoogleUpdate.Update3WebMachine
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32
"C:\Program Files\Google\Update\1.3.33.5\GoogleUpdateBroker.exe"
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}
LocalizedString
@C:\Program Files\Google\Update\1.3.33.5\goopdate.dll,-3000
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation
Enabled
1
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\Elevation
IconReference
@C:\Program Files\Google\Update\1.3.33.5\goopdate.dll,-1004
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync.1.0
CoCreateAsync
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync.1.0\CLSID
{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync
CoCreateAsync
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync\CLSID
{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoCreateAsync\CurVer
GoogleUpdate.CoCreateAsync.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}
CoCreateAsync
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\ProgID
GoogleUpdate.CoCreateAsync.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\VersionIndependentProgID
GoogleUpdate.CoCreateAsync
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32
"C:\Program Files\Google\Update\1.3.33.5\GoogleUpdateBroker.exe"
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickProcessLauncherMachine.1.0
Google.OneClickProcessLauncher
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickProcessLauncherMachine.1.0\CLSID
{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickProcessLauncherMachine
Google.OneClickProcessLauncher
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickProcessLauncherMachine\CLSID
{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Google.OneClickProcessLauncherMachine\CurVer
Google.OneClickProcessLauncherMachine.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}
Google.OneClickProcessLauncher
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\ProgID
Google.OneClickProcessLauncherMachine.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\VersionIndependentProgID
Google.OneClickProcessLauncherMachine
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\LocalServer32
"C:\Program Files\Google\Update\1.3.33.5\GoogleUpdateBroker.exe"
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}
CLSID
{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}
Policy
3
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher.1.0
Google Update Process Launcher Class
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher.1.0\CLSID
{ABC01078-F197-4B0B-ADBC-CFE684B39C82}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher
Google Update Process Launcher Class
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher\CLSID
{ABC01078-F197-4B0B-ADBC-CFE684B39C82}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.ProcessLauncher\CurVer
GoogleUpdate.ProcessLauncher.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}
Google Update Process Launcher Class
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\ProgID
GoogleUpdate.ProcessLauncher.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\VersionIndependentProgID
GoogleUpdate.ProcessLauncher
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32
"C:\Program Files\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe"
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass.1
Google Update Core Class
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass.1\CLSID
{9B2340A0-4068-43D6-B404-32E27217859D}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass
Google Update Core Class
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass\CLSID
{9B2340A0-4068-43D6-B404-32E27217859D}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CoreMachineClass\CurVer
GoogleUpdate.CoreMachineClass.1
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}
Google Update Core Class
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\ProgID
GoogleUpdate.CoreMachineClass.1
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\VersionIndependentProgID
GoogleUpdate.CoreMachineClass
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32
"C:\Program Files\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe"
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}
LocalizedString
@C:\Program Files\Google\Update\1.3.33.5\goopdate.dll,-3000
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation
Enabled
1
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\Elevation
IconReference
@C:\Program Files\Google\Update\1.3.33.5\goopdate.dll,-1004
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0
Google Update Legacy On Demand
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback.1.0\CLSID
{B3D28DBD-0DFA-40E4-8071-520767BADC7E}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback
Google Update Legacy On Demand
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback\CLSID
{B3D28DBD-0DFA-40E4-8071-520767BADC7E}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.OnDemandCOMClassMachineFallback\CurVer
GoogleUpdate.OnDemandCOMClassMachineFallback.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}
Google Update Legacy On Demand
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\ProgID
GoogleUpdate.OnDemandCOMClassMachineFallback.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\VersionIndependentProgID
GoogleUpdate.OnDemandCOMClassMachineFallback
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32
"C:\Program Files\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe"
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}
LocalizedString
@C:\Program Files\Google\Update\1.3.33.5\goopdate.dll,-3000
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation
Enabled
1
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\Elevation
IconReference
@C:\Program Files\Google\Update\1.3.33.5\goopdate.dll,-1004
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback.1.0
GoogleUpdate Update3Web
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback.1.0\CLSID
{598FE0E5-E02D-465D-9A9D-37974A28FD42}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback
GoogleUpdate Update3Web
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback\CLSID
{598FE0E5-E02D-465D-9A9D-37974A28FD42}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.Update3WebMachineFallback\CurVer
GoogleUpdate.Update3WebMachineFallback.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}
GoogleUpdate Update3Web
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\ProgID
GoogleUpdate.Update3WebMachineFallback.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\VersionIndependentProgID
GoogleUpdate.Update3WebMachineFallback
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32
"C:\Program Files\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe"
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}
LocalizedString
@C:\Program Files\Google\Update\1.3.33.5\goopdate.dll,-3000
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation
Enabled
1
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\Elevation
IconReference
@C:\Program Files\Google\Update\1.3.33.5\goopdate.dll,-1004
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine.1.0
GoogleUpdate CredentialDialog
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine.1.0\CLSID
{25461599-633D-42B1-84FB-7CD68D026E53}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine
GoogleUpdate CredentialDialog
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine\CLSID
{25461599-633D-42B1-84FB-7CD68D026E53}
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\GoogleUpdate.CredentialDialogMachine\CurVer
GoogleUpdate.CredentialDialogMachine.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}
GoogleUpdate CredentialDialog
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\ProgID
GoogleUpdate.CredentialDialogMachine.1.0
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\VersionIndependentProgID
GoogleUpdate.CredentialDialogMachine
2316
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32
"C:\Program Files\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe"
3308
GoogleUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
3308
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Blob
0F0000000100000014000000F45A0858C9CD920E647BAD539AB9F1CFC77F24CB090000000100000016000000301406082B0601050507030306082B06010505070308140000000100000014000000DAED6474149C143CABDD99A9BD5B284D8B3CC9D80B000000010000001400000055005300450052005400720075007300740000001D0000000100000010000000F919B9CCCE1E59C2E785F7DC2CCF6708030000000100000014000000E12DFB4B41D7D9C32B30514BAC1D81D8385E2D4620000000010000006A040000308204663082034EA003020102021044BE0C8B500024B411D3362DE0B35F1B300D06092A864886F70D0101050500308195310B3009060355040613025553310B3009060355040813025554311730150603550407130E53616C74204C616B652043697479311E301C060355040A131554686520555345525452555354204E6574776F726B3121301F060355040B1318687474703A2F2F7777772E7573657274727573742E636F6D311D301B0603550403131455544E2D5553455246697273742D4F626A656374301E170D3939303730393138333132305A170D3139303730393138343033365A308195310B3009060355040613025553310B3009060355040813025554311730150603550407130E53616C74204C616B652043697479311E301C060355040A131554686520555345525452555354204E6574776F726B3121301F060355040B1318687474703A2F2F7777772E7573657274727573742E636F6D311D301B0603550403131455544E2D5553455246697273742D4F626A65637430820122300D06092A864886F70D01010105000382010F003082010A0282010100CEAA813FA3A36178AA31005595119E270F1F1CDF3A9B826830C04A611DF12F0EFABE79F7A523EF55519684CDDBE3B96E3E31D80A2067C7F4D9BF94EB47043E02CE2AA25D870409F6309D188A97B2AA1CFC41D2A136CBFB3D91BAE7D97035FAE4E790C39BA39BD33CF5129977B1B709E068E61CB8F39463886A6AFE0B76C9BEF422E467B9AB1A5E77C18507DD0D6CBFEE06C7776A419EA70FD7FBEE9417B7FC85BEA4ABC41C31DDD7B6D1E4F0EFDF168FB25293D7A1D489A1072EBFE10112421E1AE1D89534DB647928FFBA2E11C2E5E85B9248FB470BC26CDAAD328341F3A5E54170FD65906DFAFA51C4F9BD962B19042CD36DA7DCF07F6F8365E26AAB8786750203010001A381AF3081AC300B0603551D0F0404030201C6300F0603551D130101FF040530030101FF301D0603551D0E04160414DAED6474149C143CABDD99A9BD5B284D8B3CC9D830420603551D1F043B30393037A035A0338631687474703A2F2F63726C2E7573657274727573742E636F6D2F55544E2D5553455246697273742D4F626A6563742E63726C30290603551D250422302006082B0601050507030306082B06010505070308060A2B0601040182370A0304300D06092A864886F70D01010505000382010100081F52B1374478DBFDCEB9DA959698AA556480B55A40DD21A5C5C1F35F2C4CC8475A69EAE8F03535F4D025F3C8A6A4874ABD1BB17308BDD4C3CAB635BB59867731CDA78014AE13EFFCB148F96B25252D51B62C6D45C198C88A565D3EEE434E3E6B278ED03A4B850B5FD3ED6AA775CBD15A872F3975135A72B002819FBEF00F845420626C69D4E14DC60D9943010D12968C789DBF50A2B144AA6ACF177ACF6F0FD4F824555FF0341649663E5046C96371383162B862B9F353AD6CB52BA212AA194F09DA5EE793C68E1408FEF0308018A086854DC87DD78B03FE6ED5F79D16AC922CA023E59C91521F94DF179473C3B3C1C17105200078BD13521DA83ECD001FC8
3308
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Blob
0400000001000000100000009414777E3E5EFD8F30BD41B0CFE7D0300F0000000100000014000000BF4D2C390BBF0AA3A2B7EA2DC751011BF5FD422E090000000100000068000000306606082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030806082B06010505070309060A2B0601040182370A030406082B0601050507030606082B0601050507030706082B060105050802020B000000010000005C00000047006F006F0067006C00650020005400720075007300740020005300650072007600690063006500730020002D00200047006C006F00620061006C005300690067006E00200052006F006F0074002000430041002D005200320000005300000001000000230000003021301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0620000000100000020000000CA42DD41745FD0B81EB902362CF9D8BF719DA1BD1B1EFC946F5B4C99F42C1B9E1400000001000000140000009BE20757671C1EC06A06DE59B49A2DDFDC19862E1D000000010000001000000073621E116224668780B2D2BEE454E52E03000000010000001400000075E0ABB6138512271C04F85FDDDE38E4B7242EFE190000000100000010000000A8827A3CBD2D87D783B59B8062C87E9A2000000001000000BE030000308203BA308202A2A003020102020B0400000000010F8626E60D300D06092A864886F70D0101050500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3036313231353038303030305A170D3231313231353038303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100A6CF240EBE2E6F28994542C4AB3E21549B0BD37F8470FA12B3CBBF875FC67F86D3B2305CD6FDADF17BDCE5F86096099210F5D053DEFB7B7E7388AC52887B4AA6CA49A65EA8A78C5A11BC7A82EBBE8CE9B3AC962507974A992A072FB41E77BF8A0FB5027C1B96B8C5B93A2CBCD612B9EB597DE2D006865F5E496AB5395E8834ECBC780C0898846CA8CD4BB4A07D0C794DF0B82DCB21CAD56C5B7DE1A02984A1F9D39449CB24629120BCDD0BD5D9CCF9EA270A2B7391C69D1BACC8CBE8E0A0F42F908B4DFBB0361BF6197A85E06DF26113885C9FE0930A51978A5ACEAFABD5F7AA09AA60BDDCD95FDF72A960135E0001C94AFA3FA4EA070321028E82CA03C29B8F0203010001A3819C308199300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604149BE20757671C1EC06A06DE59B49A2DDFDC19862E30360603551D1F042F302D302BA029A0278625687474703A2F2F63726C2E676C6F62616C7369676E2E6E65742F726F6F742D72322E63726C301F0603551D230418301680149BE20757671C1EC06A06DE59B49A2DDFDC19862E300D06092A864886F70D01010505000382010100998153871C68978691ECE04AB8440BAB81AC274FD6C1B81C4378B30C9AFCEA2C3C6E611B4D4B29F59F051D26C1B8E983006245B6A90893B9A9334B189AC2F887884EDBDD71341AC154DA463FE0D32AAB6D5422F53A62CD206FBA2989D7DD91EED35CA23EA15B41F5DFE564432DE9D539ABD2A2DFB78BD0C080191C45C02D8CE8F82DA4745649C505B54F15DE6E44783987A87EBBF3791891BBF46F9DC1F08C358C5D01FBC36DB9EF446D7946317E0AFEA982C1FFEFAB6E20C450C95F9D4D9B178C0CE501C9A0416A7353FAA550B46E250FFB4C18F4FD52D98E69B1E8110FDE88D8FB1D49F7AADE95CF2078C26012DB25408C6AFC7E4238406412F79E81E1932E
3308
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Blob
190000000100000010000000E843AC3B52EC8C297FA948C9B1FB2819030000000100000014000000E12DFB4B41D7D9C32B30514BAC1D81D8385E2D461D0000000100000010000000F919B9CCCE1E59C2E785F7DC2CCF67080B00000001000000140000005500530045005200540072007500730074000000140000000100000014000000DAED6474149C143CABDD99A9BD5B284D8B3CC9D8090000000100000016000000301406082B0601050507030306082B060105050703080F0000000100000014000000F45A0858C9CD920E647BAD539AB9F1CFC77F24CB20000000010000006A040000308204663082034EA003020102021044BE0C8B500024B411D3362DE0B35F1B300D06092A864886F70D0101050500308195310B3009060355040613025553310B3009060355040813025554311730150603550407130E53616C74204C616B652043697479311E301C060355040A131554686520555345525452555354204E6574776F726B3121301F060355040B1318687474703A2F2F7777772E7573657274727573742E636F6D311D301B0603550403131455544E2D5553455246697273742D4F626A656374301E170D3939303730393138333132305A170D3139303730393138343033365A308195310B3009060355040613025553310B3009060355040813025554311730150603550407130E53616C74204C616B652043697479311E301C060355040A131554686520555345525452555354204E6574776F726B3121301F060355040B1318687474703A2F2F7777772E7573657274727573742E636F6D311D301B0603550403131455544E2D5553455246697273742D4F626A65637430820122300D06092A864886F70D01010105000382010F003082010A0282010100CEAA813FA3A36178AA31005595119E270F1F1CDF3A9B826830C04A611DF12F0EFABE79F7A523EF55519684CDDBE3B96E3E31D80A2067C7F4D9BF94EB47043E02CE2AA25D870409F6309D188A97B2AA1CFC41D2A136CBFB3D91BAE7D97035FAE4E790C39BA39BD33CF5129977B1B709E068E61CB8F39463886A6AFE0B76C9BEF422E467B9AB1A5E77C18507DD0D6CBFEE06C7776A419EA70FD7FBEE9417B7FC85BEA4ABC41C31DDD7B6D1E4F0EFDF168FB25293D7A1D489A1072EBFE10112421E1AE1D89534DB647928FFBA2E11C2E5E85B9248FB470BC26CDAAD328341F3A5E54170FD65906DFAFA51C4F9BD962B19042CD36DA7DCF07F6F8365E26AAB8786750203010001A381AF3081AC300B0603551D0F0404030201C6300F0603551D130101FF040530030101FF301D0603551D0E04160414DAED6474149C143CABDD99A9BD5B284D8B3CC9D830420603551D1F043B30393037A035A0338631687474703A2F2F63726C2E7573657274727573742E636F6D2F55544E2D5553455246697273742D4F626A6563742E63726C30290603551D250422302006082B0601050507030306082B06010505070308060A2B0601040182370A0304300D06092A864886F70D01010505000382010100081F52B1374478DBFDCEB9DA959698AA556480B55A40DD21A5C5C1F35F2C4CC8475A69EAE8F03535F4D025F3C8A6A4874ABD1BB17308BDD4C3CAB635BB59867731CDA78014AE13EFFCB148F96B25252D51B62C6D45C198C88A565D3EEE434E3E6B278ED03A4B850B5FD3ED6AA775CBD15A872F3975135A72B002819FBEF00F845420626C69D4E14DC60D9943010D12968C789DBF50A2B144AA6ACF177ACF6F0FD4F824555FF0341649663E5046C96371383162B862B9F353AD6CB52BA212AA194F09DA5EE793C68E1408FEF0308018A086854DC87DD78B03FE6ED5F79D16AC922CA023E59C91521F94DF179473C3B3C1C17105200078BD13521DA83ECD001FC8
3308
GoogleUpdate.exe
write
HKEY_CURRENT_USER\Software\Google\Update\proxy
source
auto
3428
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2464
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
2464
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{859BDE51-9D5B-4D19-8C52-6D3BDC65D84A}
2464
GoogleUpdate.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{859BDE51-9D5B-4D19-8C52-6D3BDC65D84A}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.33.5" shell_version="1.3.33.5" ismachine="1" sessionid="{9E65C554-1B27-46B5-A809-EAE992D2949F}" requestid="{859BDE51-9D5B-4D19-8C52-6D3BDC65D84A}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/></request>
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{859BDE51-9D5B-4D19-8C52-6D3BDC65D84A}
PersistedPingTime
131916470207885000
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
pv
68.0.3440.106
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
StateValue
3
2464
GoogleUpdate.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2464
GoogleUpdate.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Google\Update\proxy
source
auto
2464
GoogleUpdate.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
0
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
ping_freshness
{8E398D10-F1A3-45B7-AD00-4EB7E26505E7}
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\cohort
1:gu/i19:
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\cohort
hint
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\cohort
name
Stable Installs Only
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
StateValue
4
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.33.5" shell_version="1.3.33.5" ismachine="1" sessionid="{9E65C554-1B27-46B5-A809-EAE992D2949F}" installsource="taggedmi" requestid="{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}" version="" nextversion="71.0.3578.98" ap="-statsdef_1" lang="en" brand="" client="" installage="135" installdate="4256" iid="{430A1D05-49A5-2C1C-2EF8-4850213B7F42}" cohort="1:gu/i19:" cohortname="Stable Installs Only"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><data name="install" index="defaultbrowser"/></app></request>
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}
PersistedPingTime
131916470240697500
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
4294967295
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
0
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
StateValue
5
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.33.5" shell_version="1.3.33.5" ismachine="1" sessionid="{9E65C554-1B27-46B5-A809-EAE992D2949F}" installsource="taggedmi" requestid="{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}" version="" nextversion="71.0.3578.98" ap="-statsdef_1" lang="en" brand="" client="" installage="135" installdate="4256" iid="{430A1D05-49A5-2C1C-2EF8-4850213B7F42}" cohort="1:gu/i19:" cohortname="Stable Installs Only"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="5" eventresult="1" errorcode="0" extracode1="0"/><data name="install" index="defaultbrowser"/></app></request>
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}
PersistedPingTime
131916470241791250
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
StateValue
7
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
18895
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
5
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
8883
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
15
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
3778
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
35
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
1981
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
57
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
1068
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
75
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
877
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
80
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadTimeRemainingMs
0
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
DownloadProgressPercent
100
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.33.5" shell_version="1.3.33.5" ismachine="1" sessionid="{9E65C554-1B27-46B5-A809-EAE992D2949F}" installsource="taggedmi" requestid="{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}" version="" nextversion="71.0.3578.98" ap="-statsdef_1" lang="en" brand="" client="" installage="135" installdate="4256" iid="{430A1D05-49A5-2C1C-2EF8-4850213B7F42}" cohort="1:gu/i19:" cohortname="Stable Installs Only"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="5" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0" downloader="bits" url="http://redirector.gvt1.com/edgedl/release2/chrome/Ep6pbjF0xlQ_71.0.3578.98/71.0.3578.98_chrome_installer.exe" downloaded="53408496" total="53408496" download_time_ms="6922"/><data name="install" index="defaultbrowser"/></app></request>
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}
PersistedPingTime
131916470316791250
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.33.5" shell_version="1.3.33.5" ismachine="1" sessionid="{9E65C554-1B27-46B5-A809-EAE992D2949F}" installsource="taggedmi" requestid="{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}" version="" nextversion="71.0.3578.98" ap="-statsdef_1" lang="en" brand="" client="" installage="135" installdate="4256" iid="{430A1D05-49A5-2C1C-2EF8-4850213B7F42}" cohort="1:gu/i19:" cohortname="Stable Installs Only"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="5" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0" downloader="bits" url="http://redirector.gvt1.com/edgedl/release2/chrome/Ep6pbjF0xlQ_71.0.3578.98/71.0.3578.98_chrome_installer.exe" downloaded="53408496" total="53408496" download_time_ms="6922"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0"/><data name="install" index="defaultbrowser"/></app></request>
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}
PersistedPingTime
131916470317260000
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.33.5" shell_version="1.3.33.5" ismachine="1" sessionid="{9E65C554-1B27-46B5-A809-EAE992D2949F}" installsource="taggedmi" requestid="{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}" version="" nextversion="71.0.3578.98" ap="-statsdef_1" lang="en" brand="" client="" installage="135" installdate="4256" iid="{430A1D05-49A5-2C1C-2EF8-4850213B7F42}" cohort="1:gu/i19:" cohortname="Stable Installs Only"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="5" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0" downloader="bits" url="http://redirector.gvt1.com/edgedl/release2/chrome/Ep6pbjF0xlQ_71.0.3578.98/71.0.3578.98_chrome_installer.exe" downloaded="53408496" total="53408496" download_time_ms="6922"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="6" eventresult="1" errorcode="0" extracode1="0"/><data name="install" index="defaultbrowser"/></app></request>
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}
PersistedPingTime
131916470322572500
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
lang
en
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
ap
-statsdef_1
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
browser
2
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
InstallTimeRemainingMs
4294967295
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
InstallProgressPercent
100
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
StateValue
13
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
InstallProgressPercent
24
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
InstallProgressPercent
37
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
InstallProgressPercent
56
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
InstallProgressPercent
75
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
InstallProgressPercent
81
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
InstallProgressPercent
87
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
LastInstallerResult
0
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
LastInstallerError
2
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
LastInstallerSuccessLaunchCmdLine
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update
LastInstallerResult
0
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update
LastInstallerError
2
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update
LastInstallerSuccessLaunchCmdLine
"C:\Program Files\Google\Chrome\Application\chrome.exe"
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
pv
71.0.3578.98
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
iid
{430A1D05-49A5-2C1C-2EF8-4850213B7F42}
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
LastCheckSuccess
1547173440
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}
PersistedPingString
<?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" version="1.3.33.5" shell_version="1.3.33.5" ismachine="1" sessionid="{9E65C554-1B27-46B5-A809-EAE992D2949F}" installsource="taggedmi" requestid="{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}" dedup="cr"><hw physmemory="3" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="6.1.7601.0" sp="Service Pack 1" arch="x86"/><app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}" version="" nextversion="71.0.3578.98" ap="-statsdef_1" lang="en" brand="" client="" installage="135" installdate="4256" iid="{430A1D05-49A5-2C1C-2EF8-4850213B7F42}" cohort="1:gu/i19:" cohortname="Stable Installs Only"><event eventtype="9" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="5" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0" downloader="bits" url="http://redirector.gvt1.com/edgedl/release2/chrome/Ep6pbjF0xlQ_71.0.3578.98/71.0.3578.98_chrome_installer.exe" downloaded="53408496" total="53408496" download_time_ms="6922"/><event eventtype="1" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="6" eventresult="1" errorcode="0" extracode1="0"/><event eventtype="2" eventresult="1" errorcode="0" extracode1="0" source_url_index="0" update_check_time_ms="3219" download_time_ms="7516" downloaded="53408496" total="53408496" install_time_ms="8641"/><data name="install" index="defaultbrowser"/></app></request>
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\PersistedPings\{D52ABC0D-9CE5-41C0-AEC6-EE52B42EA0E1}
PersistedPingTime
131916470409291250
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
InstallTimeRemainingMs
0
2464
GoogleUpdate.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
StateValue
14
2456
71.0.3578.98_chrome_installer.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
ap
-statsdef_1-full
3816
setup.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}
3816
setup.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerProgress
18
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerProgress
24
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerProgress
37
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerProgress
43
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerProgress
49
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerProgress
56
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
UninstallString
C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\setup.exe
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
UninstallArguments
--uninstall --msi --system-level --verbose-logging
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}
name
Google Chrome
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}
pv
71.0.3578.98
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Google Chrome
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}
StubPath
"C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Localized Name
Google Chrome
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}
IsInstalled
1
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Version
43,0,0,0
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade
CommandLine
"C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\setup.exe" --on-os-upgrade --system-level --verbose-logging
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade
AutoRunOnOSUpgrade
1
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\store-dmtoken
CommandLine
"C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\setup.exe" --store-dmtoken=%1 --system-level --verbose-logging
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\store-dmtoken
WebAccessible
1
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32
"C:\Program Files\Google\Chrome\Application\71.0.3578.98\notification_helper.exe"
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32
ServerExecutable
C:\Program Files\Google\Chrome\Application\71.0.3578.98\notification_helper.exe
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{708860E0-F641-4611-8895-7D867DD3675B}
AppID
{708860E0-F641-4611-8895-7D867DD3675B}
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{708860E0-F641-4611-8895-7D867DD3675B}
LocalService
GoogleChromeElevationService
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
msi
1
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerProgress
62
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerProgress
68
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerProgress
75
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
52
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
53
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
54
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerProgress
81
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Chrome
CategoryCount
1
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Chrome
TypesSupported
7
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Chrome
CategoryMessageFile
C:\Program Files\Google\Chrome\Application\71.0.3578.98\eventlog_provider.dll
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Chrome
EventMessageFile
C:\Program Files\Google\Chrome\Application\71.0.3578.98\eventlog_provider.dll
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\Chrome
ParameterMessageFile
C:\Program Files\Google\Chrome\Application\71.0.3578.98\eventlog_provider.dll
3816
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice
Progid
ChromeHTML
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
55
3816
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Progid
ChromeHTML
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
56
3816
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
Progid
ChromeHTML
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
57
3816
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice
Progid
ChromeHTML
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
58
3816
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice
Progid
ChromeHTML
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
59
3816
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice
Progid
ChromeHTML
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
60
3816
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice
Progid
ChromeHTML
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
61
3816
setup.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice
Progid
ChromeHTML
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
62
3816
setup.exe
write
HKEY_CLASSES_ROOT\.htm
ChromeHTML
3816
setup.exe
write
HKEY_CLASSES_ROOT\.html
ChromeHTML
3816
setup.exe
write
HKEY_CLASSES_ROOT\.shtml
ChromeHTML
3816
setup.exe
write
HKEY_CLASSES_ROOT\.xht
ChromeHTML
3816
setup.exe
write
HKEY_CLASSES_ROOT\.xhtml
ChromeHTML
3816
setup.exe
write
HKEY_CLASSES_ROOT\ftp
URL Protocol
3816
setup.exe
write
HKEY_CLASSES_ROOT\ftp\DefaultIcon
C:\Program Files\Google\Chrome\Application\chrome.exe,0
3816
setup.exe
write
HKEY_CLASSES_ROOT\ftp\shell\open\command
"C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
3816
setup.exe
write
HKEY_CLASSES_ROOT\ftp\shell\open\ddeexec
3816
setup.exe
write
HKEY_CLASSES_ROOT\ftp\shell
open
3816
setup.exe
write
HKEY_CLASSES_ROOT\http
URL Protocol
3816
setup.exe
write
HKEY_CLASSES_ROOT\http\DefaultIcon
C:\Program Files\Google\Chrome\Application\chrome.exe,0
3816
setup.exe
write
HKEY_CLASSES_ROOT\http\shell\open\command
"C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
3816
setup.exe
write
HKEY_CLASSES_ROOT\http\shell\open\ddeexec
3816
setup.exe
write
HKEY_CLASSES_ROOT\http\shell
open
3816
setup.exe
write
HKEY_CLASSES_ROOT\https
URL Protocol
3816
setup.exe
write
HKEY_CLASSES_ROOT\https\DefaultIcon
C:\Program Files\Google\Chrome\Application\chrome.exe,0
3816
setup.exe
write
HKEY_CLASSES_ROOT\https\shell\open\command
"C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
3816
setup.exe
write
HKEY_CLASSES_ROOT\https\shell\open\ddeexec
3816
setup.exe
write
HKEY_CLASSES_ROOT\https\shell
open
3816
setup.exe
write
HKEY_CURRENT_USER\Software\Clients\StartMenuInternet
Google Chrome
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm
ChromeHTML
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html
ChromeHTML
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml
ChromeHTML
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht
ChromeHTML
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml
ChromeHTML
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp
URL Protocol
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\DefaultIcon
C:\Program Files\Google\Chrome\Application\chrome.exe,0
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\command
"C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell\open\ddeexec
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ftp\shell
open
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http
URL Protocol
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\DefaultIcon
C:\Program Files\Google\Chrome\Application\chrome.exe,0
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command
"C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\ddeexec
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell
open
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https
URL Protocol
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\DefaultIcon
C:\Program Files\Google\Chrome\Application\chrome.exe,0
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\command
"C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell\open\ddeexec
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\https\shell
open
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet
Google Chrome
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
63
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerProgress
87
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerProgress
100
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerResult
0
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerError
2
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
InstallerSuccessLaunchCmdLine
"C:\Program Files\Google\Chrome\Application\chrome.exe"
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EDF60E6CC0B1623E904001B99652E9A\InstallProperties
DisplayVersion
71.0.3578.98
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E06FDE9-B0CC-3261-9E40-00B19956E2A9}
DisplayVersion
71.0.3578.98
3816
setup.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
ap
-statsdef_1
2588
GoogleUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\61\52C64B7E
LanguageList
en-US
2588
GoogleUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\61\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
2588
GoogleUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\61\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
2588
GoogleUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\61\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
2588
GoogleUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\61\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
2588
GoogleUpdate.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\61\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
2588
GoogleUpdate.exe
write
HKEY_CURRENT_USER\Software\Google\Update\proxy
source
auto
3448
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3448
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
3448
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3448
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2