General Info

URL

https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.canva.com%2Fdesign%2FDAE1b1jrQrw%2FSF-DRGc8utZ2MHTqZVoKjw%2Fview%3Futm_content%3DDAE1b1jrQrw%26utm_campaign%3Ddesignshare%26utm_medium%3Dlink%26utm_source%3Dpublishsharelink&data=04%7C01%7Ccustomersolutions.sfs%40siemens.com%7C627c2c3b2d354b6752e608d9d7782fff%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637777734043429066%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=dwtYAaoNPNlsY1yxBcj5hyOLHb0TAFqSVG76FhhCtWY%3D&reserved=0

Full analysis
https://app.any.run/tasks/81e619d5-0ba5-4571-83ae-f68fa34b15ca
Verdict
Malicious activity
Analysis date
14/01/2022, 21:01:11
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:

loader

Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 11.0.9600.19596 KB4534251
  • Adobe Acrobat Reader DC (20.013.20064)
  • Adobe Flash Player 32 ActiveX (32.0.0.453)
  • Adobe Flash Player 32 NPAPI (32.0.0.453)
  • Adobe Flash Player 32 PPAPI (32.0.0.453)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.74)
  • FileZilla Client 3.51.0 (3.51.0)
  • Google Chrome (86.0.4240.198)
  • Google Update Helper (1.3.36.31)
  • Java 8 Update 271 (8.0.2710.9)
  • Java Auto Updater (2.8.271.9)
  • Microsoft .NET Framework 4.5.2 (4.5.51209)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
  • Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
  • Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
  • Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.21.27702 (14.21.27702.2)
  • Microsoft Visual C++ 2019 X86 Additional Runtime - 14.21.27702 (14.21.27702)
  • Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.21.27702 (14.21.27702)
  • Mozilla Firefox 83.0 (x86 en-US) (83.0)
  • Mozilla Maintenance Service (83.0.0.7621)
  • Notepad++ (32-bit x86) (7.9.1)
  • Opera 12.15 (12.15.1748)
  • QGA (2.14.33)
  • Skype version 8.29 (8.29)
  • VLC media player (3.0.11)
  • WinRAR 5.91 (32-bit) (5.91.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Hyphenation Parent Package English
  • IE Spelling Parent Package English
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • InternetExplorer Package TopLevel
  • KB2479943
  • KB2491683
  • KB2506212
  • KB2506928
  • KB2532531
  • KB2533552
  • KB2533623
  • KB2534111
  • KB2545698
  • KB2547666
  • KB2552343
  • KB2560656
  • KB2564958
  • KB2574819
  • KB2579686
  • KB2585542
  • KB2604115
  • KB2620704
  • KB2621440
  • KB2631813
  • KB2639308
  • KB2640148
  • KB2653956
  • KB2654428
  • KB2656356
  • KB2660075
  • KB2667402
  • KB2676562
  • KB2685811
  • KB2685813
  • KB2685939
  • KB2690533
  • KB2698365
  • KB2705219
  • KB2719857
  • KB2726535
  • KB2727528
  • KB2729094
  • KB2729452
  • KB2731771
  • KB2732059
  • KB2736422
  • KB2742599
  • KB2750841
  • KB2758857
  • KB2761217
  • KB2770660
  • KB2773072
  • KB2786081
  • KB2789645
  • KB2799926
  • KB2800095
  • KB2807986
  • KB2808679
  • KB2813347
  • KB2813430
  • KB2820331
  • KB2834140
  • KB2836942
  • KB2836943
  • KB2840631
  • KB2843630
  • KB2847927
  • KB2852386
  • KB2853952
  • KB2857650
  • KB2861698
  • KB2862152
  • KB2862330
  • KB2862335
  • KB2864202
  • KB2868038
  • KB2871997
  • KB2872035
  • KB2884256
  • KB2891804
  • KB2893294
  • KB2893519
  • KB2894844
  • KB2900986
  • KB2908783
  • KB2911501
  • KB2912390
  • KB2918077
  • KB2919469
  • KB2923545
  • KB2931356
  • KB2937610
  • KB2943357
  • KB2952664
  • KB2968294
  • KB2970228
  • KB2972100
  • KB2972211
  • KB2973112
  • KB2973201
  • KB2977292
  • KB2978120
  • KB2978742
  • KB2984972
  • KB2984976
  • KB2984976 SP1
  • KB2985461
  • KB2991963
  • KB2992611
  • KB2999226
  • KB3004375
  • KB3006121
  • KB3006137
  • KB3010788
  • KB3011780
  • KB3013531
  • KB3019978
  • KB3020370
  • KB3020388
  • KB3021674
  • KB3021917
  • KB3022777
  • KB3023215
  • KB3030377
  • KB3031432
  • KB3035126
  • KB3037574
  • KB3042058
  • KB3045685
  • KB3046017
  • KB3046269
  • KB3054476
  • KB3055642
  • KB3059317
  • KB3060716
  • KB3061518
  • KB3067903
  • KB3068708
  • KB3071756
  • KB3072305
  • KB3074543
  • KB3075226
  • KB3078667
  • KB3080149
  • KB3086255
  • KB3092601
  • KB3093513
  • KB3097989
  • KB3101722
  • KB3102429
  • KB3102810
  • KB3107998
  • KB3108371
  • KB3108664
  • KB3109103
  • KB3109560
  • KB3110329
  • KB3115858
  • KB3118401
  • KB3122648
  • KB3123479
  • KB3126587
  • KB3127220
  • KB3133977
  • KB3137061
  • KB3138378
  • KB3138612
  • KB3138910
  • KB3139398
  • KB3139914
  • KB3140245
  • KB3147071
  • KB3150220
  • KB3150513
  • KB3155178
  • KB3156016
  • KB3159398
  • KB3161102
  • KB3161949
  • KB3170735
  • KB3172605
  • KB3179573
  • KB3184143
  • KB3185319
  • KB4019990
  • KB4040980
  • KB4474419
  • KB4490628
  • KB4524752
  • KB4532945
  • KB4536952
  • KB4567409
  • KB958488
  • KB976902
  • KB982018
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • Package 21 for KB2984976
  • Package 38 for KB2984976
  • Package 45 for KB2984976
  • Package 59 for KB2984976
  • Package 7 for KB2984976
  • Package 76 for KB2984976
  • PlatformUpdate Win7 SRV08R2 Package TopLevel
  • ProfessionalEdition
  • RDP BlueIP Package TopLevel
  • RDP WinIP Package TopLevel
  • RollupFix
  • UltimateEdition
  • WUClient SelfUpdate ActiveX
  • WUClient SelfUpdate Aux TopLevel
  • WUClient SelfUpdate Core TopLevel
  • WinMan WinIP Package TopLevel

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • svchost.exe (PID: 1712)
  • GoogleUpdate.exe (PID: 2324)
  • GoogleUpdate.exe (PID: 2984)
  • GoogleUpdate.exe (PID: 848)
  • GoogleUpdate.exe (PID: 868)
  • GoogleUpdate.exe (PID: 612)
  • GoogleUpdate.exe (PID: 3200)
  • GoogleUpdate.exe (PID: 2464)
  • GoogleUpdate.exe (PID: 2208)
  • GoogleUpdate.exe (PID: 480)
Application was dropped or rewritten from another process
  • ChromeSetup.exe (PID: 3148)
  • GoogleUpdateSetup.exe (PID: 4016)
  • GoogleUpdate.exe (PID: 2324)
  • GoogleUpdate.exe (PID: 2984)
  • setup.exe (PID: 2276)
  • setup.exe (PID: 3044)
  • GoogleCrashHandler.exe (PID: 3412)
  • GoogleUpdateOnDemand.exe (PID: 1596)
Drops executable file immediately after starts
  • ChromeSetup.exe (PID: 3148)
  • GoogleUpdateSetup.exe (PID: 4016)
  • GoogleUpdate.exe (PID: 2984)
  • 97.0.4692.71_chrome_installer.exe (PID: 2084)
Loads the Task Scheduler COM API
  • GoogleUpdate.exe (PID: 2984)
Changes settings of System certificates
  • GoogleUpdate.exe (PID: 612)
Actions looks like stealing of personal data
  • 97.0.4692.71_chrome_installer.exe (PID: 2084)
  • setup.exe (PID: 2276)
Changes the autorun value in the registry
  • setup.exe (PID: 2276)
Reads Microsoft Outlook installation path
  • iexplore.exe (PID: 2376)
Drops a file that was compiled in debug mode
  • iexplore.exe (PID: 2520)
  • iexplore.exe (PID: 2376)
  • ChromeSetup.exe (PID: 3148)
  • GoogleUpdateSetup.exe (PID: 4016)
  • GoogleUpdate.exe (PID: 2984)
  • 97.0.4692.71_chrome_installer.exe (PID: 2084)
  • setup.exe (PID: 2276)
Executable content was dropped or overwritten
  • iexplore.exe (PID: 2520)
  • iexplore.exe (PID: 2376)
  • ChromeSetup.exe (PID: 3148)
  • GoogleUpdateSetup.exe (PID: 4016)
  • GoogleUpdate.exe (PID: 2984)
  • 97.0.4692.71_chrome_installer.exe (PID: 2084)
  • setup.exe (PID: 2276)
Checks supported languages
  • ChromeSetup.exe (PID: 3148)
  • GoogleUpdate.exe (PID: 2324)
  • GoogleUpdateSetup.exe (PID: 4016)
  • GoogleUpdate.exe (PID: 848)
  • GoogleUpdate.exe (PID: 868)
  • GoogleUpdate.exe (PID: 2984)
  • GoogleUpdate.exe (PID: 612)
  • GoogleUpdate.exe (PID: 3200)
  • GoogleUpdate.exe (PID: 2464)
  • 97.0.4692.71_chrome_installer.exe (PID: 2084)
  • setup.exe (PID: 2276)
  • setup.exe (PID: 3044)
  • GoogleCrashHandler.exe (PID: 3412)
  • GoogleUpdate.exe (PID: 2208)
  • GoogleUpdateOnDemand.exe (PID: 1596)
  • GoogleUpdate.exe (PID: 480)
Reads the computer name
  • GoogleUpdate.exe (PID: 2324)
  • GoogleUpdate.exe (PID: 2984)
  • GoogleUpdate.exe (PID: 848)
  • GoogleUpdate.exe (PID: 868)
  • GoogleUpdate.exe (PID: 612)
  • GoogleUpdate.exe (PID: 3200)
  • GoogleUpdate.exe (PID: 2464)
  • 97.0.4692.71_chrome_installer.exe (PID: 2084)
  • setup.exe (PID: 2276)
  • GoogleCrashHandler.exe (PID: 3412)
  • GoogleUpdate.exe (PID: 480)
  • GoogleUpdate.exe (PID: 2208)
Creates a directory in Program Files
  • GoogleUpdateSetup.exe (PID: 4016)
  • GoogleUpdate.exe (PID: 2984)
  • GoogleUpdate.exe (PID: 868)
  • GoogleUpdate.exe (PID: 848)
  • GoogleUpdate.exe (PID: 612)
  • GoogleUpdate.exe (PID: 2464)
  • GoogleUpdate.exe (PID: 3200)
  • 97.0.4692.71_chrome_installer.exe (PID: 2084)
  • setup.exe (PID: 2276)
  • GoogleUpdate.exe (PID: 2208)
Creates files in the program directory
  • GoogleUpdateSetup.exe (PID: 4016)
  • GoogleUpdate.exe (PID: 2984)
  • GoogleUpdate.exe (PID: 3200)
  • 97.0.4692.71_chrome_installer.exe (PID: 2084)
  • setup.exe (PID: 2276)
Creates/Modifies COM task schedule object
  • GoogleUpdate.exe (PID: 868)
Disables SEHOP
  • GoogleUpdate.exe (PID: 2984)
Adds / modifies Windows certificates
  • GoogleUpdate.exe (PID: 612)
Executed as Windows Service
  • GoogleUpdate.exe (PID: 3200)
Application launched itself
  • GoogleUpdate.exe (PID: 3200)
  • setup.exe (PID: 2276)
Creates files in the Windows directory
  • GoogleUpdate.exe (PID: 3200)
  • setup.exe (PID: 3044)
Drops a file with a compile date too recent
  • 97.0.4692.71_chrome_installer.exe (PID: 2084)
  • setup.exe (PID: 2276)
Removes files from Windows directory
  • setup.exe (PID: 2276)
Creates a software uninstall entry
  • setup.exe (PID: 2276)
Changes default file association
  • setup.exe (PID: 2276)
Searches for installed software
  • setup.exe (PID: 2276)
Executed via COM
  • GoogleUpdateOnDemand.exe (PID: 1596)
Modifies files in Chrome extension folder
  • chrome.exe (PID: 2336)
Reads settings of System Certificates
  • iexplore.exe (PID: 2520)
  • iexplore.exe (PID: 2376)
  • GoogleUpdate.exe (PID: 612)
  • GoogleUpdate.exe (PID: 3200)
  • GoogleUpdate.exe (PID: 2208)
  • chrome.exe (PID: 2336)
Reads the computer name
  • iexplore.exe (PID: 2520)
  • iexplore.exe (PID: 2376)
  • chrome.exe (PID: 2336)
  • chrome.exe (PID: 1604)
  • chrome.exe (PID: 3116)
  • chrome.exe (PID: 2204)
  • chrome.exe (PID: 3096)
Changes internet zones settings
  • iexplore.exe (PID: 2520)
Checks supported languages
  • iexplore.exe (PID: 2520)
  • iexplore.exe (PID: 2376)
  • chrome.exe (PID: 2336)
  • chrome.exe (PID: 3172)
  • chrome.exe (PID: 2680)
  • chrome.exe (PID: 1004)
  • chrome.exe (PID: 3476)
  • chrome.exe (PID: 3116)
  • chrome.exe (PID: 1604)
  • chrome.exe (PID: 3920)
  • chrome.exe (PID: 2204)
  • chrome.exe (PID: 2368)
  • chrome.exe (PID: 3808)
  • chrome.exe (PID: 2180)
  • chrome.exe (PID: 344)
  • chrome.exe (PID: 2528)
  • chrome.exe (PID: 3096)
  • chrome.exe (PID: 2256)
Dropped object may contain Bitcoin addresses
  • iexplore.exe (PID: 2520)
Application launched itself
  • iexplore.exe (PID: 2520)
  • chrome.exe (PID: 2336)
Creates files in the user directory
  • iexplore.exe (PID: 2520)
  • iexplore.exe (PID: 2376)
Checks Windows Trust Settings
  • iexplore.exe (PID: 2520)
  • iexplore.exe (PID: 2376)
Adds / modifies Windows certificates
  • iexplore.exe (PID: 2520)
Reads internet explorer settings
  • iexplore.exe (PID: 2376)
Modifies the phishing filter of IE
  • iexplore.exe (PID: 2520)
Changes settings of System certificates
  • iexplore.exe (PID: 2520)
Reads the hosts file
  • chrome.exe (PID: 1604)
  • chrome.exe (PID: 2336)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
78
Monitored processes
36
Malicious processes
14
Suspicious processes
2

Behavior graph

+
start drop and start drop and start drop and start drop and start iexplore.exe iexplore.exe chromesetup.exe googleupdate.exe no specs googleupdatesetup.exe googleupdate.exe googleupdate.exe no specs googleupdate.exe no specs googleupdate.exe googleupdate.exe no specs googleupdate.exe 97.0.4692.71_chrome_installer.exe setup.exe setup.exe no specs googlecrashhandler.exe no specs googleupdateondemand.exe no specs googleupdate.exe googleupdate.exe no specs svchost.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
1712
CMD
C:\Windows\system32\svchost.exe -k RPCSS
Path
C:\Windows\system32\svchost.exe
Indicators
No indicators
Parent process
––
User
NETWORK SERVICE
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Host Process for Windows Services
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\svchost.exe
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\version.dll
c:\windows\system32\credssp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\wship6.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\secur32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcepmap.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\firewallapi.dll
c:\program files\google\update\1.3.36.112\goopdate.dll

PID
2520
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" "https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.canva.com%2Fdesign%2FDAE1b1jrQrw%2FSF-DRGc8utZ2MHTqZVoKjw%2Fview%3Futm_content%3DDAE1b1jrQrw%26utm_campaign%3Ddesignshare%26utm_medium%3Dlink%26utm_source%3Dpublishsharelink&data=04%7C01%7Ccustomersolutions.sfs%40siemens.com%7C627c2c3b2d354b6752e608d9d7782fff%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7C637777734043429066%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0&sdata=dwtYAaoNPNlsY1yxBcj5hyOLHb0TAFqSVG76FhhCtWY%3D&reserved=0"
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\system32\oleaut32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\rpcrt4.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sechost.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\ole32.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\userenv.dll
c:\windows\system32\webio.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\profapi.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\msctf.dll
c:\windows\system32\netutils.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\ieui.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dui70.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\secur32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\duser.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mlang.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\wshqos.dll
c:\windows\system32\schannel.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\ieapfltr.dll
c:\windows\system32\winshfhc.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\wdscore.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\6z2bcoul\chromesetup.exe
c:\windows\system32\mpr.dll
c:\windows\system32\sfc.dll
c:\program files\windows defender\mpoav.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\sfc_os.dll
c:\program files\windows defender\mpclient.dll

PID
2376
CMD
"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2520 CREDAT:267521 /prefetch:2
Path
C:\Program Files\Internet Explorer\iexplore.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
LOW
Version:
Company
Microsoft Corporation
Description
Internet Explorer
Version
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Image
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\imm32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\mswsock.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
c:\windows\system32\d2d1.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ieui.dll
c:\program files\internet explorer\sqmapi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\bcryptprimitives.dll
c:\program files\internet explorer\ieshims.dll
c:\windows\system32\nsi.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\msctf.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\sechost.dll
c:\windows\system32\webio.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\wininet.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\credssp.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\fveui.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\qagentrt.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\jscript9.dll
c:\windows\system32\propsys.dll
c:\windows\system32\mlang.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\sxs.dll
c:\windows\system32\d3d10warp.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\psapi.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\winmm.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\imageres.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\cscui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\mshtmler.dll
c:\windows\system32\macromed\flash\flash32_32_0_0_453.ocx
c:\windows\system32\uianimation.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wpc.dll
c:\windows\system32\netutils.dll
c:\windows\system32\samcli.dll

PID
3148
CMD
"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\ChromeSetup.exe"
Path
C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\ChromeSetup.exe
Indicators
Parent process
iexplore.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Update Setup
Version
1.3.36.112
Modules
Image
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\6z2bcoul\chromesetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\gumb79.tmp\googleupdate.exe

PID
2324
CMD
C:\Users\admin\AppData\Local\Temp\GUMB79.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB4D3972-4FA0-D256-3E7A-7A685695B25D}&lang=en&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=stable-arch_x86-statsdef_1&installdataindex=defaultbrowser"
Path
C:\Users\admin\AppData\Local\Temp\GUMB79.tmp\GoogleUpdate.exe
Indicators
No indicators
Parent process
ChromeSetup.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Installer
Version
1.3.36.111
Modules
Image
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\users\admin\appdata\local\temp\gumb79.tmp\googleupdate.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\users\admin\appdata\local\temp\gumb79.tmp\goopdate.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shell32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\rsaenh.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\users\admin\appdata\local\temp\gumb79.tmp\goopdateres_en.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\propsys.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\mpr.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\apphelp.dll

PID
4016
CMD
"C:\Users\admin\AppData\Local\Temp\GUMB79.tmp\GoogleUpdateSetup.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB4D3972-4FA0-D256-3E7A-7A685695B25D}&lang=en&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=stable-arch_x86-statsdef_1&installdataindex=defaultbrowser" /installelevated /nomitag
Path
C:\Users\admin\AppData\Local\Temp\GUMB79.tmp\GoogleUpdateSetup.exe
Indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google LLC
Description
Google Update Setup
Version
1.3.36.112
Modules
Image
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\users\admin\appdata\local\temp\gumb79.tmp\googleupdatesetup.exe
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\gdi32.dll
c:\program files\google\temp\gume96.tmp\googleupdate.exe
c:\windows\system32\apphelp.dll

PID
2984
CMD
"C:\Program Files\Google\Temp\GUME96.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB4D3972-4FA0-D256-3E7A-7A685695B25D}&lang=en&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=stable-arch_x86-statsdef_1&installdataindex=defaultbrowser" /installelevated
Path
C:\Program Files\Google\Temp\GUME96.tmp\GoogleUpdate.exe
Indicators
Parent process
GoogleUpdateSetup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google LLC
Description
Google Installer
Version
1.3.36.111
Modules
Image
c:\windows\system32\crypt32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\psapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\program files\google\temp\gume96.tmp\goopdateres_en.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\lpk.dll
c:\windows\system32\netutils.dll
c:\program files\google\temp\gume96.tmp\googleupdate.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\temp\gume96.tmp\goopdate.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wtsapi32.dll
c:\program files\google\update\googleupdate.exe
c:\windows\system32\apphelp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\propsys.dll

PID
848
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /regsvc
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
No indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.23
Modules
Image
c:\windows\system32\wldap32.dll
c:\program files\google\update\1.3.36.112\goopdateres_en.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\program files\google\update\googleupdate.exe
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\netutils.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\wintrust.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\program files\google\update\1.3.36.112\goopdate.dll

PID
868
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /regserver
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
No indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.23
Modules
Image
c:\program files\google\update\googleupdate.exe
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\iertutil.dll
c:\program files\google\update\1.3.36.112\goopdate.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msctf.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\profapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\lpk.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\version.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\netutils.dll
c:\program files\google\update\1.3.36.112\psmachine.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wldap32.dll

PID
612
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zMy4yMyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InsxNDM5OTJEOS01RUIzLTRDOUUtODdDMy0yMDY1QkE5Q0FBNDN9IiB1c2VyaWQ9IntENzk2NDI4OS02QkNGLTQxMjMtOTlGOS04QTE5Qzk1QUQ4Q0Z9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgcmVxdWVzdGlkPSJ7MkYxMjM5NjctNUIwRC00NjM5LTk3OTAtRTRCMDREQTY5Rjc2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIzIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4yNDU0NiIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiLz48YXBwIGFwcGlkPSJ7NDMwRkQ0RDAtQjcyOS00RjYxLUFBMzQtOTE1MjY0ODE3OTlEfSIgdmVyc2lvbj0iMS4zLjM2LjMyIiBuZXh0dmVyc2lvbj0iMS4zLjM2LjExMiIgbGFuZz0iZW4iIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9IntEQjREMzk3Mi00RkEwLUQyNTYtM0U3QS03QTY4NTY5NUIyNUR9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjUzMSIvPjwvYXBwPjwvcmVxdWVzdD4
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.23
Modules
Image
c:\windows\system32\winnsi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\program files\google\update\googleupdate.exe
c:\windows\system32\sechost.dll
c:\program files\google\update\1.3.36.112\goopdate.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netutils.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\webio.dll
c:\windows\system32\ole32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\srvcli.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\ncrypt.dll

PID
2464
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={DB4D3972-4FA0-D256-3E7A-7A685695B25D}&lang=en&browser=2&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=stable-arch_x86-statsdef_1&installdataindex=defaultbrowser" /installsource taggedmi /sessionid "{143992D9-5EB3-4C9E-87C3-2065BA9CAA43}"
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
No indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.23
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\sechost.dll
c:\program files\google\update\googleupdate.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\program files\google\update\1.3.36.112\goopdate.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\userenv.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wininet.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\netutils.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ntmarta.dll
c:\program files\google\update\1.3.36.112\psmachine.dll
c:\windows\system32\rsaenh.dll
c:\program files\google\update\1.3.36.112\goopdateres_en.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll

PID
3200
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.23
Modules
Image
c:\windows\system32\ncrypt.dll
c:\windows\system32\winsta.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\schannel.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\advapi32.dll
c:\program files\google\update\googleupdate.exe
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\user32.dll
c:\program files\google\update\1.3.36.112\goopdate.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\version.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wintrust.dll
c:\program files\google\update\1.3.36.112\psmachine.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\dbghelp.dll
c:\program files\google\update\1.3.36.112\goopdateres_en.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\profapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\webio.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\qmgrprxy.dll
c:\windows\system32\bitsprx4.dll
c:\program files\google\update\install\{4d3b0879-68d5-40f6-b004-12d1f960f36c}\97.0.4692.71_chrome_installer.exe
c:\windows\system32\apphelp.dll
c:\program files\google\update\1.3.36.112\googlecrashhandler.exe

PID
2084
CMD
"C:\Program Files\Google\Update\Install\{4D3B0879-68D5-40F6-B004-12D1F960F36C}\97.0.4692.71_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Windows\TEMP\gui2575.tmp"
Path
C:\Program Files\Google\Update\Install\{4D3B0879-68D5-40F6-B004-12D1F960F36C}\97.0.4692.71_chrome_installer.exe
Indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome Installer
Version
97.0.4692.71
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\program files\google\update\install\{4d3b0879-68d5-40f6-b004-12d1f960f36c}\97.0.4692.71_chrome_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\program files\google\update\install\{4d3b0879-68d5-40f6-b004-12d1f960f36c}\cr_f88e6.tmp\setup.exe
c:\windows\system32\cabinet.dll
c:\windows\system32\apphelp.dll

PID
2276
CMD
"C:\Program Files\Google\Update\Install\{4D3B0879-68D5-40F6-B004-12D1F960F36C}\CR_F88E6.tmp\setup.exe" --install-archive="C:\Program Files\Google\Update\Install\{4D3B0879-68D5-40F6-B004-12D1F960F36C}\CR_F88E6.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --channel=stable --system-level /installerdata="C:\Windows\TEMP\gui2575.tmp"
Path
C:\Program Files\Google\Update\Install\{4D3B0879-68D5-40F6-B004-12D1F960F36C}\CR_F88E6.tmp\setup.exe
Indicators
Parent process
97.0.4692.71_chrome_installer.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome Installer
Version
97.0.4692.71
Modules
Image
c:\windows\system32\oleaut32.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\update\install\{4d3b0879-68d5-40f6-b004-12d1f960f36c}\cr_f88e6.tmp\setup.exe
c:\windows\system32\propsys.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\mpr.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\shell32.dll
c:\windows\system32\version.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\winmm.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msctf.dll
c:\windows\system32\samcli.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\userenv.dll
c:\windows\system32\nsi.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\sfc.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\usp10.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\webio.dll
c:\windows\system32\slc.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\cscapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll

PID
3044
CMD
"C:\Program Files\Google\Update\Install\{4D3B0879-68D5-40F6-B004-12D1F960F36C}\CR_F88E6.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=97.0.4692.71 --initial-client-data=0x1ac,0x1b0,0x1b4,0x180,0x1b8,0xdba678,0xdba688,0xdba694
Path
C:\Program Files\Google\Update\Install\{4D3B0879-68D5-40F6-B004-12D1F960F36C}\CR_F88E6.tmp\setup.exe
Indicators
No indicators
Parent process
setup.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome Installer
Version
97.0.4692.71
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\advapi32.dll
c:\program files\google\update\install\{4d3b0879-68d5-40f6-b004-12d1f960f36c}\cr_f88e6.tmp\setup.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\lpk.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\version.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\profapi.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\samcli.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\netutils.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\sechost.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\webio.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\sfc.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\userenv.dll
c:\windows\system32\user32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\wininet.dll
c:\windows\system32\cryptbase.dll

PID
3412
CMD
"C:\Program Files\Google\Update\1.3.36.112\GoogleCrashHandler.exe"
Path
C:\Program Files\Google\Update\1.3.36.112\GoogleCrashHandler.exe
Indicators
No indicators
Parent process
GoogleUpdate.exe
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Google LLC
Description
Google Crash Handler
Version
1.3.36.111
Modules
Image
c:\program files\google\update\1.3.36.112\googlecrashhandler.exe
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\profapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\cryptbase.dll

PID
1596
CMD
"C:\Program Files\Google\Update\1.3.36.112\GoogleUpdateOnDemand.exe" -Embedding
Path
C:\Program Files\Google\Update\1.3.36.112\GoogleUpdateOnDemand.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google LLC
Description
Google Update
Version
1.3.36.111
Modules
Image
c:\program files\google\update\1.3.36.112\googleupdateondemand.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\update\googleupdate.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\lpk.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll

PID
2208
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xMTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zMy4yMyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9InsxNDM5OTJEOS01RUIzLTRDOUUtODdDMy0yMDY1QkE5Q0FBNDN9IiB1c2VyaWQ9IntENzk2NDI4OS02QkNGLTQxMjMtOTlGOS04QTE5Qzk1QUQ4Q0Z9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgcmVxdWVzdGlkPSJ7NEFFQTZDODMtQ0U4Ny00NzFELTk5MUYtNTZCRjE0N0MzRTM4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIzIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4yNDU0NiIgc3A9IlNlcnZpY2UgUGFjayAxIiBhcmNoPSJ4ODYiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNDLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iOTcuMC40NjkyLjcxIiBhcD0ic3RhYmxlLWFyY2hfeDg2LXN0YXRzZGVmXzEiIGxhbmc9ImVuIiBicmFuZD0iIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMTIzNSIgaW5zdGFsbGRhdGU9IjQyNTYiIGlpZD0ie0RCNEQzOTcyLTRGQTAtRDI1Ni0zRTdBLTdBNjg1Njk1QjI1RH0iIGNvaG9ydD0iMTpndS9pMTk6IiBjb2hvcnRuYW1lPSJTdGFibGUgSW5zdGFsbHMgJmFtcDsgRnVsbCBWZXJzaW9uIFBpbnMiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vZWRnZWRsLm1lLmd2dDEuY29tL2VkZ2VkbC9yZWxlYXNlMi9jaHJvbWUvYWMydjdkeXphbjZqbHB4b3RhZW9jZHJ6amxzcV85Ny4wLjQ2OTIuNzEvOTcuMC40NjkyLjcxX2Nocm9tZV9pbnN0YWxsZXIuZXhlIiBkb3dubG9hZGVkPSI3ODYyNTM4NCIgdG90YWw9Ijc4NjI1Mzg0IiBkb3dubG9hZF90aW1lX21zPSI2Njg4NyIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NjA5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNzE5IiBkb3dubG9hZF90aW1lX21zPSI2Nzc2MSIgZG93bmxvYWRlZD0iNzg2MjUzODQiIHRvdGFsPSI3ODYyNTM4NCIgaW5zdGFsbF90aW1lX21zPSI5MzEzIi8-PC9hcHA-PC9yZXF1ZXN0Pg
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.23
Modules
Image
c:\windows\system32\gdi32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\user32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\netutils.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\shell32.dll
c:\program files\google\update\1.3.36.112\goopdate.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\program files\google\update\googleupdate.exe
c:\windows\system32\sechost.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winsta.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msctf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\webio.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\secur32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\p2pcollab.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\rsaenh.dll

PID
480
CMD
"C:\Program Files\Google\Update\GoogleUpdate.exe" /ondemand
Path
C:\Program Files\Google\Update\GoogleUpdate.exe
Indicators
No indicators
Parent process
GoogleUpdateOnDemand.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Installer
Version
1.3.33.23
Modules
Image
c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\program files\google\update\1.3.36.112\psmachine.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wininet.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\ntmarta.dll
c:\program files\google\update\1.3.36.112\goopdateres_en.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\program files\google\update\1.3.36.112\goopdate.dll
c:\windows\system32\nsi.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\rsaenh.dll
c:\program files\google\update\googleupdate.exe
c:\windows\system32\crypt32.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\usp10.dll
c:\windows\system32\psapi.dll
c:\windows\system32\clbcatq.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msctf.dll

PID
2336
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --from-installer
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
GoogleUpdate.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\winmm.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\version.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wevtapi.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\userenv.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\webio.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\devobj.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\credssp.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\dui70.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\atl.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\mfreadwrite.dll
c:\windows\system32\mf.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\wship6.dll
c:\windows\system32\bthprops.cpl

PID
3172
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=97.0.4692.71 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x6db4c9f8,0x6db4ca08,0x6db4ca14
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winmm.dll

PID
2204
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\windows\system32\shell32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\advapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\bcrypt.dll
c:\program files\google\chrome\application\97.0.4692.71\libegl.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\avrt.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mf.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\slc.dll
c:\program files\google\chrome\application\97.0.4692.71\libglesv2.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\devobj.dll
c:\windows\system32\evr.dll
c:\program files\google\chrome\application\97.0.4692.71\d3dcompiler_47.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\atl.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\dxva2.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\webio.dll
c:\windows\system32\nsi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\dwrite.dll

PID
1604
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\msasn1.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\webio.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\fwpuclnt.dll

PID
2680
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1504 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\usp10.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msctf.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\version.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\nsi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\winspool.drv
c:\windows\system32\userenv.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\ole32.dll
c:\windows\system32\webio.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dwrite.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll

PID
3920
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1976 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\windows\system32\version.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\psapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\userenv.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\nsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\profapi.dll

PID
1004
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2084 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\advapi32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\shlwapi.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\psapi.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\nsi.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\winnsi.dll

PID
1608
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2388 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll

PID
3808
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2352 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\cryptbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\version.dll
c:\windows\system32\sechost.dll
c:\windows\system32\shell32.dll
c:\windows\system32\user32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\winspool.drv
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ole32.dll
c:\windows\system32\webio.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll

PID
3116
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1380 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\windows\system32\usp10.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\devobj.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\mfplat.dll
c:\program files\google\chrome\application\97.0.4692.71\d3dcompiler_47.dll
c:\windows\system32\ksuser.dll
c:\program files\google\chrome\application\97.0.4692.71\vulkan-1.dll
c:\program files\google\chrome\application\97.0.4692.71\vk_swiftshader.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\evr.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\97.0.4692.71\libglesv2.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dwmapi.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\winmm.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\avrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cfgmgr32.dll
c:\program files\google\chrome\application\97.0.4692.71\libegl.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\mf.dll
c:\windows\system32\slc.dll
c:\windows\system32\msctf.dll
c:\windows\system32\psapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\ole32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\dxgi.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\webio.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll

PID
3476
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3328 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\windows\system32\profapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\version.dll
c:\windows\system32\ole32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\user32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\crypt32.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\cryptbase.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\secur32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winspool.drv

PID
2368
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3120 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\winmm.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\webio.dll
c:\windows\system32\winspool.drv
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\crypt32.dll

PID
2180
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3588 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\windows\system32\sechost.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\winmm.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\cryptbase.dll
c:\windows\system32\version.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\imm32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\nsi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winhttp.dll
c:\windows\system32\userenv.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\ole32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\webio.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll

PID
3096
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3760 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msctf.dll
c:\windows\system32\imm32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\version.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\secur32.dll
c:\windows\system32\userenv.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\powrprof.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\mf.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mfreadwrite.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\netutils.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\mscms.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\propsys.dll
c:\windows\system32\winsta.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wpc.dll
c:\program files\common files\microsoft shared\ime14\imekr\imkrtip.dll
c:\windows\system32\bthprops.cpl
c:\program files\common files\microsoft shared\ime14\imejp\imjptip.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wship6.dll
c:\windows\system32\firewallapi.dll
c:\program files\winrar\rarext.dll
c:\program files\microsoft office\office14\mlshext.dll
c:\program files\microsoft office\office14\onfilter.dll
c:\windows\system32\stobject.dll
c:\program files\notepad++\nppshell_06.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\program files\common files\microsoft shared\office14\msoshext.dll
c:\program files\microsoft office\office14\visshe.dll
c:\program files\windows sidebar\sbdrop.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscui.dll
c:\program files\microsoft office\office14\msohevi.dll
c:\program files\microsoft office\office14\olkfstub.dll
c:\windows\system32\syncui.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\colorui.dll
c:\windows\system32\cryptext.dll

PID
2528
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3812 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\windows\system32\gdi32.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\rpcrt4.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\userenv.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\profapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winspool.drv
c:\windows\system32\iphlpapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\webio.dll

PID
344
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3880 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msctf.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\webio.dll
c:\windows\system32\nsi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\dbghelp.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\usp10.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\dhcpcsvc.dll

PID
2256
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --field-trial-handle=1116,9489936401311241161,2524081640461175127,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3860 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google LLC
Description
Google Chrome
Version
97.0.4692.71
Modules
Image
c:\windows\system32\ws2_32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\webio.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\imm32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\winmm.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\crypt32.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\uiautomationcore.dll
c:\windows\system32\winspool.drv
c:\windows\system32\secur32.dll
c:\program files\google\chrome\application\97.0.4692.71\chrome.dll
c:\windows\system32\usp10.dll

Registry activity

Total events
41853
Read events
0
Write events
3244
Delete events
94

Modification events

PID
Process
Operation
Key
Name
Value
1712
svchost.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\16E\52C64B7E
LanguageList
en-US
1712
svchost.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\16E\52C64B7E
@C:\Program Files\Google\Update\1.3.36.112\goopdate.dll,-3000
Google Update
2520
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
(default)
2520
iexplore.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E1C950E6EF22F84C5645728B922060D7D5A7A3E8
(default)
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPDaysSinceLastAutoMigration
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935433
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchLowDateTime
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPLastLaunchHighDateTime
30935433
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
CachePrefix
Visited:
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
ProxyBypass
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
IntranetName
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
CachePrefix
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
0
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch
UpgradeTime
D059EFDD8909D801
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\Active
{1B7CE719-757D-11EC-A20C-12A9866C77DE}
0
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
CompatibilityFlags
0
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
CachePrefix
Cookie:
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
SecuritySafe
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
FullScreen
no
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
25
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
25
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Type
10
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
25
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
25
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Type
3
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery
Active
0
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Window_Placement
2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF20000000200000004003000078020000
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
25
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E00150001000E00CA02
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E00150001000E00CA02
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Type
3
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Type
3
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E00150001000E00CA02
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
25
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E00150001000E00CA02
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
25
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
25
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecision
0
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionTime
BCBA10DE8909D801
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadNetworkName
Network 4
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecision
0
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionTime
BCBA10DE8909D801
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\52-54-00-36-3e-ff
WpadDecisionReason
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{362E934C-743B-4588-8259-D2482DB771A8}
WpadDecisionReason
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E00150001001200880001000000644EA2EF78B0D01189E400C04FC9E26E
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
Implementing
1C00000001000000E607010005000E001500010012002E0200000000
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
00000000A6070000CCF5790B5FED6624A2121CB23883B89651A61FBAD9EBE42C08E7FD0B8B90D22014C0348B87AE92D52E6FF7804D892E2568270F3854891EEB25AEF003BA5BFD0A3EFF1C17C110CA0F98E8F9FBCE3C25EDCFAC2D1E4218B9C533A2E8F9DA9FDF118AD3F5D8B4B31C993E9F1D0B0939A27AA857D8F9FB374B7D51E3D271D8FC4955D55CC369D2378CB1F1B29DC1471ED82A444787F6418839C54791DEA9B512601A72BB0306623DC1887A4338EDEF8C9778009CD8F529AA380541CC6C4F108141A2770E0A044B6355CBD77074764D2444DD0476BEEEC23C432D77B4C90A51E927910C76A8A2654A053C0C5A4393C184CF3CBCF45BA751E0D095AD6965D74DEACCE322144626F6925F5F81224FC5724E95E5FD3808B5623514F5E70B2F290B246D7627067B44BFDB90341FE7B9AB1C20F120216195D4C0DA6360F7BA5FEA7F37CC1AF46D8BDF8AC50B029BC86AA39C9B3A4B4D8FBA8B1171935BFF96F03EC8C21C408869F61779F14B2F0BE78F352E60348A95E1861F66999C02DABF821EB4677629581B75A002FDF12C6F63E25D8B0D9D06D17974D8E4F10A35CE5533C1ADC572B052A1BC71088A8E71E65B57927044ECBC10769294661B28DCDB78E7D0977CB6A0D31C89C4C73867877FF1B5ABE9A38DD73DF80CB270B6333CD948F075FC2C769D6AAD395ED2A7BB1DF94308929DCBE8A5731FE33CCE61E457B1E5182F1E758E9325728C2BB177F43D43730CBE365D9610A40A957575BEFB61856F267C28F7E5C7DD8CC4305449E67D9E9FB3899FF765B1FBDBE1A9AE6BE93FE306F1514D522665DC1BCEC12FBBBE4E42E9934E513B39694FB11B52D40AB11CADCABE6457268DA84A405812796EBD56D16FB25BA6C703954DAC0E8B393A690C8ADB5B426C133B9717190C111A02CFDA345320B0993C19CB95EB33D99E9AAFBA9759B43976B97D41D7C71695EE178E38E3B3568F363B3B26EA90763BE8CCF1339E64B611CBB7C39CB36A65D7824DE2731FB1E5DE95623327B0BAB290656FDEAF991C4F9480AF35E975233842F74428CDDE6B1459295322233C89AD4D9B22D37A2DA25DE5CA40AAA8FB10D68C7D9D2E6F08030E8FBFAC67417F1DCF80BC875BE56F1408ABD70A3F23BC52EA2836F61F2895978EB39C0E3208AA957124533D104577933C08E0ADF27F610A44FC1CF0713415497841281A79808D13C4C586E3160B683F93611DC924680B56AC70B12B8E17B1377567846EB7DD21B60A79D81BB1E312385DFA7BFE5744CF576BCEEA47348BB7832E4C31AC5FC1309E301E338461E95E9EB45835EC5FFADB2DA9E890E4D374794C941DFB723C0796EA06F4F5BD31E65D9140810233B64A59F9941A7DA34FF1FEB122F170628624BBBC8C7DE668EBAA4831B0FD7D733AB3E1D9D9955A22057163D459731A1A2B16EB3367B76224256A6F9E71B7984BEFE7BEEEC2F9370251E3C9D3D36AF73B0BDF1F6FC7999E90DA3203F8259CAB5D81D547591445A1E348EB4DD0BD056C663F972990B9EF7B4E0C6C525F871CCD48903E28388F10DF657B3199E95EFCD639700A97B56C7A41FD246B34F3856C9BAC4CDCCBACFB1BF82859B95B4067827B56BDE3C000BE65BA3CF51519D427A5F829D9159ED5812697CC404EA3F32A031C5B5D720D901E0C00AD589309222FA5CC5F174919D44E2442F2A7FC3C24FAB8B1E9ABF05785690D3DEFBA0F3DFD51CD20EEFFA035C73CB001387E9E82F1DB0567A1376963FFDAAE96A16F904B85D78755764778C4CFCEE0773FA4712A7C76AAD9217820E71D63950A65F3D1EBDAE3A25F972455620D4662B1A73DC889E300C23E0B6995E3016FC57FDA143EEB1CEF7555F1FC6C6B9F65DEB21052BE1C48329844FDB00F2BCAE4F8DA9F1AEFF16BE3DB5924A8B8EEA614BF9C1AB205D0C9C0428098D6BF4B9812441756B5BFE1E7C4FB94CF10A18342B33A766623C21B88C1166F7DC169898A3B0C7C9E906CC6B021E1B594CB3057940DAB5A92E2716BA453E8C94A65A7D9C21D46C716E8CCD7E6E0E4B7127ADB03BA5A40023F18E8E93CB7196DA175B4035F0B113E60F90BC0A9EAE3DAE9F6D3D9D56BF8E80D705A6272587EA72035CE25811A97771BA603D5198148DDB939F56D067CEEDF9C0E75A36407078068202232489C43CEE6F19BB656DDE612223537046BD0F6B68C0D8E4E349B482C1A834B96D3684701632F3AF780139D20C4E4B4C025D38B547E7BD8DE00FEC684D4D262DD440A6BCB30754AC4B7BAD4C13F40429F5427087310B8B045EA5D165338279A3CBA1438C7EF0BCBB31BECC46933D5955419D33613E337FACA10EBCFD5E478704755B4692A3FDBF4AECCDE8C6A407FFB2192722C1C978E852994984C9E79FE698434C8B1BABF27E89EEA7B1E7706809CD1E0707587CCA68EB694BC3B3598DE62CA79F1CDE911BA74A19597F29F248F589523B291AA2245440A3230FDD6DFF66C5243F4EB2BD4C3E88EED5997EF3CE2276B7C01C39839EF63B38C44D64AF0D03D27B2F05F84A7A8F376133801DEED9912E109B02779B201E40AC406F0FF695F2C3FE679A4DF2CF79A6425B7B9ECD7C2BBE9EBFC25772BDFB0D6F8802ACFEBCBC0B4FE94B355021938674494D5EA9AF47021435D2B0345BA71184A34B9141737D3C71C18AA9EC80F926990CDBD14D6C3D5012F50B7ECA0D2689DD8CF96A58BD238045F19BAFD2024F84E29D4C57B2B1D19C3D029B9CBDCB259E7C4B0C345E99D024BE7A4715CA9A9795E2F289724396EBC8046A93AE799010000000E000000385835324E41646D516B412533640200000000000000
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
ChangeNotice
0
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C82DD251743ABA419471DBB46E4207B3000000000200000000001066000000010000200000000D80F7CEEF958BB4298382DD869FCB253AF7BBC71EAD9E36AD01E257E84D8744000000000E8000000002000020000000CEEE7EE21FF9F7C23C3A8DE61215FFBF11D37CDB157ED13B7C07821C4100A86D10000000F926B2B0096F83549FAC9341A32F4D7E400000004B6A055F6CECB7054B27C7A19772E926DDE5CAAD90D809293A0463EFF6946DCC0237E18AD6DC0210F03D32EDC208AA39FC18C304569B4D7E161B0A22C1E912FB
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C82DD251743ABA419471DBB46E4207B30000000002000000000010660000000100002000000079DEADF288438D8D2AB7A85BA04EA62F622DF580B17BCAE52FFD4DA8C3F7A03B000000000E8000000002000020000000C38CCB3D06189FFB2E3C7C6418A30715667D26DC79CA290E227DED22167AB880500000000A971AE7030FEC19563AC1EEF80BD475C2E647FA86D57649E431C9E92463808C6FBAABCF343AE185B3371D18CF9E6A4DED038BCF17E19793714C19A0D179CD8D928806BA37BE1F2D7ED32D37CFBDC20240000000E06D9FAC764E6C8D3E50943FC7C808C0C974F7C6811177E3AE271680D6202392F6D9C46DE690E40C43990177FFEC10791EAEAE50BE5561A0CB8629DBF3EACF0F
2520
iexplore.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
LanguageList
en-US
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
FaviconPath
C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C82DD251743ABA419471DBB46E4207B300000000020000000000106600000001000020000000285EC8034CC5A54E71BCDEFCC77874BBB199A3C23AB1B676372C11374EC4304B000000000E80000000020000200000000970A56771EC686FED4EDC0AC98C6D85472CB53459F7D973B93F3E919D49E18110000000E768869A9282AE1328C197CE772EFC1440000000A32B08E1F4DDAD6865CE0615A21B06C202A849479DDFF4D5C424DB6B88727A76F9F10C8B323D24AAF42B1EEBCD02FE7C0CF0F608703AC238FFD8D4F3C2DE5EA8
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C08000001667D82C0B0C9F9878CFCB7D3380C9314B711FB8E0DD2E87586BA3970A89014699E458288A75EC22BC86F9B78B2106CA80F1331A9A24E202CE64EA3C72758CFBC3F85033E63947492B46E063A8C0F3484A11119758DF998CB4784D64DA498D055EA13C977049EDC27F2845A3B73C16BBF0CB83D2FEC018CC949C296EA3DEA84CF3DB78785A96CFE4D21EF282E879E9AF0F09461D4E0029CB88C03405B14B20E55DA5316CD745B86BDE0F7CE01E8056AEEEDBF379F890AAC9EB04C39A547030E2E5F3C2B4084CB9140D1982E2FB65B8CBCA34FA71908EB0F1056D46778F8FE2DED6DBEAD0AF924C23693796F4211A7722BB256A4397B6E057B1C78BFE045FF8279A5BF8F32F3909FF0C571CE07194BDB3CBA4A95AB03278572A3FDD81E50FEBEC1A5EA41BC91365051094B83ADEECC244A5BA44822C1FD5BF68BDC9F81372C31720FC4ABFDF5779A75FE64B3FCB0A3784635267E3AD3F996AE74DE09011C4894718125C0163E853AC0431E70A47FF9C43EE81AFAD95AE842DCFEBAE3B21DD4B1D69C62980D8C4387547A6ACFFC7BE581B413402EA27644763ACA1AAA4F5CCED078017523AAFEB7664942D608E7C4164D9C58AB6E2C48DEAD3F76527606F849F7B14E3364B0B66690B33A94ABAA7A1A51C55677B974EEEF7B67A373F58E10CCF8192534410CD343252B0429DF9DBD097DCCAD5B0CD589E27EEDF1E37578C63B5CAF2493E12F75E6912C3F18B6C9ADDD8EF9FD494B653A7AB6C700F8FFA1388D039CEC709D7ABCF4C2968AFC92B16A03E91CE6E6B82F1F70178B7077815488EAB5221E5178F6C7CFAA3287B394A114A83F11089EF8EF59CB7D66E2D907C9D46867D8583235FDB89F15DDD42321B3CBC50B3A03EEAAB8082DE747F4340B4D3E1B60443CC2F10DAEF8CEDB139C71B3AF81D64177D18D594D6500254729C7C9E4232BEC6856554FC9AF113FE3883799E02C5378048D381E461FFF087B86A723E86C54967DF14E8428DC53D5E3814E8F7ED043714AE95FDB1430D3EF30CDC1A76868FA311C4D6485ED7654F2B52C80C8A9243488E87AAA88D7179EA006935D1E860E30A8E3F391E8375E833EF8C353BC8160038780411B79B0F183B29DC9948D60012E1B74C1B53826A5B5D64B82F34727BD388DB1E40583BDE5C2BF9672F60E18784FE56DDF922ADACA29BC50E61E7DB9E52F8B1BD195BD1F3A25208F34488DCCD5E3946F005AAB7224DB5AA619297158D40EB25EFDE321F73EBA1C29294C179EE2D2021B86CDF410A02791EC4C1369242B90531A7A9D166312E3AA042C9EBBACD9079D0F59ED18D342C4EEC420A6573D6D9B29EFE33AEA84CFB1EDC0AB9CBB18ABB674EDC13362DBC8FF01CD22AC5AC351AA787DB6C6B17AA090D7FDF6631E016869395360679047715BAFA66C2E08D69C060264F1334B66C144215CBDD7FF8647E166E305F8A3399D68EEF1C9C9499644CF74442541E7661D36087BFCBF23C9A6C71A3B36EDE9D05D06484DFB12162308D08FBC6FF6BF9B350F79FB61EFD4E8AC2FECFC3D64152C4FDC8059D0032B9D292E866ED1A2562671A6FF7C0382680510E46BC7BE9F256DA8363EB79783002436DCFFF9897A2C25BB3B929ECB26F33E4F8A913A76A5F3B2392783069DF632D82DE4C1FDEEB99EB9E307F8018B7649B5439127F7046CC11DC5F9ACE5D3DF01D9F882F01A6C5A9F0223149E45AD64A58875F24E9C059C4DCDD2F900F66F960B47A70AE6F0B45C6021676B550BE3B33DD99AC1FFCA62DC4AE23E8626D88203374256A23E1FD49D1D34C1912CF1198294C6B9903922D3AE467C6C77912AE17B47EA8FC81047C63B905C2C562598BEE72E71229B9442CCE48DBA3BD05B8EFB99965F49AF9D082F8E64BAF4ECEBA0439ADCF83DCA3ECCCB96E7BE20C63DA30F37E3C109624202D8AC376C2A58AAA937AD1D7D2F83185E90B73BA76A158408EB6BAF30A0C17ED55485FD933D2C8C532959A21E1E4A9399BD3153954AA1455F0F9FE8CC5349C820F280A14FB895443F2ED81FFD39312A1E7A94AAA7B96E7347D2AFE4B506A88F8523BC11C149B87A0BB64E5239AC17E38B5352C0FF90E48E5F1020EF0BEA2BF5A3ACCE6107F05A3559ADC7E6F1BABD6D82FD9342BC78627449F65CC2EE84F5831AB81DD542DBE5E8C6DA3C7547DCA1ECA11F8F31FE8E216EA4190C947E3E06E68AAFC67C9329ACC6F58EB3FB59EEB29089C47C73E5E56FCE0F3175B0DB03131593FD132918BC8AB28567675B4933D03CDBA712A2906D2C362C8EECF7258C3109D5C981FAF26ED472175500C935D81AC4351D93F52184A183995C5CBB7C1F4E39F03958E141978B464911E30C3FAA144039456C37B797A9C7F88BD0B20066751384EFCF4B267CF53FBCF789D7851D92E18503651572A81F22E81321D8D124EA7231FFC624BF956C161016EA2E29C67A8CBAFE5E837172A69008809D830FEB136B97DA09D12DF298C0E5FCF7BA49605722797A9FDDD608BBE8FADBD391DA3F2F84552E299290B4E0AADBCE26310797B5B56063B2A6C0871D0C5DD15FB75216DE9C0DD8E00A092F3FA492A40BF8815E584A1189D71D4F5181DAD0E0CF0298E57ABD5E3E0B8CB6335A25ABA90433D96534F42AA10163A3F291F2F5FE9767CA2043CBE84D2E95B8DBF137C4F3F28F2D8344984C626394DBA749586BD8107E096B50E24B27894030A39A067E1404049FCD2B1218938DC619BB95BFD12E8E74752C5E1027F4C30A3C0BCEE3793292BB4D789FB92CBB21077C9348EEC9B77F7E2EAC66381CA21DDAFD3C43DC55EF06F559D7AC312AC90A3024866133F23EA25E54640835CAF43ADB936C9C80B2EBDA20E2BFC8F0B0804F8A30409DA8EBED445407A1BC03D14575531FA4632031AD9EE10796AF68609070ABC2815EBC565998536704E67ED149C6C0BFD1580370FB162DEA0F165CD83E56AEF9AEE04AD2D314259434A49C69EE3BA994950B24107B63C7A93928B6B954CD31F5E8BBB6FEF2EA6CAEEC7C863B10FF78BF0FC9BAB1983B5D665BDC58A447997DD681B81E7CF58437D571D5B0E64AED3F5EFAD9C1F3FE3BC43F2C11D2373910DDBB93F840EB9C1A34295D3BC70AD4B9D7928A09AA760A39010000000E000000385835324E41646D516B412533640200000000000000
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C82DD251743ABA419471DBB46E4207B3000000000200000000001066000000010000200000006018E55742B511468C0BCB149F32538135896161B5CC24E95CED4B1E55B734F9000000000E80000000020000200000006AF0A1A582C2DC233D5CA4072E834D23C2B8E18F7C9EDDD8CFF242AA39B98360500000002C93FB5C2832CCD527DEE63797946F2261A5486152465D7BE05CBF32CC5DDDBF866681F0C0A33551AA1327D143EE1D40ADCDC278C9B1A768EB5F9C9AB6A5C8AFF4346869870FE153A8FD5BFFFF2B4E30400000000813A3FC18301599BE8333F774CB919C5AB6F92BC9539561C6BB77D91A8DC56A9789F65EEC0C47C8DAC656E62350B8422F6F2D681D15DDE5833220319EA8EC69
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C82DD251743ABA419471DBB46E4207B30000000002000000000010660000000100002000000031A35CF1C73D1AA69DAE3F15FA2BE3607780933417C7F79455F6597E8D5609E8000000000E8000000002000020000000086E51BBA01289C8DC36A94C402D58D180CCC64ABCED99B1B90DA80118B9FD79100000008F1A5EB0C70380066C5B1E971D2AE40840000000D549F0C53826A67AB38258E119F5E390E32F523D366686EBDA6C537AA0AF12DEBD34C083E46FD631C7D86763C702AD8FC2D4A651F2C86049808F76EFC8F46BB2
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\User Preferences
88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C82DD251743ABA419471DBB46E4207B300000000020000000000106600000001000020000000D5CD2FBF74BB6BC11B060881237873D6A4C69311ED7C993E74ADE9422E062249000000000E80000000020000200000009C26700606B5E114576D8359FC00B5CB62DB9BB8F7A391A63CF626794D805CFE50000000461C1963F5EE1FBC3E32B667F90C967BB333D5E3745FA82DDB42029C649C89C509D5A8CCB585E279FC49A5F04A895AA024A4409DE4840C2CE2D0558E798FEFCDFCD9F56C933FE586E139E8C171C2D85440000000C00158263EE236AD1D7A3C33A2378E4D94AA10655759A47053F04A179D23D724FC623EB3A8F2D71002FD548A6D331D16A9F2FED8534B67CC250F6CDAB15F1D03
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\EUPP Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\DSP
BackupDefaultSearchScope
000000009C08000042D65CD8FDA3BFA2C8E66DEBB6E78F23A78B97E7DB136A2D12E7F7E0BD28CC494A307214E5B59BB81451863CBDFBC7A67B88C46D5C3EC40F6B086AF41AE696953F979E76A3A03B251D307DF9DF7DAF26D7A1A791C0119E66AC2D1D8D4095FE35362B0282DA04B9BEF8A4568BBE4018A44CF81D927A2E17BBCE78674497D4B9C90C0C4F19F881978882CDDFE08BE44C6683ABC86801336BB71F087C5F1645F8B6365A0067E0B71CFD42CC4197440AE3753DDCE758AAC1047159FD7BE978879BE32D35FB995D4618E24FBFA4770A50F526EFA964526C79FA4F3777D414F53935924EBD496667CE0AAFE9C7EC4347573FB518347621ECF92673FC951BF25DFD853ABA1222670FEF33863F0544D2E2BFBCEE8F9B526E7EE3ACB69579A37153723684E2547D4051496DB86E97847AE82825EA19002D8E57D51D3E3142A8B9DC375543F1A3DC97607C1BDBFA9EC2D3993258D7958188248F70F99549105CCB0CEE118F921F6CE1BB2715739F3A53BD217E7ED44D4044930C55875DDB0243754F366DE195E8A5F4F0EC2F261B8C66BF59AAC5DB475C5238F722C58B9D3AA29A82AE234B9B1E5675876A118436B267B42257DBBDCFF4A4831979333778D7F6C55BF8F0B5B2E1550DAD41265DBCCD39C78F255B2A162ACFD381F8FCFA40F91E0D03B3A637BA51B673E1111BA774FE79BF98B4F0CBFF1CDD268040BDDD6AC00C47C57E6871EC8EFD46127A11F66363C09CACA43B724AECA49B30F2C2D8A04B19916CFBE407BFB87AB2171C4281A91D54857496554DCFB8F1C2DAACDBDFCCBC722189C8D220A1EF47EA6B97F2B8BD4C2D004428623642A277BD5A1093810132BB6AC4875DF8BB53FA72508B5F6E0211358436FB6F0BC9C8CF2FEDBCCA1840CDA49530D72681870472377098218A148A745216AFA019324C9BFF8C51478582ACF63F8457711A8F227975625E9252C0D802A2DCE47B99AB4CA5E72B707680CFF1F492FEA9254D95CD7672997C2942DA1B6C21AA3A4F3422EAC4D3AEB73376C8BB7AA92A6C72A592250506E894AC6C2D74C2BBCD51ADA4BB4455155DC801F9272AFC41A33FE68D6B4B3FF4D5456478F10195BB59CA555E347CAE61AC41F0BC555E4BC4C0C43947385DDF10D52F6C21E9E3DA3402434646DEB074A4F6C3912478766A96539A74E9667CBD3CB7F2C752333BF7BF185DDA8258025F9D08EF1664C7945AC080604C7477C80E2C062E53CD05274888F4B87250C190D252F463C22D1BD7B3E0EAB863F54161FFFF0983F65ADEC80AA9CCF43DEFA07CD05143C182ED0D5F2C717641E2B67E67CCAC35917397913E54D992B1299E7AE56DBEDFA70B9DAA4BE55BE69A0A8577FA5A367FF834470EAAAC657F9011A3ABEA6A3444B7491DF0BD5BDD9365BAFF9A3A77B47D58923CF02A68810D2F9A6731AD41771E8FAF27A6D48DBC42410DFB2547E32E9E501DD0A1DF66DF2C2F7AA1C74C09F3B2D06ACC6FB079CEEECDAAF53941B3428482ABE477EA65A1D330038D5CE9010E4A1B277E3E718DC509AB1E976F48E29D888D7D7F0F692391CED2113CD5A29646E30EEAB698367B60657A0D46087C74448811D9EDE17D1AB185B5A5EA0C991126794B8D1D952130D38ED9EEC752FDC1AB8EAE547C4C4661159779E96BB2ECC2FF4B706B4E5F51FD94046A0EF444EB3BA2EC04B1BD53E5651144BFAFA423BD3082AA1E9F1F59E6866C78CC7E794D661B0750B308600F78DEB42E251B17B52AA91715F6A08872006CDEB09E5EAA5C8E4354275BB894F9209F97324C897B0D558B16C896500AABBED6D529828065FA831BF47B9CAD045EFEF8F7A2D4EA6AA35CDCC245A09DAFC24254B363174D07B765A36D6016EB596430E922D35D3D19CE61AC1A11B2389E2CAB639C81FC5967BD54635B7A696153B2D79335868704229182E17C826D0C314D19E01E10D3A0F1FB7056319634186CDB13B7272AF3B3610DE1C7142872EFAA8BABEC295F3B9FC4D0D96ADAAE19B9140A0523264D3F79DE3B9D281CF45FE46FE3832D4DD2D325E6C9AF1B1C87B71D740CCBCB42210C8BC3DCD517ED24D630D93DC0AC520F3D5284E01257D4DDAE83C38186A46ECAFA7E6F26AB71E09475859112834F1F6B18E547CE22ADFBAF9ED9312B5740C8C7A98287B03DFFFE80DDE8816FE910E8C80307B8AFFFC7820C27D25A215C5B35F1B9892955AD188129AF6351A114E0B836A02CAEB3C9A4F81EE9234DF1B6005275CB5F21C6192723DC89DB75F5259944868D0AD4BFA029033F841123B985B6AD127D7A345AA38E404F0D33CE153B6B10C46C8839A7A404A9589877275CEA98533E70907CCA694DC8B4D97DD5417610DF71DCCDF783F5D0684AC54889080300AC17448AD5608D9DF99E8EC75B98F5BA7F9A7CCDDF82B3442138AB67A8DDF129A69D99FD52A12D4AFA11CD66DBD1DAD6D9F3EE25418FFE44CB9EE9EEE69FD41834A60F08CA386BD930A4349E50E744EF5537D17FBB81F6D501B021421137CD5C1A9446BF73B765EC7847650DAF2D53D9908CC4641E76BC72599BF2AB56C3FA5F0852DF108E2F3D7B22DFFEB8D94327E261B569D35E696E3D89F0FC38CCE57C87074778B21CEE118DC3F9A0F335E2DF9D2C6E5FAD98772DFA64FEDFE0857D749C3802B201B01803C3D520ECE6C6D09D0A8882458D217B1928A2393BAC3A070066DEFB2D14439131882A958027DE01801431F9BD7CAB51528A753BB0D97EF04144B8D1890022E3BDEE2A5FFE5C5B44A8B0507666C9735AF8BCF62ADE6E869157DBB3BB6630E86BC674E3EF04B1759B34C70DA8DF658C322B975A2D65677D3C6305E57B659A87E66B5AEA2E347420A7468774ADCA1528530B73FC67E5F070F78330D65124F76630CE830E062CF3F4A7FD34AB5CC671022BB89F3496FD27BFF3D835203644DD86CD0D1AD7958D82B264793673E07204CB7F525C05C34FCD247583445BE065C1C24F4AF1D35CF89C4F63DAB6FF1A70A2B035F9678DAC7A7A4F39A2AE5789279316D5A37CBDCD0B0993DD3FA71B505F4AED3BCD3453D01EDA04C1563DAEB22A58FC433A56676A686748C6CABE9BB9DEF36A11EE885FA0DBDCDA8FBF3499910EA6D2B42DC88002ADD1F70D9A9A23010000000E000000385835324E41646D516B412533640200000000000000
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Time
E607010005000E00150001001E00C600
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Blocked
26
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Count
26
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Count
26
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Blocked
26
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore
Count
26
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Count
26
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Time
E607010005000E00150001001E00C600
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Time
E607010005000E00150001001E00C600
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore
Blocked
26
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28BCCB9A-E66B-463C-82A4-09F320DE94D7}\iexplore
Time
E607010005000E00150001001E00C600
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore
Blocked
26
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionHighPart
0
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
HashFileVersionLowPart
2
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateLowDateTime
988399986
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
NextCheckForUpdateHighDateTime
30935484
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateHighDateTime
30935433
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateHighDateTime
30935433
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastCheckForUpdateLowDateTime
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLLowDateTime
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastUpdateLowDateTime
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\VersionManager
LastTTLHighDateTime
50
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C82DD251743ABA419471DBB46E4207B300000000020000000000106600000001000020000000FE01A89A151C9D1ED7741D7FBFB18BF57FA88E31E3C69D8C36DEDB14CD1E7DCD000000000E80000000020000200000004C525CF74AC86A303D02A092BD12939BD162C08E6E9FD41F111F5B33D7805AE1200000009822C0C81A359947698A150E8DE63CC7A8244D5CA3181B99C8E735464FB2B73340000000B3C730B5792FD010C735DFBD9B418E9092A56859CE4E2AE7780202D6B34D288886D0AB7C8D8E02F81034738F68F97D3B104B6E8D6F00E4F20BC5B08252207BA1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
4015F1FB8909D801
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion
NextUpdateDate
348959047
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames
en-US
en-US.4
2520
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
Blob
040000000100000010000000E4A68AC854AC5242460AFD72481B2A44530000000100000040000000303E301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C00F00000001000000200000004B4EB4B074298B828B5C003095A10B4523FB951C0C88348B09C53E5BABA408A3030000000100000014000000DF3C24F9BFD666761B268073FE06D1CC8D4F82A41D00000001000000100000007DC30BC974695560A2F0090A6545556C1400000001000000140000004E2254201895E6E36EE60FFAFAB912ED06178F39620000000100000020000000CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F0B000000010000003000000044006900670069004300650072007400200047006C006F00620061006C00200052006F006F007400200047003200000019000000010000001000000014C3BD3549EE225AECE13734AD8CA0B8090000000100000034000000303206082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030106082B060105050703082000000001000000920300003082038E30820276A0030201020210033AF1E6A711A9A0BB2864B11D09FAE5300D06092A864886F70D01010B05003061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F74204732301E170D3133303830313132303030305A170D3338303131353132303030305A3061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F7420473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BB37CD34DC7B6BC9B26890AD4A75FF46BA210A088DF51954C9FB88DBF3AEF23A89913C7AE6AB061A6BCFAC2DE85E092444BA629A7ED6A3A87EE054752005AC50B79C631A6C30DCDA1F19B1D71EDEFDD7E0CB948337AEEC1F434EDD7B2CD2BD2EA52FE4A9B8AD3AD499A4B625E99B6B00609260FF4F214918F76790AB61069C8FF2BAE9B4E992326BB5F357E85D1BCD8C1DAB95049549F3352D96E3496DDD77E3FB494BB4AC5507A98F95B3B423BB4C6D45F0F6A9B29530B4FD4C558C274A57147C829DCD7392D3164A060C8C50D18F1E09BE17A1E621CAFD83E510BC83A50AC46728F67314143D4676C387148921344DAF0F450CA649A1BABB9CC5B1338329850203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186301D0603551D0E041604144E2254201895E6E36EE60FFAFAB912ED06178F39300D06092A864886F70D01010B05000382010100606728946F0E4863EB31DDEA6718D5897D3CC58B4A7FE9BEDB2B17DFB05F73772A3213398167428423F2456735EC88BFF88FB0610C34A4AE204C84C6DBF835E176D9DFA642BBC74408867F3674245ADA6C0D145935BDF249DDB61FC9B30D472A3D992FBB5CBBB5D420E1995F534615DB689BF0F330D53E31E28D849EE38ADADA963E3513A55FF0F970507047411157194EC08FAE06C49513172F1B259F75F2B18E99A16F13B14171FE882AC84F102055D7F31445E5E044F4EA879532930EFE5346FA2C9DFF8B22B94BD90945A4DEA4B89A58DD1B7D529F8E59438881A49E26D56FADDD0DC6377DED03921BE5775F76EE3C8DC45D565BA2D9666EB33537E532B6
2520
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
Blob
5C000000010000000400000000080000530000000100000040000000303E301F06096086480186FD6C020130123010060A2B0601040182373C0101030200C0301B060567810C010330123010060A2B0601040182373C0101030200C00F00000001000000200000004B4EB4B074298B828B5C003095A10B4523FB951C0C88348B09C53E5BABA408A3030000000100000014000000DF3C24F9BFD666761B268073FE06D1CC8D4F82A41D00000001000000100000007DC30BC974695560A2F0090A6545556C1400000001000000140000004E2254201895E6E36EE60FFAFAB912ED06178F39620000000100000020000000CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F0B000000010000003000000044006900670069004300650072007400200047006C006F00620061006C00200052006F006F007400200047003200000019000000010000001000000014C3BD3549EE225AECE13734AD8CA0B8090000000100000034000000303206082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030106082B060105050703082000000001000000920300003082038E30820276A0030201020210033AF1E6A711A9A0BB2864B11D09FAE5300D06092A864886F70D01010B05003061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F74204732301E170D3133303830313132303030305A170D3338303131353132303030305A3061310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D3120301E06035504031317446967694365727420476C6F62616C20526F6F7420473230820122300D06092A864886F70D01010105000382010F003082010A0282010100BB37CD34DC7B6BC9B26890AD4A75FF46BA210A088DF51954C9FB88DBF3AEF23A89913C7AE6AB061A6BCFAC2DE85E092444BA629A7ED6A3A87EE054752005AC50B79C631A6C30DCDA1F19B1D71EDEFDD7E0CB948337AEEC1F434EDD7B2CD2BD2EA52FE4A9B8AD3AD499A4B625E99B6B00609260FF4F214918F76790AB61069C8FF2BAE9B4E992326BB5F357E85D1BCD8C1DAB95049549F3352D96E3496DDD77E3FB494BB4AC5507A98F95B3B423BB4C6D45F0F6A9B29530B4FD4C558C274A57147C829DCD7392D3164A060C8C50D18F1E09BE17A1E621CAFD83E510BC83A50AC46728F67314143D4676C387148921344DAF0F450CA649A1BABB9CC5B1338329850203010001A3423040300F0603551D130101FF040530030101FF300E0603551D0F0101FF040403020186301D0603551D0E041604144E2254201895E6E36EE60FFAFAB912ED06178F39300D06092A864886F70D01010B05000382010100606728946F0E4863EB31DDEA6718D5897D3CC58B4A7FE9BEDB2B17DFB05F73772A3213398167428423F2456735EC88BFF88FB0610C34A4AE204C84C6DBF835E176D9DFA642BBC74408867F3674245ADA6C0D145935BDF249DDB61FC9B30D472A3D992FBB5CBBB5D420E1995F534615DB689BF0F330D53E31E28D849EE38ADADA963E3513A55FF0F970507047411157194EC08FAE06C49513172F1B259F75F2B18E99A16F13B14171FE882AC84F102055D7F31445E5E044F4EA879532930EFE5346FA2C9DFF8B22B94BD90945A4DEA4B89A58DD1B7D529F8E59438881A49E26D56FADDD0DC6377DED03921BE5775F76EE3C8DC45D565BA2D9666EB33537E532B6
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPGoldbarText
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPRestoreBarLimit
1
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPGoldbarOKText
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPGoldbarCancelText
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPMSNintervalInDays
20
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NextNTPConfigUpdateDate
349007640
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
NTPOnlinePortalVer
3
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
8093703B8A09D801
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C82DD251743ABA419471DBB46E4207B300000000020000000000106600000001000020000000B0A6769397927A9A4355FECAB08D87C7E4B9567647B0A152E83D8E55EB5E140F000000000E80000000020000200000003395E7836B7DF8C4283363991D5CA0FCA031425024BDED409EE4CE50AC360FE520000000365C6ADFF91A1C317BDA190A640BBE473CF08C8AF7B8F74AAB5BC6B44FE5565C40000000EECE8019C5621CE5CB57D9BD0AF2CDBDE6260AD03CD786824F5174E65B8D0034AFAFF66F3E2AE267ECD91A8B85BD59F299AEC870C1451FE02282D05D3FA40427
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
604C3C408A09D801
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C82DD251743ABA419471DBB46E4207B3000000000200000000001066000000010000200000009FBF85DB9141FE6B92B29E89078A96F53542BB423BAEFFF46FDD2A3AD9DC29DB000000000E8000000002000020000000B2905E771B4FB4EAA8F41BB56909829DC60A963C1B4F87F5AA4FFD1E19B20EA2200000003983EC2C6882A32FAF275E4BFD2C206C0F8FD8E0BA77D8872A314D6ABB977182400000002C1975344F621D793A93937E43FD425389E99BB5F852565321B491F62B991D997B79F034557EEB95FB44DEBB290946E5C35F89643AD2D406ED73B3930499773A
2520
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E1C950E6EF22F84C5645728B922060D7D5A7A3E8
Blob
5C000000010000000400000000100000190000000100000010000000E6FEE6521C735BC60C74EBB251DA38666200000001000000200000002A575471E31340BC21581CBD2CF13E158463203ECE94BCF9D3CC196BF09A54720B0000000100000018000000470054005300200052006F006F0074002000520031000000140000000100000014000000E4AF2B26711A2B4827852F52662CEFF08913713E1D0000000100000010000000AFEC13F04D331040C81E81D2B3EC2E24030000000100000014000000E1C950E6EF22F84C5645728B922060D7D5A7A3E80F0000000100000030000000E4C58A0A499480862DB093ADA2B299298D57D1C586BEE12C4B74D5E13DD4BCBDA6D57BE981EEE012E984E6B83D0B4C7B09000000010000002A000000302806082B0601050507030206082B0601050507030406082B0601050507030106082B0601050507030820000000010000005E0500003082055A30820342A00302010202106E47A9C54B470C0DEC33D089B91CF4E1300D06092A864886F70D01010C05003047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F74205231301E170D3136303632323030303030305A170D3336303632323030303030305A3047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F7420523130820222300D06092A864886F70D01010105000382020F003082020A0282020100B611028B1EE3A1779B3BDCBF943EB795A7403CA1FD82F97D32068271F6F68C7FFBE8DBBC6A2E9797A38C4BF92BF6B1F9CE841DB1F9C597DEEFB9F2A3E9BC12895EA7AA52ABF82327CBA4B19C63DBD7997EF00A5EEB68A6F4C65A470D4D1033E34EB113A3C8186C4BECFC0990DF9D6429252307A1B4D23D2E60E0CFD20987BBCD48F04DC2C27A888ABBBACF5919D6AF8FB007B09E31F182C1C0DF2EA66D6C190EB5D87E261A45033DB079A49428AD0F7F26E5A808FE96E83C689453EE833A882B159609B2E07A8C2E75D69CEBA756648F964F68AE3D97C2848FC0BC40C00B5CBDF687B3356CAC18507F84E04CCD92D320E933BC5299AF32B529B3252AB448F972E1CA64F7E682108DE89DC28A88FA38668AFC63F901F978FD7B5C77FA7687FAECDFB10E799557B4BD26EFD601D1EB160ABB8E0BB5C5C58A55ABD3ACEA914B29CC19A432254E2AF16544D002CEAACE49B4EA9F7C83B0407BE743ABA76CA38F7D8981FA4CA5FFD58EC3CE4BE0B5D8B38E45CF76C0ED402BFD530FB0A7D53B0DB18AA203DE31ADCC77EA6F7B3ED6DF912212E6BEFAD832FC1063145172DE5DD61693BD296833EF3A66EC078A26DF13D757657827DE5E491400A2007F9AA821B6A9B195B0A5B90D1611DAC76C483C40E07E0D5ACD563CD19705B9CB4BED394B9CC43FD255136E24B0D671FAF4C1BACCED1BF5FE8141D800983D3AC8AE7A98371805950203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E04160414E4AF2B26711A2B4827852F52662CEFF08913713E300D06092A864886F70D01010C0500038202010038960AEE3DB4961E5FEF9D9C0B339F2BE0CAFDD28E0A1F4174A57CAA84D4E5F21EE63752329C0BD1611DBF28C1B6442935757798B27CD9BD74AC8A68E3A9310929016073E3477C53A8904A27EF4BD79F93E78236CE9A680C82E7CFD410166F5F0E995CF61F717DEFEF7B2F7EEA36D697700B15EED75C566A33A5E349380CB87DFB8D85A4B1595EF46AE1DDA1F66444AEE651832166C6113EF3CE47EE9C281F25DAFFAC6695DD350F5CEF202C62FD91BAA9CCFC5A9C93818329974A7C5A72B439D0B777CB79FD693A9237ED6E3865467EE960BD7988975F3812F4EEAF5B82C886D5E1996D8C04F276BA49F66EE96D1E5FA0EF27827640F8A6D3585C0F2C42DA42C67B8834C7C1D8459BC13EC5611DD9635049F634856AE018C56E47AB4142299BF6600DD231D3639823935A008148B4EFCD8ACDC9CF99EED99EAA36E1684B71491436283A3D1DCE9A8F25E68071612BB57BCCF9251681E1315FA1A37E16A49C166A9718BD7672A50B9E1D36E62FA12FBE70910FA8E6DAF8C492406C257E7BB309DCB217AD8044F068A58F9475FF745AE8A8027C0C09E2A94B0BA0850B62B9EFA13192FBEFF65104896CE8A974A1BB17B3B5FD490F7C3CEC831820434ED593BAB434B11F16361F0CE66439164CDCE0FE1DC8A9623D40EACAC53402B4AE89883335DC2C1373D827F1D072EE753B22DE9868665BF1C66347551CBAA5085175A64825
2520
iexplore.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E1C950E6EF22F84C5645728B922060D7D5A7A3E8
Blob
040000000100000010000000821AEFD4D24AF29FE23D970614707285190000000100000010000000E6FEE6521C735BC60C74EBB251DA38666200000001000000200000002A575471E31340BC21581CBD2CF13E158463203ECE94BCF9D3CC196BF09A54720B0000000100000018000000470054005300200052006F006F0074002000520031000000140000000100000014000000E4AF2B26711A2B4827852F52662CEFF08913713E1D0000000100000010000000AFEC13F04D331040C81E81D2B3EC2E24030000000100000014000000E1C950E6EF22F84C5645728B922060D7D5A7A3E80F0000000100000030000000E4C58A0A499480862DB093ADA2B299298D57D1C586BEE12C4B74D5E13DD4BCBDA6D57BE981EEE012E984E6B83D0B4C7B09000000010000002A000000302806082B0601050507030206082B0601050507030406082B0601050507030106082B0601050507030820000000010000005E0500003082055A30820342A00302010202106E47A9C54B470C0DEC33D089B91CF4E1300D06092A864886F70D01010C05003047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F74205231301E170D3136303632323030303030305A170D3336303632323030303030305A3047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F7420523130820222300D06092A864886F70D01010105000382020F003082020A0282020100B611028B1EE3A1779B3BDCBF943EB795A7403CA1FD82F97D32068271F6F68C7FFBE8DBBC6A2E9797A38C4BF92BF6B1F9CE841DB1F9C597DEEFB9F2A3E9BC12895EA7AA52ABF82327CBA4B19C63DBD7997EF00A5EEB68A6F4C65A470D4D1033E34EB113A3C8186C4BECFC0990DF9D6429252307A1B4D23D2E60E0CFD20987BBCD48F04DC2C27A888ABBBACF5919D6AF8FB007B09E31F182C1C0DF2EA66D6C190EB5D87E261A45033DB079A49428AD0F7F26E5A808FE96E83C689453EE833A882B159609B2E07A8C2E75D69CEBA756648F964F68AE3D97C2848FC0BC40C00B5CBDF687B3356CAC18507F84E04CCD92D320E933BC5299AF32B529B3252AB448F972E1CA64F7E682108DE89DC28A88FA38668AFC63F901F978FD7B5C77FA7687FAECDFB10E799557B4BD26EFD601D1EB160ABB8E0BB5C5C58A55ABD3ACEA914B29CC19A432254E2AF16544D002CEAACE49B4EA9F7C83B0407BE743ABA76CA38F7D8981FA4CA5FFD58EC3CE4BE0B5D8B38E45CF76C0ED402BFD530FB0A7D53B0DB18AA203DE31ADCC77EA6F7B3ED6DF912212E6BEFAD832FC1063145172DE5DD61693BD296833EF3A66EC078A26DF13D757657827DE5E491400A2007F9AA821B6A9B195B0A5B90D1611DAC76C483C40E07E0D5ACD563CD19705B9CB4BED394B9CC43FD255136E24B0D671FAF4C1BACCED1BF5FE8141D800983D3AC8AE7A98371805950203010001A3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E04160414E4AF2B26711A2B4827852F52662CEFF08913713E300D06092A864886F70D01010C0500038202010038960AEE3DB4961E5FEF9D9C0B339F2BE0CAFDD28E0A1F4174A57CAA84D4E5F21EE63752329C0BD1611DBF28C1B6442935757798B27CD9BD74AC8A68E3A9310929016073E3477C53A8904A27EF4BD79F93E78236CE9A680C82E7CFD410166F5F0E995CF61F717DEFEF7B2F7EEA36D697700B15EED75C566A33A5E349380CB87DFB8D85A4B1595EF46AE1DDA1F66444AEE651832166C6113EF3CE47EE9C281F25DAFFAC6695DD350F5CEF202C62FD91BAA9CCFC5A9C93818329974A7C5A72B439D0B777CB79FD693A9237ED6E3865467EE960BD7988975F3812F4EEAF5B82C886D5E1996D8C04F276BA49F66EE96D1E5FA0EF27827640F8A6D3585C0F2C42DA42C67B8834C7C1D8459BC13EC5611DD9635049F634856AE018C56E47AB4142299BF6600DD231D3639823935A008148B4EFCD8ACDC9CF99EED99EAA36E1684B71491436283A3D1DCE9A8F25E68071612BB57BCCF9251681E1315FA1A37E16A49C166A9718BD7672A50B9E1D36E62FA12FBE70910FA8E6DAF8C492406C257E7BB309DCB217AD8044F068A58F9475FF745AE8A8027C0C09E2A94B0BA0850B62B9EFA13192FBEFF65104896CE8A974A1BB17B3B5FD490F7C3CEC831820434ED593BAB434B11F16361F0CE66439164CDCE0FE1DC8A9623D40EACAC53402B4AE89883335DC2C1373D827F1D072EE753B22DE9868665BF1C66347551CBAA5085175A64825
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter
ClientSupported_MigrationTime
80F73D578A09D801
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E607010005000E001500040028001C03010000001E768127E028094199FEB9D127C57AFE
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
DecayDateQueue
01000000D08C9DDF0115D1118C7A00C04FC297EB01000000C82DD251743ABA419471DBB46E4207B3000000000200000000001066000000010000200000000CF881DDEB7AABC94B5204AEFFFB065C62F390C34F5DCEB01EB5284B0EF43049000000000E8000000002000020000000917B61E92DB10859486D542D9B95BF2DBB5539391FBDB645DA8B61D1C9E2ABEC200000003D2FCB3F0AE968556A9E2DF6675128166FBCB42EB411BCD025A8359AE3B966B0400000003B5C9647A42B7CA08BA6AD8BA3F3ACD967CB090E16029DE0A973D2549F168001EE010AB182AA237677B80BCE91CF9E806CF4D484109B2F307A9FA90754947C83
2520
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage
LastProcessed
308B4C628A09D801
2376
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Cookies
CachePrefix
Cookie:
2376
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\History
CachePrefix
Visited:
2376
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache\Content
CachePrefix
2376
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\canva.com
NumberOfSubdomains
1
2376
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\canva.com
Total
0
2376
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
(default)
0
2376
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\canva.com
Total
62
2376
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.canva.com
(default)
260
2376
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.canva.com
(default)
384
2376
iexplore.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\canva.com
Total
46