Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ChromeSetup.exe

Overview

General Information

Sample name:ChromeSetup.exe
Analysis ID:1665721
MD5:e12d23b0fa3fd2aed82724816801c318
SHA1:f5ce6a49b8ca36a01dcb75ff0283e9efb2b08cc4
SHA256:5e2a29bd0301b9ca2aeb7df5eddd8f06a841ba5089179ce22d42bb9338c77e87
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Deletes itself after installation
Drops executables to the windows directory (C:\Windows) and starts them
Found API chain indicative of sandbox detection
Found hidden mapped module (file has been removed from disk)
Injects code into the Windows Explorer (explorer.exe)
Joe Sandbox ML detected suspicious sample
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Process Tree

  • System is w10x64_ra
  • ChromeSetup.exe (PID: 6104 cmdline: "C:\Users\user\Desktop\ChromeSetup.exe" MD5: E12D23B0FA3FD2AED82724816801C318)
    • ChromeSetup.exe (PID: 1064 cmdline: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe MD5: 5F0299E8AA87A9C4AC70ED9F7DC8BB69)
      • GoogleUpdate.exe (PID: 4232 cmdline: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={0DB1F154-AF62-7BF8-09B7-0F97CFA8FE66}&lang=en&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" MD5: 047FDBAE45C6D08B606BF3E8CEEFB4C5)
        • GoogleUpdateSetup.exe (PID: 656 cmdline: "C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={0DB1F154-AF62-7BF8-09B7-0F97CFA8FE66}&lang=en&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installelevated /nomitag MD5: 5F0299E8AA87A9C4AC70ED9F7DC8BB69)
          • GoogleUpdate.exe (PID: 2080 cmdline: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={0DB1F154-AF62-7BF8-09B7-0F97CFA8FE66}&lang=en&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installelevated MD5: 047FDBAE45C6D08B606BF3E8CEEFB4C5)
    • cmd.exe (PID: 1712 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 1800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • explorer.exe (PID: 5924 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: DD6597597673F72E10C9DE7901FBA0A8)
  • rundll32.exe (PID: 6304 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["superyupp.fun", "clausegerfild.fun"], "Build Id": "GRAKRA--SHELL"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ChromeSetup.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\nudqwvipwdofyJoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
      C:\Users\user\AppData\Local\Temp\nudqwvipwdofyinfostealer_win_lumma_strings_sept23Finds Lumma samples based on the specific stringsSekoia.io
      • 0x6f944:$str10: CryptStringToBinaryA
      • 0x6f8a2:$str11: WinHttpQueryDataAvailable
      • 0x6f136:$str12: GetComputerNameExA
      • 0x6f74c:$str13: GetCurrentHwProfileW
      • 0x64df0:$str14: ntdll.dll
      • 0x68358:$str16: minkernel\crts\ucrt\inc\corecrt_internal_strtox.h
      • 0x7066e:$str17: xxxxxxxxxxx
      • 0x7066f:$str17: xxxxxxxxxxx
      • 0x70670:$str17: xxxxxxxxxxx
      • 0x70671:$str17: xxxxxxxxxxx
      • 0x70672:$str17: xxxxxxxxxxx
      • 0x70673:$str17: xxxxxxxxxxx
      • 0x70674:$str17: xxxxxxxxxxx
      • 0x70675:$str17: xxxxxxxxxxx
      • 0x7068f:$str17: xxxxxxxxxxx
      • 0x70690:$str17: xxxxxxxxxxx
      • 0x70691:$str17: xxxxxxxxxxx
      • 0x70692:$str17: xxxxxxxxxxx
      • 0x70693:$str17: xxxxxxxxxxx
      • 0x70694:$str17: xxxxxxxxxxx
      • 0x70695:$str17: xxxxxxxxxxx

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.1094091585.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        00000000.00000002.1122058157.000000000351E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          00000002.00000002.1308002183.0000000000A70000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
            Process Memory Space: explorer.exe PID: 5924JoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              11.2.explorer.exe.2cf0000.0.unpackJoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
                11.2.explorer.exe.2cf0000.0.unpackinfostealer_win_lumma_strings_sept23Finds Lumma samples based on the specific stringsSekoia.io
                • 0x6f944:$str10: CryptStringToBinaryA
                • 0x6f8a2:$str11: WinHttpQueryDataAvailable
                • 0x6f136:$str12: GetComputerNameExA
                • 0x6f74c:$str13: GetCurrentHwProfileW
                • 0x64df0:$str14: ntdll.dll
                • 0x68358:$str16: minkernel\crts\ucrt\inc\corecrt_internal_strtox.h
                • 0x7066e:$str17: xxxxxxxxxxx
                • 0x7066f:$str17: xxxxxxxxxxx
                • 0x70670:$str17: xxxxxxxxxxx
                • 0x70671:$str17: xxxxxxxxxxx
                • 0x70672:$str17: xxxxxxxxxxx
                • 0x70673:$str17: xxxxxxxxxxx
                • 0x70674:$str17: xxxxxxxxxxx
                • 0x70675:$str17: xxxxxxxxxxx
                • 0x7068f:$str17: xxxxxxxxxxx
                • 0x70690:$str17: xxxxxxxxxxx
                • 0x70691:$str17: xxxxxxxxxxx
                • 0x70692:$str17: xxxxxxxxxxx
                • 0x70693:$str17: xxxxxxxxxxx
                • 0x70694:$str17: xxxxxxxxxxx
                • 0x70695:$str17: xxxxxxxxxxx
                0.0.ChromeSetup.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Proxy Execution Via Explorer.exe
                  Source: Process startedAuthor: Furkan userSKAN, @userskanfurkan_, @oscd_initiative: Data: Command: C:\Windows\SysWOW64\explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\explorer.exe, NewProcessName: C:\Windows\SysWOW64\explorer.exe, OriginalFileName: C:\Windows\SysWOW64\explorer.exe, ParentCommandLine: C:\Windows\SysWOW64\cmd.exe, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 1712, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Windows\SysWOW64\explorer.exe, ProcessId: 5924, ProcessName: explorer.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-04-15T19:22:57.817870+020020283713Unknown Traffic192.168.2.164969576.76.21.21443TCP
                  2025-04-15T19:22:58.469216+020020283713Unknown Traffic192.168.2.164969676.76.21.21443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: ChromeSetup.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: http://superyupp.fun/Avira URL Cloud: Label: malware
                  Source: http://superyupp.fun/apiAvira URL Cloud: Label: malware
                  Source: http://superyupp.fun/api~Avira URL Cloud: Label: malware
                  Source: superyupp.funAvira URL Cloud: Label: malware
                  Found malware configuration
                  Source: 11.2.explorer.exe.2cf0000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["superyupp.fun", "clausegerfild.fun"], "Build Id": "GRAKRA--SHELL"}
                  Multi AV Scanner detection for submitted file
                  Source: ChromeSetup.exeVirustotal: Detection: 66%Perma Link
                  Source: ChromeSetup.exeReversingLabs: Detection: 58%
                  Joe Sandbox ML detected suspicious sample
                  Source: Submited SampleNeural Call Log Analysis: 87.7%
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D2B4E8 _strlen,CryptStringToBinaryA,CryptStringToBinaryA,11_2_02D2B4E8
                  Source: ChromeSetup.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                  Source: unknownHTTPS traffic detected: 76.76.21.21:443 -> 192.168.2.16:49695 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 76.76.21.21:443 -> 192.168.2.16:49696 version: TLS 1.2
                  Source: Binary string: TEST_goopdateres_unsigned_fa.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036CF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171078593.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171144895.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_fa.dll.7.dr, goopdateres_fa.dll.8.dr, goopdateres_fa.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleUpdateCore_unsigned.pdb source: ChromeSetup.exe, 00000001.00000002.1251309205.00000000012E9000.00000004.00000010.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateSetup.exe, 00000007.00000002.1244624702.0000000001304000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1165706767.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1165526317.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateCore.exe.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_lt.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003720000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003774000.00000004.00000020.00020000.00000000.sdmp, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_el.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169659808.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169588889.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_el.dll.8.dr, goopdateres_el.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: ReInfo.pdbGCTL source: cmd.exe, 00000002.00000002.1308002183.0000000000A70000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1349924091.0000000002D67000.00000008.00000001.01000000.00000000.sdmp
                  Source: Binary string: TEST_goopdateres_unsigned_sr.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000380E000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sr.dll.7.dr, goopdateres_sr.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_mr.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000379A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003740000.00000004.00000020.00020000.00000000.sdmp, goopdateres_mr.dll.1.dr, goopdateres_mr.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_hr.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036BE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003717000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173138407.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173052050.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hr.dll.1.dr, goopdateres_hr.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_bg.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000035F6000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168315157.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168249717.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_bg.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psuser_unsigned_64.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psuser_64.dll.7.dr, psuser_64.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: wntdll.pdb source: ChromeSetup.exe, 00000000.00000002.1130980649.00000000040A2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1311990069.0000000004D40000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: TEST_goopdateres_unsigned_ar.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000363F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000035EB000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168111351.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168043375.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ar.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_tr.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003851000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037FE000.00000004.00000020.00020000.00000000.sdmp, goopdateres_tr.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_hi.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000370C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000036B2000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1172702150.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1172620749.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hi.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: explorer.pdb source: explorer.exe, 0000000B.00000003.1337197632.00000000054D6000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: TEST_goopdateres_unsigned_pt-BR.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003778000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pt-BR.dll.7.dr, goopdateres_pt-BR.dll.1.dr, goopdateres_pt-BR.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_de.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003681000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169339541.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169421038.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_de.dll.1.dr, goopdateres_de.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleUpdateOnDemand_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1177932696.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1178027353.0000000001073000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1178027353.000000000107E000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateOnDemand.exe.7.dr, GoogleUpdateOnDemand.exe.1.dr, GoogleUpdateOnDemand.exe.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ru.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037ED000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003799000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ru.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdate_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1164725360.0000000005C31000.00000004.00000020.00020000.00000000.sdmp, goopdate.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ms.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000374C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000379F000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ms.dll.1.dr, goopdateres_ms.dll.8.dr, goopdateres_ms.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_fr.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036F0000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171795764.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1172037805.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_fr.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psuser_unsigned.pdbJ source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psuser.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleCrashHandler64_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1166376698.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleCrashHandler64.exe.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_gu.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036A7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036FB000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1172388099.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1172277681.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_gu.dll.1.dr, goopdateres_gu.dll.7.dr, goopdateres_gu.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_no.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003762000.00000004.00000020.00020000.00000000.sdmp, goopdateres_no.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_zh-CN.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000387D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003829000.00000004.00000020.00020000.00000000.sdmp, goopdateres_zh-CN.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_kn.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003763000.00000004.00000020.00020000.00000000.sdmp, goopdateres_kn.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_mi_exe_stub.pdb source: ChromeSetup.exe, 00000001.00000000.1116256680.0000000000139000.00000002.00000001.01000000.00000005.sdmp, GoogleUpdateSetup.exe, 00000007.00000000.1148154317.0000000000409000.00000002.00000001.01000000.0000000A.sdmp, GoogleUpdateSetup.exe.1.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ml.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003789000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ml.dll.8.dr, goopdateres_ml.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psmachine_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psmachine.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_fil.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036E5000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171518046.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171617634.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_fil.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_es-419.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003665000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170642664.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170708432.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_es-419.dll.8.dr, goopdateres_es-419.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_sl.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003803000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sl.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_pl.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037C1000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000376D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pl.dll.1.dr, goopdateres_pl.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ur.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003813000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ur.dll.8.dr, goopdateres_ur.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_is.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036DF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003733000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173882662.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173955825.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_is.dll.7.dr, goopdateres_is.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psuser_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psuser.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_th.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037F2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003846000.00000004.00000020.00020000.00000000.sdmp, goopdateres_th.dll.8.dr, goopdateres_th.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_sv.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003819000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sv.dll.7.dr, goopdateres_sv.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleCrashHandler_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1166070535.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1166243026.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleCrashHandler.exe.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_bn.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003601000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168532258.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168463606.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_bn.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_en.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003644000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003697000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169869560.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169811640.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_en.dll.1.dr, goopdateres_en.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_uk.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000385C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003808000.00000004.00000020.00020000.00000000.sdmp, goopdateres_uk.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_fi.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036DF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003686000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171291915.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171353093.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleUpdateCore_unsigned.pdbV source: ChromeSetup.exe, 00000001.00000002.1251309205.00000000012E9000.00000004.00000010.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateSetup.exe, 00000007.00000002.1244624702.0000000001304000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1165706767.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1165526317.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateCore.exe.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ko.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003715000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003768000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ko.dll.1.dr, goopdateres_ko.dll.8.dr, goopdateres_ko.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_zh-TW.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003834000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000388C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000002.1251309205.00000000012BF000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdateSetup.exe, 00000007.00000002.1244624702.00000000012FF000.00000004.00000010.00020000.00000000.sdmp, goopdateres_zh-TW.dll.8.dr, goopdateres_zh-TW.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_nl.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037B0000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, goopdateres_nl.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ca.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000365F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000360C000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168747441.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168678192.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleUpdate_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000004.00000000.1139362998.0000000000F81000.00000020.00000001.01000000.00000006.sdmp, GoogleUpdate.exe, 00000008.00000000.1158803359.00000000000C1000.00000020.00000001.01000000.0000000B.sdmp, GoogleUpdate.exe.8.dr, GoogleUpdate.exe.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: explorer.pdbUGP source: explorer.exe, 0000000B.00000003.1337197632.00000000054D6000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: GoogleUpdateBroker_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1177658349.000000000107E000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1177573759.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1177658349.0000000001074000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateBroker.exe.7.dr, GoogleUpdateBroker.exe.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ro.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000378E000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ro.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: ReInfo.pdb source: cmd.exe, 00000002.00000002.1308002183.0000000000A70000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, explorer.exe, 0000000B.00000002.1349924091.0000000002D67000.00000008.00000001.01000000.00000000.sdmp
                  Source: Binary string: TEST_goopdateres_unsigned_sw.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003824000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037D0000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sw.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_pt-PT.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037D7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003783000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pt-PT.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: wntdll.pdbUGP source: ChromeSetup.exe, 00000000.00000002.1130980649.00000000040A2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1311990069.0000000004D40000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: TEST_psmachine_unsigned_64.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psmachine_64.dll.8.dr, psmachine_64.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_am.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167898673.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167807538.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_am.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleCrashHandler64_unsigned.pdbl source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1166376698.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleCrashHandler64.exe.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ta.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003835000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ta.dll.1.dr, goopdateres_ta.dll.8.dr, goopdateres_ta.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_hu.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036C9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000371D000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173322753.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173460218.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleCrashHandler_unsigned.pdbp source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1166070535.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1166243026.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleCrashHandler.exe.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psmachine_unsigned.pdbJ source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psmachine.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_cs.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003617000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000366A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168874008.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168936260.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_cs.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_da.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003676000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169088888.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169181138.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_da.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_it.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036EA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003743000.00000004.00000020.00020000.00000000.sdmp, goopdateres_it.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_en-GB.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036A8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000364F000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170015595.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170085727.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_sk.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037F8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037A4000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sk.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_iw.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003749000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000036F5000.00000004.00000020.00020000.00000000.sdmp, goopdateres_iw.dll.8.dr, goopdateres_iw.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_te.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037E7000.00000004.00000020.00020000.00000000.sdmp, goopdateres_te.dll.1.dr, goopdateres_te.dll.8.dr, goopdateres_te.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psmachine_unsigned_64.pdbF source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psmachine_64.dll.8.dr, psmachine_64.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ja.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003700000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003754000.00000004.00000020.00020000.00000000.sdmp, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psuser_unsigned_64.pdbF source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psuser_64.dll.7.dr, psuser_64.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_id.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003728000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000036D4000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173650273.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173718462.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_id.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_et.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036C4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003670000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170922867.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170855182.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_et.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_lv.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000372A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003783000.00000004.00000020.00020000.00000000.sdmp, goopdateres_lv.dll.1.dr, goopdateres_lv.dll.8.dr, goopdateres_lv.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleUpdateComRegisterShell64_unsigned.pdbR source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167623929.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167543862.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167260056.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateComRegisterShell64.exe.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_vi.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000381E000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003872000.00000004.00000020.00020000.00000000.sdmp, goopdateres_vi.dll.8.dr, goopdateres_vi.dll.7.dr, goopdateres_vi.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleUpdateComRegisterShell64_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167623929.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167543862.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167260056.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateComRegisterShell64.exe.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_es.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170262460.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170343710.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_es.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D490FC FindFirstFileExW,FindNextFileW,FindClose,FindClose,11_2_02D490FC
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D49048 FindFirstFileExW,11_2_02D49048

                  Networking

                  barindex
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: superyupp.fun
                  Source: Malware configuration extractorURLs: clausegerfild.fun
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveHost: metmuseum.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveHost: www.metmuseum.org
                  Source: Joe Sandbox ViewIP Address: 76.76.21.21 76.76.21.21
                  Source: Joe Sandbox ViewIP Address: 76.76.21.21 76.76.21.21
                  Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49695 -> 76.76.21.21:443
                  Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49696 -> 76.76.21.21:443
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D2BDF2 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,_strlen,HttpSendRequestA,InternetReadFile,InternetQueryDataAvailable,GetProcAddress,InternetOpenW,GetModuleHandleW,InternetConnectA,InternetCloseHandle,GetProcAddress,HttpOpenRequestW,GetProcAddress,InternetQueryDataAvailable,11_2_02D2BDF2
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveHost: metmuseum.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveHost: www.metmuseum.org
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Permissions-Policy: accelerometer=(), autoplay=(self), camera=(), fullscreen=(self "https://player.cnevids.com" "https://www.youtube.com"), geolocation=(), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), payment=(), sync-xhr=(self "https://www.giftcalcs.com") equals www.youtube.com (Youtube)
                  Source: global trafficDNS traffic detected: DNS query: metmuseum.org
                  Source: global trafficDNS traffic detected: DNS query: www.metmuseum.org
                  Source: global trafficDNS traffic detected: DNS query: clausegerfild.fun
                  Source: global trafficDNS traffic detected: DNS query: superyupp.fun
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037B0000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036DF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000370C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036A3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036A3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                  Source: explorer.exe, 0000000B.00000002.1350449133.00000000030A1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1350449133.0000000003068000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clausegerfild.fun/
                  Source: explorer.exe, 0000000B.00000002.1350449133.0000000003068000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clausegerfild.fun/gB
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037B0000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036DF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000370C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036A3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                  Source: GUT72CE.tmp.7.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036A3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036A3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036A3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                  Source: explorer.exe, 0000000B.00000002.1350449133.00000000030AF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1350449133.00000000030BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://superyupp.fun/
                  Source: explorer.exe, 0000000B.00000002.1350449133.00000000030D3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1350449133.00000000030A1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1350449133.000000000308D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://superyupp.fun/api
                  Source: explorer.exe, 0000000B.00000002.1350449133.00000000030D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://superyupp.fun/api~
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036A3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                  Source: ChromeSetup.exe, 00000000.00000002.1128603917.0000000003B2C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1308782275.0000000004B0B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
                  Source: ChromeSetup.exe, 00000000.00000002.1120906766.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/im
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/0962c69139feffd21a6d63e41b84caa12d7674f6-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/1032008ea354b703c01ada25745f7b623f421329-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/11092279c60e4f4b48121c9f76e8d50e94cd5d59-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/1c2e90356149ba0ba76249eec8ad307b513ad620-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/2851596a4b19bf055bda88eac5750de9d34c55e2-1920x1090.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/2a68839fead7142d81db84cd5d009f01a6d77224-862x485.jp
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/362dd4f65145fe84efebf96ba66de7d5db6f8b7f-4096x2326.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/3bbc3f424e7f0f241d806e055fb3a5318dc81791-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/4236b335571cf73d4d3e70ee11239b06b504b71d-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/489c19a05546c5083933f00afc178897b9edf698-2464x1644.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/4b8d02ebd8a1e126b2aa9a5615e266d5ac57237c-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/4be2d0b75d00751e76a262170c35bc14a0dc0e5a-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/4e42824172f3aeb6d59d4454ba39d9596901bf1b-802x1200.j
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/4e8481e185889059219514308e31741720ed3806-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/5c1ca0c4a6de4645ee7dd18bc1bf5d5b3df69aa5-750x1125.j
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/5f61486a45bc4dfb8aa2ad8dfc161327308d939e-345x465.jp
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/60fa2f9d7ffae496a58e3bdb55bd3e7d369dcdb9-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/64a38e096e6e81e1d6e88b8769be6e708c8f0a65-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/6af6c9aaf9e7bc256d383eb4c3d2602d2399f9d1-4266x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/7c1c172e63223dcc7875ff2c342b1d8b663a4e05-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/7c82dc04b9b7cd6fdc7050baac63f9a0fa1d0b58-3200x1800.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/84036b5eee520f1ab8103f322379a93516c5eff2-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/867d851981c2020e19abea4010e2fa979fcc0a03-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/8a74fa97cc00d08a3ea26a042bab5bc6dfb4e2a8-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/99547dac11e9bbb808934240659d0d93e5708026-3360x1720.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/9f369a8de7c44b5ec918db4b2bab1b8d9d3cabf6-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/a1afad5dd26f7cb83b73ea14bcc01026094c6e53-1920x983.j
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/a207b8c68dca50f059cba2dc6d96a4b8da57f39b-5472x3648.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/a8cd0feb5aebb6e8231a8299b2f3adfbc64283f2-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/bd6a29d1711079a2eda5f192d28f2005af355d78-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/bf28177e319669ad50a2fa5ba3bb05ba0bcdec05-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/c175266c21e565e61000c5699ef71803d79dff77-1200x630.j
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/c47d68fbeb2ac1df1c97065fc4c9576314114ac2-2100x1150.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/c4cc1f849b2780bfddedc9977e8adb976958ea2b-1200x810.j
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/c5e320d04f1facb21c6721e345dbd46d52bee3e3-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/cc7db4562568666d922df90241ecb24c726eb1e4-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/ccf1d3d8b3c6fbec860035280d645522ba0b4085-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/d5b3fd10d2a5e48062d52ae48b77de7ca92f58b0-5472x3648.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/d8ac6e50cd46f4257c515a70f99562da91749bbd-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/dc917f2d2991984a1ba767407192a6709ad53751-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/dfb1d1112338568178f4001a0468e80598e00647-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1120906766.0000000002710000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/e4cf1ddaf705095ff5f9c7515d2cfeb4d80090fc-3840x2160.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/e928ba5d5b0fd6419850a02e250a83da148dc75b-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/eb835a48b4ccc4587344f0703a2972142761d95b-5121x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/f262eccdf5ecff8a0cf82f3318e6748c97cc0d1f-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/f6c06acd48c12856028bef010999dfc0f76a150c-5120x2880.
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.sanity.io/images/cctd4ker/production/f72d7e04a58a5f10a681e59e6220c6fde10e04d0-2829x3520.
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, goopdate.dll.8.dr, GUT72CE.tmp.7.drString found in binary or memory: https://clients2.google.com/cr/reportcheckpointGoogle
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1164725360.0000000005C31000.00000004.00000020.00020000.00000000.sdmp, goopdate.dll.8.dr, GUT72CE.tmp.7.drString found in binary or memory: https://clients2.google.com/service/check2?crx3=true&appid=%s&appversion=%s&applang=%s&machine=%u&ve
                  Source: GoogleUpdate.exe, 00000008.00000003.1239230505.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000002.1240060820.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-au/1R4
                  Source: GoogleUpdate.exe, 00000008.00000003.1239230505.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000002.1240060820.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1237641395.00000000010C6000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000002.1242015239.0000000005C52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
                  Source: GoogleUpdate.exe, 00000008.00000002.1242015239.0000000005C52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/19
                  Source: GoogleUpdate.exe, 00000008.00000003.1239230505.0000000000FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1K3w
                  Source: GoogleUpdate.exe, 00000008.00000003.1239230505.0000000000FF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1Persistent-AuthWWW-AuthenticateAccept-EncodingVaryS
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://engage.metmuseum.org/members/join/?promocode=59396
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1164725360.0000000005C31000.00000004.00000020.00020000.00000000.sdmp, goopdate.dll.8.dr, GUT72CE.tmp.7.drString found in binary or memory: https://m.google.com/devicemanagement/data/apihttps://dl.google.com/update2/installers/icons/https:/
                  Source: ChromeSetup.exe, 00000000.00000002.1120268351.0000000000B66000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000000.00000002.1120268351.0000000000B59000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000000.00000002.1120268351.0000000000AAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://metmuseum.org/
                  Source: ChromeSetup.exe, 00000000.00000002.1120268351.0000000000AAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://metmuseum.org/_
                  Source: ChromeSetup.exeString found in binary or memory: https://metmuseum.orgN
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.cnevids.com
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://schema.org
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.metmuseum.org/?utm_source=mainmuseum&utm_medium=metmuseum.org&utm_campaign=012
                  Source: GoogleUpdate.exe, 00000008.00000003.1238335882.0000000001052000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1239230505.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000002.1240060820.0000000001064000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000002.1240060820.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.googleapis.com/
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1238335882.0000000001093000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1164725360.0000000005C31000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1238335882.0000000001052000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000002.1242015239.0000000005C52000.00000004.00000020.00020000.00000000.sdmp, goopdate.dll.8.dr, GUT72CE.tmp.7.drString found in binary or memory: https://update.googleapis.com/service/update2
                  Source: GoogleUpdate.exe, 00000008.00000003.1238335882.0000000001020000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.googleapis.com/service/update2tE
                  Source: GoogleUpdate.exe, 00000008.00000003.1239230505.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000002.1240060820.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.googleapis.com:443/service/update2Program
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.giftcalcs.com
                  Source: ChromeSetup.exe, 00000000.00000002.1120268351.0000000000B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org
                  Source: ChromeSetup.exe, 00000000.00000002.1121392970.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/
                  Source: ChromeSetup.exe, 00000000.00000002.1120268351.0000000000B71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/Z
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/about-the-met/collection-areas
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/about-the-met/conservation-and-scientific-research
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/art/metpublications
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/de
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/es
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/events/programs/virtual-events
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/fr
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/hubs/art-links
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/hubs/families
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/it
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/ja
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/join-and-give/travel-with-the-met
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/ko
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/pt
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/ru
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/search-results?q=
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/visit/group-visits
                  Source: ChromeSetup.exe, 00000000.00000002.1120906766.0000000002710000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/visit/plan-your-visit
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org/zh
                  Source: ChromeSetup.exe, 00000000.00000002.1121392970.0000000003300000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.metmuseum.org:443/
                  Source: ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
                  Source: unknownHTTPS traffic detected: 76.76.21.21:443 -> 192.168.2.16:49695 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 76.76.21.21:443 -> 192.168.2.16:49696 version: TLS 1.2

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 11.2.explorer.exe.2cf0000.0.unpack, type: UNPACKEDPEMatched rule: Finds Lumma samples based on the specific strings Author: Sekoia.io
                  Source: C:\Users\user\AppData\Local\Temp\nudqwvipwdofy, type: DROPPEDMatched rule: Finds Lumma samples based on the specific strings Author: Sekoia.io
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D19B6011_2_02D19B60
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D167DD11_2_02D167DD
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D2BDF211_2_02D2BDF2
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D21AE911_2_02D21AE9
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02CF4A9611_2_02CF4A96
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D17A7C11_2_02D17A7C
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D0B21D11_2_02D0B21D
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D03BF411_2_02D03BF4
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D3639411_2_02D36394
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D4638411_2_02D46384
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D0CB5511_2_02D0CB55
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D1335811_2_02D13358
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02CF40D811_2_02CF40D8
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D118B011_2_02D118B0
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D010A811_2_02D010A8
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02CFC05211_2_02CFC052
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D0601411_2_02D06014
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D5481811_2_02D54818
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D099C811_2_02D099C8
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D389B311_2_02D389B3
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02CFE94911_2_02CFE949
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D0494911_2_02D04949
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D3217011_2_02D32170
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D0491211_2_02D04912
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D0A11B11_2_02D0A11B
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D0713411_2_02D07134
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D356D411_2_02D356D4
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D086E511_2_02D086E5
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D3FE9011_2_02D3FE90
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D0668011_2_02D06680
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02CF8EA811_2_02CF8EA8
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D0BE5711_2_02D0BE57
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D01E6E11_2_02D01E6E
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D407EB11_2_02D407EB
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D2F7BE11_2_02D2F7BE
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D1274A11_2_02D1274A
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D26F6011_2_02D26F60
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D08CD211_2_02D08CD2
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D4D48E11_2_02D4D48E
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02CFD4AC11_2_02CFD4AC
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02CF2C7C11_2_02CF2C7C
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02CFDDF711_2_02CFDDF7
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D37DEF11_2_02D37DEF
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D1458A11_2_02D1458A
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02CF5DB911_2_02CF5DB9
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D235A811_2_02D235A8
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D2ED0711_2_02D2ED07
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D4F53011_2_02D4F530
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D1553611_2_02D15536
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D2552011_2_02D25520
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: String function: 02D31A30 appears 50 times
                  Source: ChromeSetup.exeStatic PE information: invalid certificate
                  Source: goopdateres_ca.dll.1.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
                  Source: goopdateres_fil.dll.1.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
                  Source: goopdateres_hu.dll.1.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
                  Source: goopdateres_ms.dll.1.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
                  Source: goopdateres_tr.dll.1.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
                  Source: goopdateres_vi.dll.1.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
                  Source: goopdateres_ms.dll.7.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
                  Source: goopdateres_tr.dll.7.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
                  Source: goopdateres_vi.dll.7.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
                  Source: goopdateres_ca.dll.7.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
                  Source: goopdateres_fil.dll.7.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
                  Source: goopdateres_hu.dll.7.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .\",\"asset\":{\"_id\":\"image-4be2d0b75d00751e76a262170c35bc14a0dc0e5a-5120x2880-jpg\",\"url\":\"https://cdn.sanity.io/images/cctd4ker/production/4be2d0b75d00751e76a262170c35bc14a0dc0e5a-5120x2880.jpg\",\"_updatedAt\":\"2024-08-21T19:20:39Z\",\"extension\":\"jpg\",\"_type\":\"sanity.imageAsset\",\"size\":2937420,\"uploadId\":\"1tjIsGMU7HE9iWuTCu3Tp4M41C21gqtM\",\"_rev\":\"bZe3p7tjIoOLYkAkD6HTOG\",\"path\":\"images/cctd4ker/production/4be2d0b75d00751e76a262170c35bc14a0dc0e5a-5120x2880.jpg\",\"assetId\":\"4be2d0b75d00751e76a262170c35bc14a0dc0e5a\",\"originalFilename\":\"Recastingthepast_2880x5120_081524_v1.jpg\",\"metadata\":{\"dimensions\":{\"width\":5120,\"aspectRatio\":1.7777777777777777,\"height\":2880,\"_type\":\"sanity.imageDimensions\"},\"isOpaque\":true,\"blurHash\":\"M9Aw%_%L8|NFICtx.hR9s;x?%Kt6RlkUbF\",\"_type\":\"sanity.imageMetadata\",\"palette\":{\"vibrant\":{\"title\":\"#fff\",\"population\":0.23,\"background\":\"#95b859\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#000\"},\"dominant\":{\"title\":\"#000\",\"population\":0.85,\"background\":\"#c3d5b0\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#000\"},\"_type\":\"sanity.imagePalette\",\"darkMuted\":{\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":0.37,\"background\":\"#39512c\",\"_type\":\"sanity.imagePaletteSwatch\"},\"muted\":{\"population\":0.03,\"background\":\"#8ca458\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\"},\"lightVibrant\":{\"foreground\":\"#000\",\"title\":\"#000\",\"population\":0.13,\"background\":\"#c1ec8d\",\"_type\":\"sanity.imagePaletteSwatch\"},\"darkVibrant\":{\"population\":0,\"background\":\"#244c04\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\"},\"lightMuted\":{\"foreground\":\"#000\",\"title\":\"#000\",\"population\":0.85,\"background\":\"#c3d5b0\",\"_type\":\"sanity.imagePaletteSwatch\"}},\"hasAlpha\":false,\"lqip\":\"data:image/jpeg;base64,/9j/2wBDAAYEBQYFBAYGBQYHBwYIChAKCgkJChQODwwQFxQYGBcUFhYaHSUfGhsjHBYWICwgIyYnKSopGR8tMC0oMCUoKSj/2wBDAQcHBwoIChMKChMoGhYaKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCj/wAARCAALABQDASIAAhEBAxEB/8QAGAAAAgMAAAAAAAAAAAAAAAAAAAUDBgf/xAAgEAABBQEAAgMBAAAAAAAAAAABAgMEBREABhITMXHR/8QAFgEBAQEAAAAAAAAAAAAAAAAAAQME/8QAGhEBAAMAAwAAAAAAAAAAAAAAAQACEQMhMf/aAAwDAQACEQMRAD8Ay6kvfnr4rbfjjkhxtIBUlAxQzprB6fYMKiw6RMck5khsaT+8s8CnSk1zSUvrCQSAAeLC6sUXLqky3NCMBOHOyNAXPYPHhsqN3TWMaepEtltDpAV6o+s45lf2k1+cFuvlSvQDcH8461bWzuAs/9k=\"},\"mimeType\":\"image/jpeg\",\"sha1hash\":\"4be2d0b75d00751e76a262170c35bc14a0dc0e5a\",\"_createdAt\":\"2024-08-21T19:20:39Z\"},\"_type\":\"image\"},\"sizes\":\"(max-width: 600px) 85vw, 600px\"}]]}],[\"$\",\"div\",null,{\"className\":\"$undefined\",\"children\":[\"$undefined\",[\"$\",\"div\",null,{\"className\":\"exhibition-card_title__cZvmM\",\"role\":\"heading\",\"aria-level\":2,\"children\":[\"$\",\"$L20\",null,{\"Content_Type\":\"exhibition\",\"Content_Name\":\"Recasting the Past: Th
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1928\",\"Content_Block\":\"Now On View\",\"data-sentry-element\":\"GTMLink\",\"data-sentry-component\":\"RedundantLink\",\"data-sentry-source-file\":\"index.jsx\"}],[\"$\",\"$L1b\",null,{\"fill\":true,\"image\":{\"_type\":\"image\",\"alt\":\"Pink fabric with small to large red and purple thin circle lines. \",\"asset\":{\"extension\":\"jpg\",\"_type\":\"sanity.imageAsset\",\"url\":\"https://cdn.sanity.io/images/cctd4ker/production/c5e320d04f1facb21c6721e345dbd46d52bee3e3-5120x2880.jpg\",\"uploadId\":\"TzMkdeLKLJ2PTVF7LdSZBvkCpFlIdAvq\",\"mimeType\":\"image/jpeg\",\"_id\":\"image-c5e320d04f1facb21c6721e345dbd46d52bee3e3-5120x2880-jpg\",\"_updatedAt\":\"2024-05-09T21:46:36Z\",\"sha1hash\":\"c5e320d04f1facb21c6721e345dbd46d52bee3e3\",\"path\":\"images/cctd4ker/production/c5e320d04f1facb21c6721e345dbd46d52bee3e3-5120x2880.jpg\",\"size\":4774615,\"assetId\":\"c5e320d04f1facb21c6721e345dbd46d52bee3e3\",\"_createdAt\":\"2024-05-09T21:46:36Z\",\"metadata\":{\"lqip\":\"data:image/jpeg;base64,/9j/2wBDAAYEBQYFBAYGBQYHBwYIChAKCgkJChQODwwQFxQYGBcUFhYaHSUfGhsjHBYWICwgIyYnKSopGR8tMC0oMCUoKSj/2wBDAQcHBwoIChMKChMoGhYaKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCj/wAARCAALABQDASIAAhEBAxEB/8QAFwAAAwEAAAAAAAAAAAAAAAAAAAMEAf/EACIQAAIBAwIHAAAAAAAAAAAAAAECAAMRIQQSEyIjMUFRgf/EABcBAAMBAAAAAAAAAAAAAAAAAAABAgX/xAAVEQEBAAAAAAAAAAAAAAAAAAABAP/aAAwDAQACEQMRAD8Aa2Cy2J8XiyvDCk5lSgHTFrc3uT0RucBsi0RbTBBc7u32EyuOoYSwgb//2Q==\",\"dimensions\":{\"_type\":\"sanity.imageDimensions\",\"width\":5120,\"aspectRatio\":1.7777777777777777,\"height\":2880},\"isOpaque\":true,\"blurHash\":\"M2I|93}?-X-DVa=zNGs:s.WCxun%xtrqDj\",\"_type\":\"sanity.imageMetadata\",\"palette\":{\"lightMuted\":{\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#000\",\"title\":\"#fff\",\"population\":2.17,\"background\":\"#cfa8c0\"},\"vibrant\":{\"background\":\"#b6617d\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":0.54},\"dominant\":{\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":6.32,\"background\":\"#744a5f\",\"_type\":\"sanity.imagePaletteSwatch\"},\"_type\":\"sanity.imagePalette\",\"darkMuted\":{\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":6.32,\"background\":\"#744a5f\",\"_type\":\"sanity.imagePaletteSwatch\"},\"muted\":{\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":6.22,\"background\":\"#924f6d\",\"_type\":\"sanity.imagePaletteSwatch\"},\"lightVibrant\":{\"background\":\"#df9aa5\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#000\",\"title\":\"#fff\",\"population\":1.6},\"darkVibrant\":{\"population\":4.34,\"background\":\"#4d2249\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\"}},\"hasAlpha\":false},\"_rev\":\"yiYO8Fd05a7dY9JU1z3b8f\",\"originalFilename\":\"C2.jpg\"}},\"sizes\":\"(max-width: 600px) 85vw, 600px\"}]]}],[\"$\",\"div\",null,{\"className\":\"$undefined\",\"children\":[\"$undefined\",[\"$\",\"div\",null,{\"className\":\"exhibition-car
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1910\",\"Content_Block\":\"Now On View\",\"data-sentry-element\":\"GTMLink\",\"data-sentry-component\":\"RedundantLink\",\"data-sentry-source-file\":\"index.jsx\"}],[\"$\",\"$L1b\",null,{\"fill\":true,\"image\":{\"_type\":\"image\",\"alt\":\"Man holding a living Rooster, again a red backdrop\",\"asset\":{\"sha1hash\":\"dc917f2d2991984a1ba767407192a6709ad53751\",\"_updatedAt\":\"2024-11-06T19:32:55Z\",\"_createdAt\":\"2024-11-06T19:32:55Z\",\"metadata\":{\"hasAlpha\":false,\"lqip\":\"data:image/jpeg;base64,/9j/2wBDAAYEBQYFBAYGBQYHBwYIChAKCgkJChQODwwQFxQYGBcUFhYaHSUfGhsjHBYWICwgIyYnKSopGR8tMC0oMCUoKSj/2wBDAQcHBwoIChMKChMoGhYaKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCj/wAARCAALABQDASIAAhEBAxEB/8QAFwAAAwEAAAAAAAAAAAAAAAAAAAQFA//EACAQAAICAgICAwAAAAAAAAAAAAECAAMEEQUTMUESFCH/xAAWAQEBAQAAAAAAAAAAAAAAAAAFBAf/xAAcEQACAgMBAQAAAAAAAAAAAAABAgADBCExERL/2gAMAwEAAhEDEQA/AEHzb8fDdKOsH0WUHUOCxM/nLLLfiidf4SSArD0RGqwH46xHVWUhtggSJxI+sllVBZKzolQx1CUdRWQw9mh5WNdblpZU3yB3u5SyaWx73qcgsp0SDsQmfnzCTRsc3P/Z\",\"dimensions\":{\"_type\":\"sanity.imageDimensions\",\"width\":5120,\"aspectRatio\":1.7777777777777777,\"height\":2880},\"isOpaque\":true,\"blurHash\":\"MgO9SJjZ{fxGACsAoff6WBof#SozK4Rjso\",\"_type\":\"sanity.imageMetadata\",\"palette\":{\"vibrant\":{\"background\":\"#e4241c\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":0},\"dominant\":{\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":8.98,\"background\":\"#504342\",\"_type\":\"sanity.imagePaletteSwatch\"},\"_type\":\"sanity.imagePalette\",\"darkMuted\":{\"background\":\"#504342\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":8.98},\"muted\":{\"background\":\"#6c9484\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":0},\"lightVibrant\":{\"population\":1.55,\"background\":\"#f53c44\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\"},\"darkVibrant\":{\"title\":\"#fff\",\"population\":0.61,\"background\":\"#241014\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\"},\"lightMuted\":{\"foreground\":\"#000\",\"title\":\"#fff\",\"population\":2,\"background\":\"#c7aea4\",\"_type\":\"sanity.imagePaletteSwatch\"}}},\"_rev\":\"G1GrdT9JVUZAm0zYW3H9er\",\"_type\":\"sanity.imageAsset\",\"mimeType\":\"image/jpeg\",\"url\":\"https://cdn.sanity.io/images/cctd4ker/production/dc917f2d2991984a1ba767407192a6709ad53751-5120x2880.jpg\",\"size\":2736979,\"uploadId\":\"25634PhIQ4ew329tM8cWMvjDMqjr2BxX\",\"path\":\"images/cctd4ker/production/dc917f2d2991984a1ba767407192a6709ad53751-5120x2880.jpg\",\"originalFilename\":\"TheNewArt_2880x5120_110624_v1.jpg\",\"_id\":\"image-dc917f2d2991984a1ba767407192a6709ad53751-5120x2880-jpg\",\"extension\":\"jpg\",\"assetId\":\"dc917f2d2991984a1ba767407192a6709ad53751\"}},\"sizes\":\"(max-width: 600px) 85vw, 600px\"}]]}],[\"$\",\"div\",null,{\"className\":\"$undefined\",\"chi
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1900\",\"Content_Block\":\"Now On View\",\"data-sentry-element\":\"GTMLink\",\"data-sentry-component\":\"RedundantLink\",\"data-sentry-source-file\":\"index.jsx\"}],[\"$\",\"$L1b\",null,{\"fill\":true,\"image\":{\"_type\":\"image\",\"alt\":\"alt\",\"asset\":{\"path\":\"images/cctd4ker/production/e928ba5d5b0fd6419850a02e250a83da148dc75b-5120x2880.jpg\",\"_createdAt\":\"2025-03-31T21:10:04Z\",\"uploadId\":\"8g6Pt7zETKgBWBlKvs7PQfu9mBGsOsql\",\"sha1hash\":\"e928ba5d5b0fd6419850a02e250a83da148dc75b\",\"_id\":\"image-e928ba5d5b0fd6419850a02e250a83da148dc75b-5120x2880-jpg\",\"_updatedAt\":\"2025-03-31T21:10:04Z\",\"_rev\":\"Ck1O6LOgmNnSa0EwJlKp83\",\"url\":\"https://cdn.sanity.io/images/cctd4ker/production/e928ba5d5b0fd6419850a02e250a83da148dc75b-5120x2880.jpg\",\"assetId\":\"e928ba5d5b0fd6419850a02e250a83da148dc75b\",\"originalFilename\":\"Embracing Color_Landscape.jpg\",\"extension\":\"jpg\",\"metadata\":{\"palette\":{\"lightVibrant\":{\"background\":\"#befcf5\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#000\",\"title\":\"#000\",\"population\":0.1},\"darkVibrant\":{\"background\":\"#aa8a17\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":0.48},\"lightMuted\":{\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#000\",\"title\":\"#fff\",\"population\":0.61,\"background\":\"#96c0c4\"},\"vibrant\":{\"population\":0.75,\"background\":\"#f7e065\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#000\",\"title\":\"#000\"},\"dominant\":{\"background\":\"#263642\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":16.55},\"_type\":\"sanity.imagePalette\",\"darkMuted\":{\"title\":\"#fff\",\"population\":16.55,\"background\":\"#263642\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\"},\"muted\":{\"title\":\"#fff\",\"population\":0,\"background\":\"#549c9c\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\"}},\"hasAlpha\":false,\"lqip\":\"data:image/jpeg;base64,/9j/2wBDAAYEBQYFBAYGBQYHBwYIChAKCgkJChQODwwQFxQYGBcUFhYaHSUfGhsjHBYWICwgIyYnKSopGR8tMC0oMCUoKSj/2wBDAQcHBwoIChMKChMoGhYaKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCj/wAARCAALABQDASIAAhEBAxEB/8QAGAAAAgMAAAAAAAAAAAAAAAAAAAUDBgj/xAAiEAACAQMEAgMAAAAAAAAAAAABAgMABAUGERJBB1ETMXH/xAAVAQEBAAAAAAAAAAAAAAAAAAAEAP/EABsRAAICAwEAAAAAAAAAAAAAAAECAAMEEkFR/9oADAMBAAIRAxEAPwBn5Dwl/gNZvnrKEy2typDkDfgxHdVzReVvnyktrJHLL85J3Ckkn1+VpCWNJV4yIrqemG9Qw2NrA3KG3hRvaoBVfhV3E7dgKsxqwB5FeksKuJwsdu6gOzGRgPoE9UU9opaqFAUchWYsSx7P/9k=\",\"dimensions\":{\"height\":2880,\"_type\":\"sanity.imageDimensions\",\"width\":5120,\"aspectRatio\":1.7777777777777777},\"isOpaque\":true,\"blurHash\":\"MkI?G|R-*0t6b{L}R+W?oJgO%fj[IAWWae\",\"_type\":\"sanity.imageMetadata\"},\"mimeType\":\"image/jpeg\",\"size\":2421879,\"_type\":\"sanity.imageAsset\"}},\"sizes\":\"(max-width: 600px) 85vw, 600px\"}]]}],[\"$\",\"div\",null,{\"className\":\"$undefined\",\"children\":[\"$undefined\",
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1800\\\"\",\"asset\":{\"metadata\":{\"dimensions\":{\"_type\":\"sanity.imageDimensions\",\"width\":5120,\"aspectRatio\":1.7777777777777777,\"height\":2880},\"isOpaque\":true,\"blurHash\":\"M3ByjQ030%16xu01=]V]0$t7tjJC~AixE2\",\"_type\":\"sanity.imageMetadata\",\"palette\":{\"dominant\":{\"population\":7.06,\"background\":\"#bf9f80\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#000\",\"title\":\"#fff\"},\"_type\":\"sanity.imagePalette\",\"darkMuted\":{\"background\":\"#4e3725\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":6.21},\"muted\":{\"title\":\"#fff\",\"population\":1.64,\"background\":\"#9f7853\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\"},\"lightVibrant\":{\"foreground\":\"#000\",\"title\":\"#fff\",\"population\":0,\"background\":\"#e4c194\",\"_type\":\"sanity.imagePaletteSwatch\"},\"darkVibrant\":{\"title\":\"#fff\",\"population\":0.01,\"background\":\"#60240c\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\"},\"lightMuted\":{\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#000\",\"title\":\"#fff\",\"population\":7.06,\"background\":\"#bf9f80\"},\"vibrant\":{\"title\":\"#fff\",\"population\":0.35,\"background\":\"#835720\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\"}},\"hasAlpha\":false,\"lqip\":\"data:image/jpeg;base64,/9j/2wBDAAYEBQYFBAYGBQYHBwYIChAKCgkJChQODwwQFxQYGBcUFhYaHSUfGhsjHBYWICwgIyYnKSopGR8tMC0oMCUoKSj/2wBDAQcHBwoIChMKChMoGhYaKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCj/wAARCAALABQDASIAAhEBAxEB/8QAGAAAAgMAAAAAAAAAAAAAAAAAAAUBBgf/xAAjEAACAgIBAwUBAAAAAAAAAAABAgMEABEFEjEyEyEiQlFh/8QAFgEBAQEAAAAAAAAAAAAAAAAABAAC/8QAGREAAwADAAAAAAAAAAAAAAAAAAECERJh/9oADAMBAAIRAxEAPwDLOGk6rBgqyyRg+Qb7YztcdSsSepXcSMp0yxDXuP3IQ/GIaGj/AAY2jjSrwVCSuojeW10uwHkN9sJSarZCIaqdRc6NKFMlQkgBRsjthlumo1mfbQqThmc8RZXT/9k=\"},\"_rev\":\"Q2ZL7ihdIB33NiMMcJxvx5\",\"_type\":\"sanity.imageAsset\",\"sha1hash\":\"bf28177e319669ad50a2fa5ba3bb05ba0bcdec05\",\"size\":999720,\"uploadId\":\"YeCu2TlsuAlVj9l2lVxZbfYfqVZjOuRA\",\"_createdAt\":\"2023-10-02T15:38:51Z\",\"_id\":\"image-bf28177e319669ad50a2fa5ba3bb05ba0bcdec05-5120x2880-jpg\",\"_updatedAt\":\"2023-10-02T15:38:51Z\",\"url\":\"https://cdn.sanity.io/images/cctd4ker/production/bf28177e319669ad50a2fa5ba3bb05ba0bcdec05-5120x2880.jpg\",\"originalFilename\":\"EuropeanPaintings_2023_2880x5120_072623_v1.jpg\",\"extension\":\"jpg\",\"mimeType\":\"image/jpeg\",\"path\":\"images/cctd4ker/production/bf28177e319669ad50a2fa5ba3bb05ba0bcdec05-5120x2880.jpg\",\"assetId\":\"bf28177e319669ad50a2fa5ba3bb05ba0bcdec05\"},\"_type\":\"image\"},\"sizes\":\"(max-width: 600px) 85vw, 600px\"}]]}],[\"$\",\"div\",null,{\"className\":\"$undefined\",\"children\":[\"$undefined\",[\"$\",\"div\",null,{\"className\":\"exhibition-card_title__cZvmM\",\"role\":\"heading\",\"aria-level\":2,\"children\":[\"$\",\"$L20\",null,{\"Content_Type\":\"exhibition\",\"Content_Name\":\"Look Again: European Paintings
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s New Blockchain-Based Game\",\"Content_Block\":\"HomepagePromo\",\"data-sentry-element\":\"GTMLink\",\"data-sentry-source-file\":\"index.jsx\",\"data-sentry-component\":\"RedundantLink\"}],[\"$\",\"figure\",null,{\"className\":\"promo-section_figure__LBmsw\",\"children\":[\"$\",\"$L1b\",null,{\"image\":{\"_type\":\"image\",\"alt\":\"Image with red tiles, some of which contain works from The Met collection. In the center is The Met logo and the words \\\"Art Links\\\".\",\"asset\":{\"size\":2728910,\"extension\":\"png\",\"metadata\":{\"isOpaque\":true,\"blurHash\":\"VBJXOSw5cE{wvMbbj{knKj+aNhjX6mNvouGaO@X4Ind?\",\"_type\":\"sanity.imageMetadata\",\"palette\":{\"darkVibrant\":{\"population\":11.48,\"background\":\"#8c0404\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\"},\"lightMuted\":{\"foreground\":\"#000\",\"title\":\"#fff\",\"population\":0.21,\"background\":\"#a3bad4\",\"_type\":\"sanity.imagePaletteSwatch\"},\"vibrant\":{\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":6.61,\"background\":\"#e3042a\"},\"dominant\":{\"title\":\"#fff\",\"population\":11.48,\"background\":\"#8c0404\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\"},\"_type\":\"sanity.imagePalette\",\"darkMuted\":{\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":0.33,\"background\":\"#322648\",\"_type\":\"sanity.imagePaletteSwatch\"},\"muted\":{\"background\":\"#7bb588\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#000\",\"title\":\"#fff\",\"population\":0.69},\"lightVibrant\":{\"title\":\"#000\",\"population\":0.12,\"background\":\"#fadd58\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#000\"}},\"hasAlpha\":false,\"lqip\":\"$23\",\"dimensions\":{\"_type\":\"sanity.imageDimensions\",\"width\":4266,\"aspectRatio\":1.48125,\"height\":2880}},\"uploadId\":\"HpXpMYA2mvIPRHuBLQhvygYX1gTndrTy\",\"_rev\":\"z05Cxco1bGw7CBDJOnG5ft\",\"_type\":\"sanity.imageAsset\",\"mimeType\":\"image/png\",\"path\":\"images/cctd4ker/production/6af6c9aaf9e7bc256d383eb4c3d2602d2399f9d1-4266x2880.png\",\"assetId\":\"6af6c9aaf9e7bc256d383eb4c3d2602d2399f9d1\",\"url\":\"https://cdn.sanity.io/images/cctd4ker/production/6af6c9aaf9e7bc256d383eb4c3d2602d2399f9d1-4266x2880.png\",\"_createdAt\":\"2025-01-23T15:27:57Z\",\"_id\":\"image-6af6c9aaf9e7bc256d383eb4c3d2602d2399f9d1-4266x2880-png\",\"_updatedAt\":\"2025-01-23T15:27:57Z\",\"originalFilename\":\"metmuseum homepage.png\",\"sha1hash\":\"6af6c9aaf9e7bc256d383eb4c3d2602d2399f9d1\"},\"crop\":{\"top\":0.08257206163700304,\"left\":0,\"bottom\":0.08381876912150366,\"_type\":\"sanity.imageCrop\",\"right\":0},\"hotspot\":{\"x\":0.5,\"y\":0.4993766462577497,\"height\":0.8336091692414933,\"_type\":\"sanity.imageHotspot\",\"width\":1}},\"fill\":true,\"sizes\":\"(max-width: 960px) 85vw, 50vw\"}]}]]}],[\"$\",\"div\",null,{\"className\":\"promo-section_copyWrapper__BomIf\",\"children\":[\"$\",\"div\",null,{\"className\":\"promo-section_copy
                  Source: ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s Tang Wing\",\"asset\":{\"extension\":\"jpg\",\"uploadId\":\"aYNIrbskh5NFZfoc74HgMm1stK5PClCV\",\"mimeType\":\"image/jpeg\",\"sha1hash\":\"4b8d02ebd8a1e126b2aa9a5615e266d5ac57237c\",\"path\":\"images/cctd4ker/production/4b8d02ebd8a1e126b2aa9a5615e266d5ac57237c-5120x2880.jpg\",\"assetId\":\"4b8d02ebd8a1e126b2aa9a5615e266d5ac57237c\",\"_rev\":\"Wk5bXdTaWvRA2U061zGrl3\",\"url\":\"https://cdn.sanity.io/images/cctd4ker/production/4b8d02ebd8a1e126b2aa9a5615e266d5ac57237c-5120x2880.jpg\",\"_createdAt\":\"2024-12-09T19:06:26Z\",\"_id\":\"image-4b8d02ebd8a1e126b2aa9a5615e266d5ac57237c-5120x2880-jpg\",\"_updatedAt\":\"2024-12-09T19:06:26Z\",\"_type\":\"sanity.imageAsset\",\"originalFilename\":\"MET_Tang Wing_v2_terrace_Website_Landscape_5120x2880.jpg\",\"metadata\":{\"lqip\":\"data:image/jpeg;base64,/9j/2wBDAAYEBQYFBAYGBQYHBwYIChAKCgkJChQODwwQFxQYGBcUFhYaHSUfGhsjHBYWICwgIyYnKSopGR8tMC0oMCUoKSj/2wBDAQcHBwoIChMKChMoGhYaKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCj/wAARCAALABQDASIAAhEBAxEB/8QAGQAAAgMBAAAAAAAAAAAAAAAAAAcDBQYI/8QAHxAAAgICAwADAAAAAAAAAAAAAQIDBAARBQchBjFB/8QAFQEBAQAAAAAAAAAAAAAAAAAAAgT/xAAbEQACAgMBAAAAAAAAAAAAAAAAAQJRAxMhMf/aAAwDAQACEQMRAD8A03HdpvaMpgYlh9hhoZYWPn9+jQiuWp0WNzpF2DvOdUkeORlR2VSmyAcn4eeW7KYrcjyxqp0rHYGSvNJiSil4OqXuWtE5SSw7MP1Y9g4YhLDGOZ1TxQfAMMe2Vg5R/9k=\",\"dimensions\":{\"height\":2880,\"_type\":\"sanity.imageDimensions\",\"width\":5120,\"aspectRatio\":1.7777777777777777},\"isOpaque\":true,\"blurHash\":\"M-I5Y*ayRkoejs_Na#kCf7ayx^fRofa#WC\",\"_type\":\"sanity.imageMetadata\",\"palette\":{\"vibrant\":{\"background\":\"#948c44\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":0.01},\"dominant\":{\"background\":\"#4b4b2f\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":8.38},\"_type\":\"sanity.imagePalette\",\"darkMuted\":{\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\",\"population\":8.38,\"background\":\"#4b4b2f\"},\"muted\":{\"title\":\"#fff\",\"population\":7.86,\"background\":\"#847a68\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\"},\"lightVibrant\":{\"title\":\"#000\",\"population\":6.93,\"background\":\"#dfeff9\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#000\"},\"darkVibrant\":{\"population\":0.36,\"background\":\"#242704\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#fff\",\"title\":\"#fff\"},\"lightMuted\":{\"background\":\"#d4cabf\",\"_type\":\"sanity.imagePaletteSwatch\",\"foreground\":\"#000\",\"title\":\"#000\",\"population\":6.16}},\"hasAlpha\":false},\"size\":13760373}},\"fill\":true,\"sizes\":\"(max-width: 960px) 85vw, 50vw\"}]}]]}],[\"$\",\"div\",null,{\"className\":\"promo-section_copyWrapper__BomIf\",\"children\":[\"$\",\"div\",null,{\"className\":\"promo-section_copy__GZuYu\",\"children\":[[\"$\",\"h2\",null,{\"className\":\"promo-section_title__zq_Ym\",\"children\":[\"$\",\"$L1c\",null,{\"data-sentry-element\":
                  Source: ChromeSetup.exe, 00000000.00000002.1122058157.0000000003533000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTC4ShellHost.32.exe2 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000000.00000002.1130980649.00000000041C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sl.dllL vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_de.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_es.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_et.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_en.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_lv.dllJ vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_da.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ta.dll@ vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pt-PT.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sk.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_uk.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_en-GB.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sw.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fi.dll> vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_en-GB.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_cs.dllF vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ja.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ms.dllD vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_de.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sr.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ar.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ru.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hr.dllD vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003728000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hu.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000372A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_lt.dllF vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fil.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fr.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003644000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_el.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003888000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-CN.dll4 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_it.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000383E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-TW.dll2 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000387D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_vi.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003681000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_da.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003706000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_gu.dll8 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003700000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_iw.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037ED000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ro.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003740000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ml.dllP vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000364F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_en.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003799000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ro.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003824000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sv.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036FB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fr.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003789000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_lv.dllJ vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003720000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ko.dll8 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036E5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fi.dll> vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003697000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_el.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003813000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_uk.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ta.dll@ vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003819000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sr.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pt-BR.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000374C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_mr.dll: vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000371D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hr.dllD vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003783000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pt-BR.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003715000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_kn.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000035F6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ar.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003665000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_es.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_is.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003851000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_th.dllD vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000373E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_is.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000002.1251309205.00000000012C5000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-TW.dll2 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_es-419.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000375E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ja.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hi.dll: vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ms.dllD vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000363F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_am.dll6 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003834000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-CN.dll4 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pl.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_te.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003794000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ml.dllP vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003712000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hi.dll: vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000378E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pt-PT.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003686000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fa.dllH vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_et.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe6 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeH vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeD vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe> vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe8 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe: vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeF vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeJ vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeP vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeL vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe@ vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe4 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdate.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000365F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_bn.dllD vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000381E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ur.dllN vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003768000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_kn.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003778000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_pl.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000377E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_lt.dllF vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003670000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_es-419.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000360C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_bn.dllD vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_nl.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_hu.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ru.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003617000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ca.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_it.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1139016670.00000000014C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdateSetup.exe< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000379F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_mr.dll: vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000385C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_tr.dllD vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_id.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003762000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_nl.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003891000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_zh-TW.dll2 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036DA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fa.dllH vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003846000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_te.dllB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000369C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_fil.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_th.dllD vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_no.dllF vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003754000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_iw.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000376D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_no.dllF vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000380E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sl.dllL vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000366A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ca.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe6 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeH vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeD vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeB vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe> vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe8 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe: vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeF vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeJ vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeP vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exeL vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe@ vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe4 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdate.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000382F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sw.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000002.1251309205.00000000012F1000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGoogleUpdate.exe< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003733000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_id.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003676000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_cs.dllF vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036B2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_gu.dll8 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003829000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_vi.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sv.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003601000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_bg.dllH vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000035EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_am.dll6 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003803000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_sk.dll< vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003774000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ko.dll8 vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003654000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_bg.dllH vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003808000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_tr.dllD vs ChromeSetup.exe
                  Source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003872000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamegoopdateres_ur.dllN vs ChromeSetup.exe
                  Source: ChromeSetup.exeBinary or memory string: OriginalFilenameTC4ShellHost.32.exe2 vs ChromeSetup.exe
                  Source: ChromeSetup.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                  Source: 11.2.explorer.exe.2cf0000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_lumma_strings_sept23 author = Sekoia.io, description = Finds Lumma samples based on the specific strings, creation_date = 2023-09-14, classification = TLP:CLEAR, version = 1.0, modification_date = 2023-10-31, id = 45900760-c10d-40c0-a49a-c66358a8a66a
                  Source: C:\Users\user\AppData\Local\Temp\nudqwvipwdofy, type: DROPPEDMatched rule: infostealer_win_lumma_strings_sept23 author = Sekoia.io, description = Finds Lumma samples based on the specific strings, creation_date = 2023-09-14, classification = TLP:CLEAR, version = 1.0, modification_date = 2023-10-31, id = 45900760-c10d-40c0-a49a-c66358a8a66a
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@19/209@4/1
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\PoliciesJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeFile created: C:\Users\user\AppData\Roaming\wscinteropJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\G{D19BAF17-7C87-467E-8D63-6C4B1C836373}
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\GS-1-5-21-2246122658-3693405117-2476756634-1003{D19BAF17-7C87-467E-8D63-6C4B1C836373}
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1800:120:WilError_03
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\G{A9A86B93-B54E-4570-BE89-42418507707B}
                  Source: C:\Users\user\Desktop\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\40d62672Jump to behavior
                  Source: Yara matchFile source: ChromeSetup.exe, type: SAMPLE
                  Source: Yara matchFile source: 0.0.ChromeSetup.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000000.1094091585.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1122058157.000000000351E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                  Source: ChromeSetup.exeVirustotal: Detection: 66%
                  Source: ChromeSetup.exeReversingLabs: Detection: 58%
                  Source: C:\Users\user\Desktop\ChromeSetup.exeFile read: C:\Users\user\Desktop\ChromeSetup.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\ChromeSetup.exe "C:\Users\user\Desktop\ChromeSetup.exe"
                  Source: C:\Users\user\Desktop\ChromeSetup.exeProcess created: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                  Source: C:\Users\user\Desktop\ChromeSetup.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exe C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={0DB1F154-AF62-7BF8-09B7-0F97CFA8FE66}&lang=en&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeProcess created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe "C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={0DB1F154-AF62-7BF8-09B7-0F97CFA8FE66}&lang=en&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installelevated /nomitag
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeProcess created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={0DB1F154-AF62-7BF8-09B7-0F97CFA8FE66}&lang=en&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installelevated
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
                  Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                  Source: C:\Users\user\Desktop\ChromeSetup.exeProcess created: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exe C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={0DB1F154-AF62-7BF8-09B7-0F97CFA8FE66}&lang=en&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeProcess created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={0DB1F154-AF62-7BF8-09B7-0F97CFA8FE66}&lang=en&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installelevatedJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: mshtml.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: mdmregistration.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: omadmapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: iri.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: dsreg.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: mdmregistration.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: omadmapi.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: powrprof.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: dmcmnutils.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: iri.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: umpdc.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: dsreg.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: dbgcore.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: msxml3.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: atlthunk.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                  Source: ChromeSetup.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                  Source: ChromeSetup.exeStatic file information: File size 4105360 > 1048576
                  Source: ChromeSetup.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x19ae00
                  Source: ChromeSetup.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x21ae00
                  Source: Binary string: TEST_goopdateres_unsigned_fa.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000367B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036CF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171078593.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171144895.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_fa.dll.7.dr, goopdateres_fa.dll.8.dr, goopdateres_fa.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleUpdateCore_unsigned.pdb source: ChromeSetup.exe, 00000001.00000002.1251309205.00000000012E9000.00000004.00000010.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateSetup.exe, 00000007.00000002.1244624702.0000000001304000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1165706767.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1165526317.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateCore.exe.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_lt.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003720000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003774000.00000004.00000020.00020000.00000000.sdmp, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_el.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000368C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003638000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169659808.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169588889.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_el.dll.8.dr, goopdateres_el.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: ReInfo.pdbGCTL source: cmd.exe, 00000002.00000002.1308002183.0000000000A70000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1349924091.0000000002D67000.00000008.00000001.01000000.00000000.sdmp
                  Source: Binary string: TEST_goopdateres_unsigned_sr.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037BA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000380E000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sr.dll.7.dr, goopdateres_sr.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_mr.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000379A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003740000.00000004.00000020.00020000.00000000.sdmp, goopdateres_mr.dll.1.dr, goopdateres_mr.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_hr.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036BE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003717000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173138407.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173052050.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hr.dll.1.dr, goopdateres_hr.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_bg.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003649000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000035F6000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168315157.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168249717.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_bg.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psuser_unsigned_64.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psuser_64.dll.7.dr, psuser_64.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: wntdll.pdb source: ChromeSetup.exe, 00000000.00000002.1130980649.00000000040A2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1311990069.0000000004D40000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: TEST_goopdateres_unsigned_ar.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000363F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000035EB000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168111351.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168043375.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ar.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_tr.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003851000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037FE000.00000004.00000020.00020000.00000000.sdmp, goopdateres_tr.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_hi.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000370C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000036B2000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1172702150.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1172620749.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_hi.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: explorer.pdb source: explorer.exe, 0000000B.00000003.1337197632.00000000054D6000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: TEST_goopdateres_unsigned_pt-BR.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037CC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003778000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pt-BR.dll.7.dr, goopdateres_pt-BR.dll.1.dr, goopdateres_pt-BR.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_de.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000362D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003681000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169339541.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169421038.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_de.dll.1.dr, goopdateres_de.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleUpdateOnDemand_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1177932696.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1178027353.0000000001073000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1178027353.000000000107E000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateOnDemand.exe.7.dr, GoogleUpdateOnDemand.exe.1.dr, GoogleUpdateOnDemand.exe.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ru.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037ED000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003799000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ru.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdate_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1164725360.0000000005C31000.00000004.00000020.00020000.00000000.sdmp, goopdate.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ms.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000374C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000379F000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ms.dll.1.dr, goopdateres_ms.dll.8.dr, goopdateres_ms.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_fr.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036F0000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000369C000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171795764.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1172037805.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_fr.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psuser_unsigned.pdbJ source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psuser.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleCrashHandler64_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1166376698.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleCrashHandler64.exe.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_gu.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036A7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036FB000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1172388099.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1172277681.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_gu.dll.1.dr, goopdateres_gu.dll.7.dr, goopdateres_gu.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_no.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037B6000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003762000.00000004.00000020.00020000.00000000.sdmp, goopdateres_no.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_zh-CN.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000387D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003829000.00000004.00000020.00020000.00000000.sdmp, goopdateres_zh-CN.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_kn.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000370B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003763000.00000004.00000020.00020000.00000000.sdmp, goopdateres_kn.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_mi_exe_stub.pdb source: ChromeSetup.exe, 00000001.00000000.1116256680.0000000000139000.00000002.00000001.01000000.00000005.sdmp, GoogleUpdateSetup.exe, 00000007.00000000.1148154317.0000000000409000.00000002.00000001.01000000.0000000A.sdmp, GoogleUpdateSetup.exe.1.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ml.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003735000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003789000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ml.dll.8.dr, goopdateres_ml.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psmachine_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psmachine.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_fil.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003691000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036E5000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171518046.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171617634.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_fil.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_es-419.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036B8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003665000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170642664.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170708432.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_es-419.dll.8.dr, goopdateres_es-419.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_sl.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037AF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003803000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sl.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_pl.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037C1000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000376D000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pl.dll.1.dr, goopdateres_pl.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ur.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003867000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003813000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ur.dll.8.dr, goopdateres_ur.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_is.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036DF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003733000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173882662.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173955825.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_is.dll.7.dr, goopdateres_is.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psuser_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psuser.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_th.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037F2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003846000.00000004.00000020.00020000.00000000.sdmp, goopdateres_th.dll.8.dr, goopdateres_th.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_sv.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037C5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003819000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sv.dll.7.dr, goopdateres_sv.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleCrashHandler_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1166070535.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1166243026.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleCrashHandler.exe.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_bn.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003601000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168532258.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168463606.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_bn.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_en.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003644000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003697000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169869560.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169811640.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_en.dll.1.dr, goopdateres_en.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_uk.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000385C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003808000.00000004.00000020.00020000.00000000.sdmp, goopdateres_uk.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_fi.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036DF000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003686000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171291915.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1171353093.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleUpdateCore_unsigned.pdbV source: ChromeSetup.exe, 00000001.00000002.1251309205.00000000012E9000.00000004.00000010.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateSetup.exe, 00000007.00000002.1244624702.0000000001304000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1165706767.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1165526317.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateCore.exe.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ko.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003715000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003768000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ko.dll.1.dr, goopdateres_ko.dll.8.dr, goopdateres_ko.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_zh-TW.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003834000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000388C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000002.1251309205.00000000012BF000.00000004.00000010.00020000.00000000.sdmp, GoogleUpdateSetup.exe, 00000007.00000002.1244624702.00000000012FF000.00000004.00000010.00020000.00000000.sdmp, goopdateres_zh-TW.dll.8.dr, goopdateres_zh-TW.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_nl.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037B0000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003757000.00000004.00000020.00020000.00000000.sdmp, goopdateres_nl.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ca.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000365F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000360C000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168747441.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168678192.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleUpdate_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000004.00000000.1139362998.0000000000F81000.00000020.00000001.01000000.00000006.sdmp, GoogleUpdate.exe, 00000008.00000000.1158803359.00000000000C1000.00000020.00000001.01000000.0000000B.sdmp, GoogleUpdate.exe.8.dr, GoogleUpdate.exe.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: explorer.pdbUGP source: explorer.exe, 0000000B.00000003.1337197632.00000000054D6000.00000004.00000001.00020000.00000000.sdmp
                  Source: Binary string: GoogleUpdateBroker_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1177658349.000000000107E000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1177573759.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1177658349.0000000001074000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateBroker.exe.7.dr, GoogleUpdateBroker.exe.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ro.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037E2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000378E000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ro.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: ReInfo.pdb source: cmd.exe, 00000002.00000002.1308002183.0000000000A70000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, explorer.exe, 0000000B.00000002.1349924091.0000000002D67000.00000008.00000001.01000000.00000000.sdmp
                  Source: Binary string: TEST_goopdateres_unsigned_sw.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003824000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037D0000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sw.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_pt-PT.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037D7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003783000.00000004.00000020.00020000.00000000.sdmp, goopdateres_pt-PT.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: wntdll.pdbUGP source: ChromeSetup.exe, 00000000.00000002.1130980649.00000000040A2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1311990069.0000000004D40000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: TEST_psmachine_unsigned_64.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psmachine_64.dll.8.dr, psmachine_64.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_am.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167898673.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167807538.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_am.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleCrashHandler64_unsigned.pdbl source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1166376698.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleCrashHandler64.exe.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ta.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000037DB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003835000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ta.dll.1.dr, goopdateres_ta.dll.8.dr, goopdateres_ta.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_hu.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036C9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000371D000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173322753.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173460218.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleCrashHandler_unsigned.pdbp source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1166070535.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1166243026.0000000001077000.00000004.00000020.00020000.00000000.sdmp, GoogleCrashHandler.exe.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psmachine_unsigned.pdbJ source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psmachine.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_cs.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003617000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.000000000366A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168874008.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1168936260.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_cs.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_da.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003622000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003676000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169088888.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1169181138.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_da.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_it.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.00000000036EA000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003743000.00000004.00000020.00020000.00000000.sdmp, goopdateres_it.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_en-GB.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036A8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.000000000364F000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170015595.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170085727.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_sk.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000037F8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037A4000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sk.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_iw.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003749000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000036F5000.00000004.00000020.00020000.00000000.sdmp, goopdateres_iw.dll.8.dr, goopdateres_iw.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_te.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.000000000383A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000037E7000.00000004.00000020.00020000.00000000.sdmp, goopdateres_te.dll.1.dr, goopdateres_te.dll.8.dr, goopdateres_te.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psmachine_unsigned_64.pdbF source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psmachine_64.dll.8.dr, psmachine_64.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_ja.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.0000000003700000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003754000.00000004.00000020.00020000.00000000.sdmp, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_psuser_unsigned_64.pdbF source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, psuser_64.dll.7.dr, psuser_64.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_id.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.0000000003728000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000036D4000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173650273.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1173718462.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_id.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_et.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000036C4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.0000000003670000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170922867.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170855182.0000000001091000.00000004.00000020.00020000.00000000.sdmp, goopdateres_et.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_lv.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000372A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003783000.00000004.00000020.00020000.00000000.sdmp, goopdateres_lv.dll.1.dr, goopdateres_lv.dll.8.dr, goopdateres_lv.dll.7.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleUpdateComRegisterShell64_unsigned.pdbR source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167623929.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167543862.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167260056.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateComRegisterShell64.exe.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_vi.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000381E000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.0000000003872000.00000004.00000020.00020000.00000000.sdmp, goopdateres_vi.dll.8.dr, goopdateres_vi.dll.7.dr, goopdateres_vi.dll.1.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: GoogleUpdateComRegisterShell64_unsigned.pdb source: ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167623929.0000000001078000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167543862.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1167260056.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdateComRegisterShell64.exe.8.dr, GUT72CE.tmp.7.dr
                  Source: Binary string: TEST_goopdateres_unsigned_es.pdb source: ChromeSetup.exe, 00000001.00000003.1118650108.000000000365A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1122563764.00000000036AD000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170262460.0000000001091000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1170343710.0000000001078000.00000004.00000020.00020000.00000000.sdmp, goopdateres_es.dll.8.dr, GUT72CE.tmp.7.dr
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02CFB4D3 LoadLibraryA,GetProcAddress,ExitProcess,11_2_02CFB4D3
                  Source: ChromeSetup.exeStatic PE information: real checksum: 0x3eeb6c should be: 0x3f7d37
                  Source: nudqwvipwdofy.2.drStatic PE information: real checksum: 0x0 should be: 0x807eb
                  Source: ChromeSetup.exe.0.drStatic PE information: real checksum: 0x152f48 should be: 0x159bb5
                  Source: GoogleUpdateSetup.exe.1.drStatic PE information: real checksum: 0x152f48 should be: 0x159bb5
                  Source: GoogleUpdateSetup.exe.7.drStatic PE information: real checksum: 0x152f48 should be: 0x159bb5
                  Source: ChromeSetup.exeStatic PE information: section name: .didata
                  Source: psuser.dll.1.drStatic PE information: section name: .orpc
                  Source: psuser_64.dll.1.drStatic PE information: section name: .orpc
                  Source: psuser_64.dll.1.drStatic PE information: section name: _RDATA
                  Source: psuser_64.dll.1.drStatic PE information: section name: .gxfg
                  Source: psuser_64.dll.1.drStatic PE information: section name: .gehcont
                  Source: GoogleCrashHandler64.exe.1.drStatic PE information: section name: _RDATA
                  Source: GoogleCrashHandler64.exe.1.drStatic PE information: section name: .gxfg
                  Source: GoogleCrashHandler64.exe.1.drStatic PE information: section name: .gehcont
                  Source: GoogleUpdateComRegisterShell64.exe.1.drStatic PE information: section name: _RDATA
                  Source: GoogleUpdateComRegisterShell64.exe.1.drStatic PE information: section name: .gxfg
                  Source: GoogleUpdateComRegisterShell64.exe.1.drStatic PE information: section name: .gehcont
                  Source: psmachine.dll.1.drStatic PE information: section name: .orpc
                  Source: psmachine_64.dll.1.drStatic PE information: section name: .orpc
                  Source: psmachine_64.dll.1.drStatic PE information: section name: _RDATA
                  Source: psmachine_64.dll.1.drStatic PE information: section name: .gxfg
                  Source: psmachine_64.dll.1.drStatic PE information: section name: .gehcont
                  Source: nudqwvipwdofy.2.drStatic PE information: section name: kvywpd
                  Source: GoogleUpdateComRegisterShell64.exe.7.drStatic PE information: section name: _RDATA
                  Source: GoogleUpdateComRegisterShell64.exe.7.drStatic PE information: section name: .gxfg
                  Source: GoogleUpdateComRegisterShell64.exe.7.drStatic PE information: section name: .gehcont
                  Source: psmachine.dll.7.drStatic PE information: section name: .orpc
                  Source: psmachine_64.dll.7.drStatic PE information: section name: .orpc
                  Source: psmachine_64.dll.7.drStatic PE information: section name: _RDATA
                  Source: psmachine_64.dll.7.drStatic PE information: section name: .gxfg
                  Source: psmachine_64.dll.7.drStatic PE information: section name: .gehcont
                  Source: psuser.dll.7.drStatic PE information: section name: .orpc
                  Source: psuser_64.dll.7.drStatic PE information: section name: .orpc
                  Source: psuser_64.dll.7.drStatic PE information: section name: _RDATA
                  Source: psuser_64.dll.7.drStatic PE information: section name: .gxfg
                  Source: psuser_64.dll.7.drStatic PE information: section name: .gehcont
                  Source: GoogleCrashHandler64.exe.7.drStatic PE information: section name: _RDATA
                  Source: GoogleCrashHandler64.exe.7.drStatic PE information: section name: .gxfg
                  Source: GoogleCrashHandler64.exe.7.drStatic PE information: section name: .gehcont
                  Source: GoogleCrashHandler64.exe.8.drStatic PE information: section name: _RDATA
                  Source: GoogleCrashHandler64.exe.8.drStatic PE information: section name: .gxfg
                  Source: GoogleCrashHandler64.exe.8.drStatic PE information: section name: .gehcont
                  Source: GoogleUpdateComRegisterShell64.exe.8.drStatic PE information: section name: _RDATA
                  Source: GoogleUpdateComRegisterShell64.exe.8.drStatic PE information: section name: .gxfg
                  Source: GoogleUpdateComRegisterShell64.exe.8.drStatic PE information: section name: .gehcont
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02CF18FB push eax; mov dword ptr [esp], 00000000h11_2_02CF1900
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D498A8 push ecx; ret 11_2_02D498BB
                  Source: nudqwvipwdofy.2.drStatic PE information: section name: .text entropy: 6.836773351120698

                  Persistence and Installation Behavior

                  barindex
                  Drops executables to the windows directory (C:\Windows) and starts them
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeExecutable created and started: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_hr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ms.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_bg.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_mr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_th.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sr.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_id.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_pl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_pl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_en-GB.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ur.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_et.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ko.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_iw.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_id.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_es.dllJump to dropped file
                  Source: C:\Users\user\Desktop\ChromeSetup.exeFile created: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ta.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_pt-PT.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_bg.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_is.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sk.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_lt.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_el.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_hu.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_am.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_te.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_vi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\psmachine_64.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ca.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_nl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateCore.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_is.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ro.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_uk.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ca.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_bn.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_es.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\psuser_64.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\psmachine_64.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_pt-PT.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ml.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_bn.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_hi.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_pt-BR.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ko.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_pt-BR.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_hu.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\psuser_64.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_it.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\psuser.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_el.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_mr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ta.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_te.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_tr.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_am.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\psuser.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_cs.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ru.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_hr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_th.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_en-GB.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_lv.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_no.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateOnDemand.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateBroker.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_pt-BR.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ar.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sv.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_hi.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ms.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_tr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_mr.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_te.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateComRegisterShell64.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_da.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_cs.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateCore.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\psuser_64.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_el.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_it.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\psmachine_64.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ca.dllJump to dropped file
                  Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\nudqwvipwdofyJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_bn.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ml.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_lv.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_iw.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_et.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ur.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateComRegisterShell64.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_is.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sv.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fr.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_uk.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_da.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sw.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_tr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_cs.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ta.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ja.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_am.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_en-GB.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ar.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateOnDemand.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ru.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleCrashHandler64.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fa.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_fa.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_hi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_kn.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\GoogleUpdate.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_lv.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_en.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_en.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_es-419.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_da.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fil.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_gu.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ja.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_zh-TW.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateBroker.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleCrashHandler.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sw.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_de.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_vi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_zh-CN.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_nl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_it.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sv.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_zh-CN.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_fil.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ro.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_es.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fil.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdate.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\psuser.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_no.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\psmachine.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_id.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sk.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdate.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_hr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_gu.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ar.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ru.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sw.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_lt.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleCrashHandler64.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_de.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ms.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fa.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdate.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_kn.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_no.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_en.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ja.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_kn.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_pl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_fi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_fr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_es-419.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_iw.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_et.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sk.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_hu.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\psmachine.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdate.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateOnDemand.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\psmachine.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ro.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_zh-CN.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_nl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_uk.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ko.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateComRegisterShell64.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ur.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_vi.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_zh-TW.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_pt-PT.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ml.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleCrashHandler.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateSetup.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_gu.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_th.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeFile created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_zh-TW.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_es-419.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateCore.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_bg.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_lt.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateBroker.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_de.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_de.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_en-GB.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_hr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ru.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ms.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_th.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fa.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleCrashHandler64.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_hi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_lv.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_kn.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateOnDemand.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_en.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ur.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_pl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_et.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_iw.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fil.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ar.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_mr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ja.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_zh-TW.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateComRegisterShell64.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_da.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sk.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateCore.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_hu.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdate.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_te.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_el.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_vi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\psmachine.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\psmachine_64.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_nl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ca.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_uk.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_zh-CN.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ro.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_es.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\psuser_64.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_pt-PT.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\psuser.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_bn.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ml.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_no.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ko.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleCrashHandler.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateSetup.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_pt-BR.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_id.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_is.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sv.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_es-419.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_gu.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_bg.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_it.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_tr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_lt.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sw.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ta.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateBroker.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_cs.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeFile created: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_am.dllJump to dropped file
                  Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\nudqwvipwdofyJump to dropped file

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Deletes itself after installation
                  Source: C:\Windows\SysWOW64\cmd.exeFile deleted: c:\users\user\desktop\chromesetup.exeJump to behavior
                  Found hidden mapped module (file has been removed from disk)
                  Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\NUDQWVIPWDOFY
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Found API chain indicative of sandbox detection
                  Source: C:\Windows\SysWOW64\explorer.exeSandbox detection routine: GetCursorPos, DecisionNode, Sleepgraph_11-36588
                  Switches to a custom stack to bypass stack traces
                  Source: C:\Users\user\Desktop\ChromeSetup.exeAPI/Special instruction interceptor: Address: 6BE859AD
                  Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6BE8331D
                  Source: C:\Windows\SysWOW64\explorer.exeAPI/Special instruction interceptor: Address: 689BCD
                  Source: C:\Users\user\Desktop\ChromeSetup.exeMemory allocated: 3EA0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: GetCursorPos,Sleep,GetCursorPos,GetCursorPos,Sleep,GetCursorPos,Sleep,GetCursorPos,11_2_02D167DD
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: GetAdaptersInfo,GetAdaptersInfo,11_2_02D13358
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_hr.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_bg.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ms.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_mr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_th.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sr.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_id.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_pl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_pl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_en-GB.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ur.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_et.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ko.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_iw.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_es.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_id.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ta.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_pt-PT.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_bg.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_is.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sk.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_lt.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_hu.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_el.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_am.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_te.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_vi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\psmachine_64.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ca.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_nl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateCore.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_is.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ro.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_uk.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ca.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_bn.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_es.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\psmachine_64.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\psuser_64.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_pt-PT.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ml.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_bn.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_hi.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_pt-BR.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ko.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_pt-BR.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_hu.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\psuser_64.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_it.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\psuser.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_el.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_mr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ta.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_tr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_te.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_am.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\psuser.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_cs.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ru.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_hr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_th.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_en-GB.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sr.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_no.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_lv.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateOnDemand.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateBroker.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_pt-BR.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ar.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sv.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_hi.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ms.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_tr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_mr.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_te.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateComRegisterShell64.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_da.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateCore.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_cs.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\psuser_64.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_el.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_it.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\psmachine_64.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ca.dllJump to dropped file
                  Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nudqwvipwdofyJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_bn.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ml.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_lv.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_iw.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_et.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ur.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateComRegisterShell64.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_is.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sv.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_uk.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_da.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sw.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_tr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_cs.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ta.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ja.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_am.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_en-GB.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ar.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ru.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateOnDemand.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fa.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleCrashHandler64.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_hi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_fa.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_kn.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_lv.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_en.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_en.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_es-419.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_da.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fil.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_gu.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ja.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_zh-TW.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateBroker.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleCrashHandler.exeJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sw.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_de.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_vi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_zh-CN.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_nl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_it.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_zh-CN.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sv.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ro.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_fil.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_es.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fil.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\psuser.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_no.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\psmachine.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_id.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sk.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdate.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_hr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_gu.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ar.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ru.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_lt.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sw.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleCrashHandler64.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_de.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ms.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fa.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdate.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_kn.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_no.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_en.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ja.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_kn.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_pl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_fi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_fr.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_es-419.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_iw.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_et.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sk.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_hu.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\psmachine.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdate.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateOnDemand.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\psmachine.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ro.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_zh-CN.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_nl.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_uk.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ko.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_vi.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateComRegisterShell64.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ur.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_zh-TW.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_pt-PT.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ml.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleCrashHandler.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_gu.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_th.dllJump to dropped file
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_zh-TW.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateCore.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_es-419.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_bg.dllJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_lt.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateBroker.exeJump to dropped file
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_de.dllJump to dropped file
                  Source: C:\Windows\SysWOW64\explorer.exeAPI coverage: 5.4 %
                  Source: C:\Users\user\Desktop\ChromeSetup.exe TID: 5896Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exe TID: 4268Thread sleep time: -300000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exe TID: 4268Thread sleep time: -300000s >= -30000sJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe TID: 3660Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exe TID: 6456Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D490FC FindFirstFileExW,FindNextFileW,FindClose,FindClose,11_2_02D490FC
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D49048 FindFirstFileExW,11_2_02D49048
                  Source: GoogleUpdate.exe, 00000008.00000003.1238335882.0000000001052000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW87
                  Source: GoogleUpdate.exe, 00000004.00000002.1246690487.0000000000A13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
                  Source: GoogleUpdate.exe, 00000008.00000002.1242015239.0000000005C52000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: ChromeSetup.exe, 00000000.00000002.1120268351.0000000000B3A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000000.00000002.1120268351.0000000000B71000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1238335882.000000000109C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: GoogleUpdate.exe, 00000004.00000002.1246690487.0000000000A13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
                  Source: GoogleUpdate.exe, 00000008.00000003.1238335882.000000000109C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
                  Source: GoogleUpdate.exe, 00000008.00000002.1242015239.0000000005C52000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\O
                  Source: explorer.exe, 0000000B.00000002.1350449133.0000000003068000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Windows\SysWOW64\explorer.exeAPI call chain: ExitProcess graph end nodegraph_11-36584
                  Source: C:\Users\user\Desktop\ChromeSetup.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D31855 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_02D31855
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02CFB4D3 LoadLibraryA,GetProcAddress,ExitProcess,11_2_02CFB4D3
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D3B2BA mov ecx, dword ptr fs:[00000030h]11_2_02D3B2BA
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D46C55 mov eax, dword ptr fs:[00000030h]11_2_02D46C55
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D305CA mov eax, dword ptr fs:[00000030h]11_2_02D305CA
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D442AB GetProcessHeap,11_2_02D442AB
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D31855 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_02D31855
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D31849 SetUnhandledExceptionFilter,11_2_02D31849
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D4547B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_02D4547B
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D31D60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_02D31D60

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Injects code into the Windows Explorer (explorer.exe)
                  Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 5924 base: 6879C0 value: 55Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 5924 base: 2B96008 value: 00Jump to behavior
                  Maps a DLL or memory area into another process
                  Source: C:\Users\user\Desktop\ChromeSetup.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                  Writes to foreign memory regions
                  Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 6879C0Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 2B96008Jump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeProcess created: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeJump to behavior
                  Source: C:\Users\user\Desktop\ChromeSetup.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exe c:\users\user\appdata\local\temp\gum6678.tmp\googleupdate.exe /installsource taggedmi /install "appguid={8a69d345-d564-463c-aff1-a69d9e530f96}&iid={0db1f154-af62-7bf8-09b7-0f97cfa8fe66}&lang=en&browser=4&usagestats=0&appname=google%20chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exeProcess created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe "c:\users\user\appdata\local\temp\gum6678.tmp\googleupdatesetup.exe" /installsource taggedmi /install "appguid={8a69d345-d564-463c-aff1-a69d9e530f96}&iid={0db1f154-af62-7bf8-09b7-0f97cfa8fe66}&lang=en&browser=4&usagestats=0&appname=google%20chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installelevated /nomitag
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeProcess created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe c:\windows\systemtemp\gum72cd.tmp\googleupdate.exe /installsource taggedmi /install "appguid={8a69d345-d564-463c-aff1-a69d9e530f96}&iid={0db1f154-af62-7bf8-09b7-0f97cfa8fe66}&lang=en&browser=4&usagestats=0&appname=google%20chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installelevated
                  Source: C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exeProcess created: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exe c:\users\user\appdata\local\temp\gum6678.tmp\googleupdate.exe /installsource taggedmi /install "appguid={8a69d345-d564-463c-aff1-a69d9e530f96}&iid={0db1f154-af62-7bf8-09b7-0f97cfa8fe66}&lang=en&browser=4&usagestats=0&appname=google%20chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exeProcess created: C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe c:\windows\systemtemp\gum72cd.tmp\googleupdate.exe /installsource taggedmi /install "appguid={8a69d345-d564-463c-aff1-a69d9e530f96}&iid={0db1f154-af62-7bf8-09b7-0f97cfa8fe66}&lang=en&browser=4&usagestats=0&appname=google%20chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installelevatedJump to behavior
                  Source: explorer.exe, 0000000B.00000003.1337197632.00000000054D6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: ChromeSetup.exeBinary or memory string: ProgmanSVW
                  Source: explorer.exe, 0000000B.00000003.1337197632.00000000054D6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: f+SDefaultShellSoftware\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells/NoUACCheck/NoShellRegistrationAndUACCheck/NoShellRegistrationCheckProxy DesktopProgmanLocal\ExplorerIsShellMutex
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D31A78 cpuid 11_2_02D31A78
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D3DA71 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,11_2_02D3DA71
                  Source: C:\Windows\SysWOW64\explorer.exeCode function: 11_2_02D4ACC2 GetTimeZoneInformation,11_2_02D4ACC2
                  Source: C:\Users\user\Desktop\ChromeSetup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 5924, type: MEMORYSTR
                  Source: Yara matchFile source: 11.2.explorer.exe.2cf0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.1308002183.0000000000A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nudqwvipwdofy, type: DROPPED

                  Remote Access Functionality

                  barindex
                  Yara detected LummaC Stealer
                  Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 5924, type: MEMORYSTR
                  Source: Yara matchFile source: 11.2.explorer.exe.2cf0000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000002.00000002.1308002183.0000000000A70000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nudqwvipwdofy, type: DROPPED

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Command and Scripting Interpreter                  		1
                  Scheduled Task/Job                  		312
                  Process Injection                  		122
                  Masquerading                  		OS Credential Dumping2
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		21
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts1
                  Scheduled Task/Job                  		11
                  DLL Side-Loading                  		1
                  Scheduled Task/Job                  		12
                  Virtualization/Sandbox Evasion                  		LSASS Memory231
                  Security Software Discovery                  		Remote Desktop ProtocolData from Removable Media2
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Native API                  		Logon Script (Windows)11
                  DLL Side-Loading                  		312
                  Process Injection                  		Security Account Manager12
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive2
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  Deobfuscate/Decode Files or Information                  		NTDS2
                  Process Discovery                  		Distributed Component Object ModelInput Capture13
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                  Obfuscated Files or Information                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  Rundll32                  		Cached Domain Credentials1
                  System Network Configuration Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Software Packing                  		DCSync2
                  File and Directory Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                  DLL Side-Loading                  		Proc Filesystem113
                  System Information Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  File Deletion                  		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1665721 Sample: ChromeSetup.exe Startdate: 15/04/2025 Architecture: WINDOWS Score: 100 65 superyupp.fun 2->65 67 clausegerfild.fun 2->67 69 2 other IPs or domains 2->69 73 Found malware configuration 2->73 75 Malicious sample detected (through community Yara rule) 2->75 77 Antivirus detection for URL or domain 2->77 79 5 other signatures 2->79 10 ChromeSetup.exe 4 2->10         started        15 rundll32.exe 2->15         started        signatures3 process4 dnsIp5 71 www.metmuseum.org 76.76.21.21, 443, 49695, 49696 AMAZON-02US United States 10->71 55 C:\Users\user\AppData\...\ChromeSetup.exe, PE32 10->55 dropped 93 Maps a DLL or memory area into another process 10->93 95 Switches to a custom stack to bypass stack traces 10->95 17 ChromeSetup.exe 72 10->17         started        20 cmd.exe 2 10->20         started        file6 signatures7 process8 file9 37 C:\Users\user\...behaviorgraphoogleUpdateSetup.exe, PE32 17->37 dropped 39 C:\Users\user\AppData\Local\...\psuser_64.dll, PE32+ 17->39 dropped 41 C:\Users\user\AppData\Local\...\psuser.dll, PE32 17->41 dropped 45 65 other files (none is malicious) 17->45 dropped 23 GoogleUpdate.exe 2 17->23         started        43 C:\Users\user\AppData\Local\...\nudqwvipwdofy, PE32 20->43 dropped 81 Injects code into the Windows Explorer (explorer.exe) 20->81 83 Deletes itself after installation 20->83 85 Writes to foreign memory regions 20->85 87 2 other signatures 20->87 25 explorer.exe 12 20->25         started        28 conhost.exe 20->28         started        signatures10 process11 signatures12 30 GoogleUpdateSetup.exe 73 23->30         started        89 Found API chain indicative of sandbox detection 25->89 91 Switches to a custom stack to bypass stack traces 25->91 process13 file14 57 C:\Windows\SystemTemp\...behaviorgraphoogleUpdate.exe, PE32 30->57 dropped 59 C:\Windows\SystemTemp\...\psuser_64.dll, PE32+ 30->59 dropped 61 C:\Windows\SystemTemp\...\psuser.dll, PE32 30->61 dropped 63 65 other files (none is malicious) 30->63 dropped 97 Drops executables to the windows directory (C:\Windows) and starts them 30->97 34 GoogleUpdate.exe 7 72 30->34         started        signatures15 process16 file17 47 C:\Program Files (x86)\...behaviorgraphoogleUpdate.exe, PE32 34->47 dropped 49 C:\Program Files (x86)\...\psuser_64.dll, PE32+ 34->49 dropped 51 C:\Program Files (x86)behaviorgraphoogle\...\psuser.dll, PE32 34->51 dropped 53 65 other files (none is malicious) 34->53 dropped

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  ChromeSetup.exe67%VirustotalBrowse
                  ChromeSetup.exe58%ReversingLabsWin32.Trojan.LummaStealer
                  ChromeSetup.exe100%AviraTR/Agent.hikuc
                  SAMPLE100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdate.exe0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateBroker.exe0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateComRegisterShell64.exe0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateCore.exe0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateOnDemand.exe0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdate.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_am.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ar.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_bg.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_bn.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ca.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_cs.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_da.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_de.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_el.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_en-GB.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_en.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_es-419.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_es.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_et.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fa.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fi.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fil.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fr.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_gu.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_hi.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_hr.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_hu.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_id.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_is.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_it.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_iw.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ja.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_kn.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ko.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_lt.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_lv.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ml.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_mr.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ms.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_nl.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_no.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_pl.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_pt-BR.dll0%ReversingLabs
                  C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_pt-PT.dll0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://metmuseum.orgN0%Avira URL Cloudsafe
                  https://www.giftcalcs.com0%Avira URL Cloudsafe
                  http://superyupp.fun/100%Avira URL Cloudmalware
                  http://superyupp.fun/api100%Avira URL Cloudmalware
                  http://superyupp.fun/api~100%Avira URL Cloudmalware
                  clausegerfild.fun0%Avira URL Cloudsafe
                  http://clausegerfild.fun/gB0%Avira URL Cloudsafe
                  http://clausegerfild.fun/0%Avira URL Cloudsafe
                  https://store.metmuseum.org/?utm_source=mainmuseum&amp;utm_medium=metmuseum.org&amp;utm_campaign=0120%Avira URL Cloudsafe
                  superyupp.fun100%Avira URL Cloudmalware

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  metmuseum.org
                  		76.76.21.21
                  		truefalse
                    		high
                    www.metmuseum.org
                    		76.76.21.21
                    		truefalse
                      		high
                      clausegerfild.fun
                      		unknown
                      		unknowntrue
                        		unknown
                        superyupp.fun
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          superyupp.funtrue
                          • Avira URL Cloud: malware
                          		unknown
                          clausegerfild.funtrue
                          • Avira URL Cloud: safe
                          		unknown
                          https://metmuseum.org/false
                            		high
                            https://www.metmuseum.org/false
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://cdn.sanity.io/images/cctd4ker/production/4b8d02ebd8a1e126b2aa9a5615e266d5ac57237c-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://cdn.sanity.io/images/cctd4ker/production/7c1c172e63223dcc7875ff2c342b1d8b663a4e05-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://cdn.sanity.io/images/cctd4ker/production/f6c06acd48c12856028bef010999dfc0f76a150c-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://cdn.sanity.io/images/cctd4ker/production/362dd4f65145fe84efebf96ba66de7d5db6f8b7f-4096x2326.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://cdn.sanity.io/images/cctd4ker/production/a8cd0feb5aebb6e8231a8299b2f3adfbc64283f2-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://cdn.sanity.io/images/cctd4ker/production/bd6a29d1711079a2eda5f192d28f2005af355d78-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.metmuseum.org/visit/group-visitsChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://csp.withgoogle.com/csp/clientupdate-aus/1GoogleUpdate.exe, 00000008.00000003.1239230505.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000002.1240060820.0000000000FF8000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1237641395.00000000010C6000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000002.1242015239.0000000005C52000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.giftcalcs.comChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.metmuseum.org/about-the-met/conservation-and-scientific-researchChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.metmuseum.org/hubs/familiesChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://cdn.sanity.io/images/cctd4ker/production/99547dac11e9bbb808934240659d0d93e5708026-3360x1720.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://cdn.sanity.io/images/cctd4ker/production/c5e320d04f1facb21c6721e345dbd46d52bee3e3-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.metmuseum.org/hubs/art-linksChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://cdn.sanity.io/images/cctd4ker/production/cc7db4562568666d922df90241ecb24c726eb1e4-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://cdn.sanity.io/images/cctd4ker/production/dc917f2d2991984a1ba767407192a6709ad53751-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.metmuseum.org/deChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://cdn.sanity.io/images/cctd4ker/production/eb835a48b4ccc4587344f0703a2972142761d95b-5121x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.metmuseum.org/ptChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://cdn.sanity.io/images/cctd4ker/production/c47d68fbeb2ac1df1c97065fc4c9576314114ac2-2100x1150.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://cdn.sanity.io/images/cctd4ker/production/e928ba5d5b0fd6419850a02e250a83da148dc75b-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://superyupp.fun/explorer.exe, 0000000B.00000002.1350449133.00000000030AF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1350449133.00000000030BF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://cdn.sanity.io/images/cctd4ker/production/1c2e90356149ba0ba76249eec8ad307b513ad620-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://cdn.sanity.io/images/cctd4ker/production/7c82dc04b9b7cd6fdc7050baac63f9a0fa1d0b58-3200x1800.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://csp.withgoogle.com/csp/clientupdate-au/1R4GoogleUpdate.exe, 00000008.00000003.1239230505.0000000000FF3000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000002.1240060820.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://cdn.sanity.io/images/cctd4ker/production/0962c69139feffd21a6d63e41b84caa12d7674f6-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.metmuseum.org/art/metpublicationsChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.metmuseum.org/join-and-give/travel-with-the-metChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.youtube.comChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cdn.sanity.io/images/cctd4ker/production/5f61486a45bc4dfb8aa2ad8dfc161327308d939e-345x465.jpChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://cdn.sanity.io/images/cctd4ker/production/64a38e096e6e81e1d6e88b8769be6e708c8f0a65-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://player.cnevids.comChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://cdn.sanity.io/images/cctd4ker/production/bf28177e319669ad50a2fa5ba3bb05ba0bcdec05-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.metmuseum.org:443/ChromeSetup.exe, 00000000.00000002.1121392970.0000000003300000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.metmuseum.org/itChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://cdn.sanity.io/images/cctd4ker/production/4e42824172f3aeb6d59d4454ba39d9596901bf1b-802x1200.jChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.metmuseum.org/esChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.metmuseum.org/zhChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://cdn.sanity.io/images/cctd4ker/production/4e8481e185889059219514308e31741720ed3806-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.metmuseum.org/search-results?q=ChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://cdn.sanity.io/images/cctd4ker/production/2851596a4b19bf055bda88eac5750de9d34c55e2-1920x1090.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://cdn.sanity.io/images/cctd4ker/production/d5b3fd10d2a5e48062d52ae48b77de7ca92f58b0-5472x3648.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://m.google.com/devicemanagement/data/apihttps://dl.google.com/update2/installers/icons/https:/ChromeSetup.exe, 00000001.00000003.1122563764.00000000031AC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000001.00000003.1118650108.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000008.00000003.1164725360.0000000005C31000.00000004.00000020.00020000.00000000.sdmp, goopdate.dll.8.dr, GUT72CE.tmp.7.drfalse
                                                                                                                		high
                                                                                                                https://cdn.sanity.io/images/cctd4ker/production/4be2d0b75d00751e76a262170c35bc14a0dc0e5a-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://cdn.sanity.io/images/cctd4ker/production/4236b335571cf73d4d3e70ee11239b06b504b71d-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://cdn.sanity.io/images/cctd4ker/production/a207b8c68dca50f059cba2dc6d96a4b8da57f39b-5472x3648.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://cdn.sanity.io/images/cctd4ker/production/489c19a05546c5083933f00afc178897b9edf698-2464x1644.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://cdn.sanity.io/images/cctd4ker/production/dfb1d1112338568178f4001a0468e80598e00647-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://cdn.sanity.io/imChromeSetup.exe, 00000000.00000002.1120906766.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://cdn.sanity.io/images/cctd4ker/production/e4cf1ddaf705095ff5f9c7515d2cfeb4d80090fc-3840x2160.ChromeSetup.exe, 00000000.00000002.1120906766.0000000002710000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://engage.metmuseum.org/members/join/?promocode=59396ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://clausegerfild.fun/explorer.exe, 0000000B.00000002.1350449133.00000000030A1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1350449133.0000000003068000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://cdn.sanity.io/images/cctd4ker/production/84036b5eee520f1ab8103f322379a93516c5eff2-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://store.metmuseum.org/?utm_source=mainmuseum&amp;utm_medium=metmuseum.org&amp;utm_campaign=012ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://www.metmuseum.org/frChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://cdn.sanity.io/images/cctd4ker/production/f262eccdf5ecff8a0cf82f3318e6748c97cc0d1f-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.metmuseum.org/visit/plan-your-visitChromeSetup.exe, 00000000.00000002.1120906766.0000000002710000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://cdn.sanity.io/images/cctd4ker/production/1032008ea354b703c01ada25745f7b623f421329-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://metmuseum.orgNChromeSetup.exefalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://www.metmuseum.org/ruChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://csp.withgoogle.com/csp/clientupdate-aus/1K3wGoogleUpdate.exe, 00000008.00000003.1239230505.0000000000FF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://cdn.sanity.io/images/cctd4ker/production/8a74fa97cc00d08a3ea26a042bab5bc6dfb4e2a8-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://cdn.sanity.io/images/cctd4ker/production/a1afad5dd26f7cb83b73ea14bcc01026094c6e53-1920x983.jChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.metmuseum.org/jaChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://cdn.sanity.io/images/cctd4ker/production/6af6c9aaf9e7bc256d383eb4c3d2602d2399f9d1-4266x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://cdn.sanity.io/images/cctd4ker/production/11092279c60e4f4b48121c9f76e8d50e94cd5d59-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://cdn.sanity.io/images/cctd4ker/production/867d851981c2020e19abea4010e2fa979fcc0a03-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.metmuseum.org/ZChromeSetup.exe, 00000000.00000002.1120268351.0000000000B71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.metmuseum.org/events/programs/virtual-eventsChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://schema.orgChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://cdn.sanity.io/images/cctd4ker/production/ccf1d3d8b3c6fbec860035280d645522ba0b4085-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://superyupp.fun/apiexplorer.exe, 0000000B.00000002.1350449133.00000000030D3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1350449133.00000000030A1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000B.00000002.1350449133.000000000308D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: malware
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://cdn.sanity.io/images/cctd4ker/production/c4cc1f849b2780bfddedc9977e8adb976958ea2b-1200x810.jChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://metmuseum.org/_ChromeSetup.exe, 00000000.00000002.1120268351.0000000000AAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://cdn.sanity.io/images/cctd4ker/production/60fa2f9d7ffae496a58e3bdb55bd3e7d369dcdb9-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://cdn.sanity.io/images/cctd4ker/production/5c1ca0c4a6de4645ee7dd18bc1bf5d5b3df69aa5-750x1125.jChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://cdn.sanity.io/images/cctd4ker/production/2a68839fead7142d81db84cd5d009f01a6d77224-862x485.jpChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://csp.withgoogle.com/csp/clientupdate-aus/1Persistent-AuthWWW-AuthenticateAccept-EncodingVarySGoogleUpdate.exe, 00000008.00000003.1239230505.0000000000FF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.metmuseum.org/koChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://www.info-zip.org/ChromeSetup.exe, 00000000.00000002.1128603917.0000000003B2C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.1308782275.0000000004B0B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://cdn.sanity.io/images/cctd4ker/production/c175266c21e565e61000c5699ef71803d79dff77-1200x630.jChromeSetup.exe, 00000000.00000003.1113370218.000000000332F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://cdn.sanity.io/images/cctd4ker/production/f72d7e04a58a5f10a681e59e6220c6fde10e04d0-2829x3520.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://clausegerfild.fun/gBexplorer.exe, 0000000B.00000002.1350449133.0000000003068000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://csp.withgoogle.com/csp/clientupdate-aus/19GoogleUpdate.exe, 00000008.00000002.1242015239.0000000005C52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://superyupp.fun/api~explorer.exe, 0000000B.00000002.1350449133.00000000030D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        • Avira URL Cloud: malware
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://www.metmuseum.org/about-the-met/collection-areasChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.metmuseum.orgChromeSetup.exe, 00000000.00000002.1120268351.0000000000B71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://cdn.sanity.io/images/cctd4ker/production/9f369a8de7c44b5ec918db4b2bab1b8d9d3cabf6-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://cdn.sanity.io/images/cctd4ker/production/3bbc3f424e7f0f241d806e055fb3a5318dc81791-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://cdn.sanity.io/images/cctd4ker/production/d8ac6e50cd46f4257c515a70f99562da91749bbd-5120x2880.ChromeSetup.exe, 00000000.00000002.1121641647.0000000003400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high

                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                  76.76.21.21
                                                                                                                                                                                                  		metmuseum.orgUnited States
                                                                                                                                                                                                  		16509AMAZON-02USfalse

                                                                                                                                                                                                  General Information

                                                                                                                                                                                                  Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                  Analysis ID:1665721
                                                                                                                                                                                                  Start date and time:2025-04-15 19:22:23 +02:00
                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                  Overall analysis duration:0h 7m 42s
                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                  Number of analysed new started processes analysed:21
                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                  Number of injected processes analysed:1
                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                  Sample name:ChromeSetup.exe
                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                  Classification:mal100.troj.evad.winEXE@19/209@4/1
                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                  • Successful, ratio: 71%
                                                                                                                                                                                                  • Number of executed functions: 7
                                                                                                                                                                                                  • Number of non-executed functions: 94
                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 173.194.219.94, 4.245.163.56, 23.76.34.6
                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, update.googleapis.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                  13:22:58API Interceptor3x Sleep call for process: ChromeSetup.exe modified
                                                                                                                                                                                                  13:23:10API Interceptor1x Sleep call for process: GoogleUpdate.exe modified
                                                                                                                                                                                                  13:23:17API Interceptor1x Sleep call for process: cmd.exe modified
                                                                                                                                                                                                  13:23:21API Interceptor1x Sleep call for process: explorer.exe modified

                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                  IPs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  76.76.21.21http://kytelink.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • kytelink.com/
                                                                                                                                                                                                  http://boot.uleif.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • boot.uleif.com/
                                                                                                                                                                                                  file.exeGet hashmaliciousCMSBruteBrowse
                                                                                                                                                                                                  • mowers.co.nz/admin/
                                                                                                                                                                                                  PO.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • wheel.to/uGCCkH
                                                                                                                                                                                                  PO.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • wheel.to/uGCCkH
                                                                                                                                                                                                  2404025INV.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • wheel.to/aCK9QH
                                                                                                                                                                                                  2404025INV.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • wheel.to/aCK9QH
                                                                                                                                                                                                  PIO88938MB.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • wheel.to/KCX8Rl
                                                                                                                                                                                                  PIO88938MB.docx.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • wheel.to/KCX8Rl
                                                                                                                                                                                                  citat #05022024.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • wheel.to/xCYXM4

                                                                                                                                                                                                  Domains

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  metmuseum.orgFull ISetup.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                                                                                  • 76.76.21.21

                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  AMAZON-02UShttps://shared-doc-70b247.webflow.io/Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                                                                                                                                                                                                  • 108.139.16.182
                                                                                                                                                                                                  boatnet.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 34.249.145.219
                                                                                                                                                                                                  https://email.safetyculture.io/ls/click?upn=u001.cCyxNsYTMFF4ZKCpdv-2Bg28QgUGX9bJuy-2Fei6moTQptvv2V6K6AkKU64zbCs9BLFuHYXR_Jmcoi-2BtLy2oATK-2B5qJhoXO8WIQKx6v-2BgOONpd-2Bdm5MbYvpstcM2UQs-2B9al-2B0YWp-2FLIHioEmA9x7VbqUJ0iHZ5RuT3URHNpHAW8MxlU47M70oaVfGVfxAHKdLKB857L3mVQzC5TLomvNVzTGc1xNZTM7J9SQyDeg5gmqTBxVGR-2Bxhi-2FRpL7ruqhNfku5cyBHFkVu9Mk8YrMqpwuvD03kwfo0jOu-2FDYhLAvlp0PSfypTrsLon1pmBxw-2F-2Bk5HJZZ5zZsFxvoIbMLgyFvWU11-2BLBDSnmfh8fGhZvCRi6eFC57GUJj3UgcGLWVX93vAMrkdqwttsCsMks2-2FB8pIZtGQGxPNam2WW28QD3ltMZUYgGCzJqItoU468pVM9QMdShkp-2Fd6jIukwK-2Bey5UVdQJGNQUj7s61MA7QAnXCmKNmrdW-2FTO9UpLhxl9lryeo13xkrwzWJXJQibThPapZifxIo2ivMw-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 54.230.253.42
                                                                                                                                                                                                  boatnet.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 34.249.145.219
                                                                                                                                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                  • 34.249.145.219
                                                                                                                                                                                                  na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                  • 52.11.240.239
                                                                                                                                                                                                  boatnet.arm6.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 54.247.62.1
                                                                                                                                                                                                  SHIPPING DOC.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                  • 13.248.169.48
                                                                                                                                                                                                  https://storage.googleapis.com/pastagiaperio/index.htmlGet hashmaliciousInvisible JS, Tycoon2FABrowse
                                                                                                                                                                                                  • 3.165.184.23
                                                                                                                                                                                                  boatnet.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                  • 34.249.145.219

                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                  • 76.76.21.21
                                                                                                                                                                                                  random.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                  • 76.76.21.21
                                                                                                                                                                                                  nK8noQeiXl.exeGet hashmaliciousHTMLPhisher, CryptOne, LummaC Stealer, Socks5Systemz, TofseeBrowse
                                                                                                                                                                                                  • 76.76.21.21
                                                                                                                                                                                                  random.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                  • 76.76.21.21
                                                                                                                                                                                                  random.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                  • 76.76.21.21
                                                                                                                                                                                                  728-3512-19.htaGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 76.76.21.21
                                                                                                                                                                                                  exe.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                  • 76.76.21.21
                                                                                                                                                                                                  exe (2).exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                                                                                                                                                                                  • 76.76.21.21
                                                                                                                                                                                                  SecuriteInfo.com.Win64.MalwareX-gen.31144.14788.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                  • 76.76.21.21
                                                                                                                                                                                                  SAKL0987656700.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 76.76.21.21

                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exeGoogle-Chrome-108-0-5993-88-lnstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    Google-Chrome-108-0-5993-88-lnstaller.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                      ChromeSetup.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                                                                                        C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exeGoogle-Chrome-108-0-5993-88-lnstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          Google-Chrome-108-0-5993-88-lnstaller.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                            ChromeSetup.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                                                                                              C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateBroker.exeGoogle-Chrome-108-0-5993-88-lnstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                Google-Chrome-108-0-5993-88-lnstaller.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                  ChromeSetup.exeGet hashmaliciousRaccoon Stealer v2Browse
                                                                                                                                                                                                                    C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdate.exeGoogle-Chrome-108-0-5993-88-lnstaller.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      Google-Chrome-108-0-5993-88-lnstaller.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                        ChromeSetup.exeGet hashmaliciousRaccoon Stealer v2Browse

                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):301848
                                                                                                                                                                                                                          Entropy (8bit):6.648559159903329
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:ShInmyy8rSVW61Vd5nirfggy9HaAOrECXwckQQx+08i:5nPyUSVr/5nirfgsVECXwzx+08i
                                                                                                                                                                                                                          MD5:DA1DD236ECD7C2C550604F1DD791AB81
                                                                                                                                                                                                                          SHA1:952B1EA7A2A6D74A40BA312AEB04D4A5BA3A5536
                                                                                                                                                                                                                          SHA-256:77F31C188C1F2AD34287DA7A14BCAB9A5EBBE6546F20263AF73973A8FE422DE2
                                                                                                                                                                                                                          SHA-512:D4C1AE558969F234D505261E0C3874B02B27722BD20233FB867F5AFF4CBA4B27673E6798846F0513C5363BCD38F5C5981A25217932BB83090F49FCA9AF857C15
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                          • Filename: Google-Chrome-108-0-5993-88-lnstaller.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: Google-Chrome-108-0-5993-88-lnstaller.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: ChromeSetup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........0.tc.tc.tc..wb.tc..qb|.tco.pb..tco.wb.tco.qb..tc..pb.tc..ub..tc.ucq.tc..}b..tc..c.tc..vb.tcRich.tc........................PE..L...A.d.............................r............@.................................8.....@..........................................P...2...........r...)......t(......T...............................@............................................text............................... ..`.rdata..l%.......&..................@..@.data...d(... ......................@....rsrc....2...P...4..................@..@.reloc..t(.......*...H..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleCrashHandler64.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):401688
                                                                                                                                                                                                                          Entropy (8bit):6.360013717980644
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:6ELy9SEPWzVB2zUM2WJoROZVAgFXaoZfuYw8tGx+3:62ywEQ7gFXaA2Yw+GxU
                                                                                                                                                                                                                          MD5:5692DD1940AC1D772B3508169BFA0148
                                                                                                                                                                                                                          SHA1:5DF49A367B49EE628AA53ACF4D63D6AFF925B618
                                                                                                                                                                                                                          SHA-256:86010716B5B36F44071EF9C80BB520FC85BC16F7226E7750436D3181F5ECD83F
                                                                                                                                                                                                                          SHA-512:8B7E3B03EA031D1C2E5259DF8F67E3DE47B62CCDB4843D439DE8F6B2D86242D3CDC5FB18211AE3C7FC128ACBB004507A7ED4C0C8C1636BEFA20E2210E73FED02
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                          • Filename: Google-Chrome-108-0-5993-88-lnstaller.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: Google-Chrome-108-0-5993-88-lnstaller.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: ChromeSetup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G0...Q.].Q.].Q.].#.\.Q.].#.\.Q.].;.\!Q.].;.\.Q.].;.\GQ.].#.\.Q.].#.\.Q.].Q.].P.]w:.\HQ.]w:!].Q.]w:.\.Q.]Rich.Q.]........PE..d...Y.d.........."..........R.................@.............................p......I.....`.................................................hM....... ...2.......,.......)...`..8...` ..T............................ ...............................................text...X........................... ..`.rdata..Z...........................@..@.data....6...p.......V..............@....pdata...,...........h..............@..@_RDATA..............................@..@.gxfg...0...........................@..@.gehcont............................@..@.rsrc....2... ...4..................@..@.reloc..8....`......................@..B................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdate.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):162072
                                                                                                                                                                                                                          Entropy (8bit):5.988644157808262
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:xwzvOYwt5YP/aKavT/DvbEvK9aobNI2B+el0LTGzkWJWXVfShNgpNcOJkeaNd1KY:XtiP/aK2h9H/B+XE
                                                                                                                                                                                                                          MD5:047FDBAE45C6D08B606BF3E8CEEFB4C5
                                                                                                                                                                                                                          SHA1:6887347C7640EF86B87066ABAB5A43ACECC9A962
                                                                                                                                                                                                                          SHA-256:0010A33FCDA893D72DA357D8F8751F0ED243908F1A83B51748E81B508EBF03BA
                                                                                                                                                                                                                          SHA-512:A0E94D3657A02A8C3A05AACCFBD56DF18ED6DC03F38A455ECB404902F4FF2045CC4AD794CF00E7570553897C5E4CD32AA8F52BB294890F9458C23E4EF815A354
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                          • Filename: Google-Chrome-108-0-5993-88-lnstaller.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: Google-Chrome-108-0-5993-88-lnstaller.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: ChromeSetup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9.d.................D..........Ru.......`....@.......................................@.................................P...x....... ............P...)..........p[..T............................[..@...............L............................text....B.......D.................. ..`.data...x....`.......H..............@....idata...............R..............@..@.rsrc... ............\..............@..@.reloc...............@..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateBroker.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):108312
                                                                                                                                                                                                                          Entropy (8bit):6.4784780227418
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:bMxJ7Rfp8K172YPrN4vzT+PpZpsB+JG+EOX79xU:bMH7cCxPppsB+M9Kk
                                                                                                                                                                                                                          MD5:E9C3B566C6B059F23EA2A63FC3747FCA
                                                                                                                                                                                                                          SHA1:D001D14775D212D57991FEEA1330FE9E5ED4FC68
                                                                                                                                                                                                                          SHA-256:7A47BC22E09AF91EF7B176DB9788415A4EDA8D7679D89AA6102D72F231BA50FA
                                                                                                                                                                                                                          SHA-512:84E7CF8F4A0702721C4666C446E493403E050053CFCAF33C7EEF42E0065680B4AEF73AC9EB74127C034A2F8B6851B5F9AB98F4B4821212DF39F26AB43EB4413B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                          • Filename: Google-Chrome-108-0-5993-88-lnstaller.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: Google-Chrome-108-0-5993-88-lnstaller.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: ChromeSetup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...:.d..........................................@.................................v.....@..................................5..<....`..p2...........~...)...........+..T...........................X+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateComRegisterShell64.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):185624
                                                                                                                                                                                                                          Entropy (8bit):6.209107446544636
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:uni3ZkI1rXRAmWt9h8QlLISqG+T1DpN9qEKLmoY46WKz5B+O3dnD/Yxu:uni3ZkQrBAmWt9h8QlLISZWVhohob7dv
                                                                                                                                                                                                                          MD5:C6119D93099CEFC4D75C8B70BBE981DD
                                                                                                                                                                                                                          SHA1:5F04DE21031EE27B6CD6D0BA2D73A50DD96237C6
                                                                                                                                                                                                                          SHA-256:9D5F50FC14DE8308EDEC2B17DB01613F827C14313BDF9479C5D6D11DED86AF36
                                                                                                                                                                                                                          SHA-512:E00A9012CE835374807731DE1B042D5E9FB4CBCC26BE091CE3C2859FD3DB6498895297AC003A74C960E4667B883678E44D2AA7F88D0071EA114C70BB0A296229
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O...O...O..)=.._O..)=...O..N%...O..N%...O..N%..O..$...O..)=...O..)=...O...O..kN..$...O..$...O..Rich.O..........PE..d...A.d.........."......R...z.......R.........@.............................0......TB....`..................................................p..x........................)... .......V..T...........................0W...............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data...x3...........d..............@....pdata...............t..............@..@_RDATA..............................@..@.gxfg...............................@..@.gehcont............................@..@.reloc....... ......................@..B........................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateCore.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):223000
                                                                                                                                                                                                                          Entropy (8bit):6.648111951374837
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:OMtqCya7IdoB0SJmRi1Qf66AOKW/+GwIAfx+c+FfFyr:JtqCya7IdoBLJmRW6B/Pwpx+cafFyr
                                                                                                                                                                                                                          MD5:8D612B697FFEDD556A24EE4C04D2972F
                                                                                                                                                                                                                          SHA1:EEDDB66EF38DE6A9CE3A002C2A8AB81D8106B743
                                                                                                                                                                                                                          SHA-256:FB47B90747658700D6B18555CBD604DE8689ADE666E52CFED24EFC7CEA9E7E1E
                                                                                                                                                                                                                          SHA-512:BA0C06FE8704CAF0BA01270EF239D39E3BE8DBEDB094631769118BE75C56BA0031E34FA291FD4DDCEEE5D03BF8CA04E8E5FF760BB4CFF1FA744EF371AB67BB7F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../..N...N...N..T<...N..T<..!N..3$...N..3$...N..3$...N..T<...N..T<...N...N...O...%...N...%y..N...%...N..Rich.N..........PE..L...Z.d.....................r....................@......................................@..........................................0...2...........>...)...p... ......T...........................h...@............................................text...e........................... ..`.rdata..b...........................@..@.data....'..........................@....rsrc....2...0...4..................@..@.reloc... ...p..."..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\GoogleUpdateOnDemand.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):108312
                                                                                                                                                                                                                          Entropy (8bit):6.479748154452283
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:qER5AhC48S1m2YPrh4qR8v4ZksB+JGdqhOaxOt:qEXAe6QPxksB+MYQv
                                                                                                                                                                                                                          MD5:A5BDDCA8078F8D043EF1BA52408E3A63
                                                                                                                                                                                                                          SHA1:4F9068968E803E90D57873786C29E38258539209
                                                                                                                                                                                                                          SHA-256:FF68C58C8B4600C1362AD3BB441FE8F1DD1FF206ED92EDD795AA71504E6286B4
                                                                                                                                                                                                                          SHA-512:360A55AE06C52FE945D208BD3DDEBB27A2BF1C598115300306D8E64E60A5F750F90AD5552F3BE97517AD3EF68232DA067D62EE546204D9B33FF91813F08C2D2E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...;.d..........................................@.......................................@..................................5..<....`..p2...........~...)...........+..T...........................h+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdate.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):2026776
                                                                                                                                                                                                                          Entropy (8bit):6.853078405445965
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:y0bxVqH+t6rw7AQ9RdcKFlk2Y/gCXPvxzP:y03si+k9UKFlAL
                                                                                                                                                                                                                          MD5:394D22417AB10BCDABC67B89DC2210D7
                                                                                                                                                                                                                          SHA1:F3F17D76B62CFFD6E9BE62B17CC4E9C10E7D5B9A
                                                                                                                                                                                                                          SHA-256:74449270D9FE9BBD229AF902B6C1379F3545ACC04585D39EFD1933F14062E4CC
                                                                                                                                                                                                                          SHA-512:35BCF29C94AC01EDF914D663692A34850588ECC381FD3300526078119D8198D66E6BCD40868CBD51AD9EC5A6D9D915302904F52EDDDEA836A582ED2B9661C65C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......./i..k..Uk..Uk..U.z.Tj..U.z.Tj..U.z.Tz..U.z.T...U.b.TJ..U.b.T|..U.b.T*..U.z.Tq..U.z.TB..Uk..U...U.c.T1..U.c.Tj..U.c.Uj..Uk.FUP..U.c.Tj..URichk..U................PE..L.....d...........!.................M.......0............................... ......4.....@..........................w..X...8x.......P..................)......|....[..T....................\.......\..@............0...............................text............................... ..`.rdata...{...0...|..."..............@..@.data...........^..................@....rsrc.......P......................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_am.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.795840750645376
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:aIH4k4sI+h2JIYi6yF1x5ofPxh8E9VF0NyYWn:zHZJ7Yi6yXiPxWEuK
                                                                                                                                                                                                                          MD5:03E78010DB04CD34227B7BC7544403FC
                                                                                                                                                                                                                          SHA1:25F39BBC0A335C229D40AD13D8856E63D7D7DE2D
                                                                                                                                                                                                                          SHA-256:627C25893A0F91AADC921EA93A472DCDB39CA8A714CE3FE634EFD5EC65487A39
                                                                                                                                                                                                                          SHA-512:D19B239E048C88438155C6AA9397B51579D8C4E73703ABCCD436DCB57A743C6D5C699C9D62875E68A333735F1009A87FA85B7A762792038CD6FC1D2AE4857D5A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ ......................................^)....@.............................I....0..(....@..Pp...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...Pp...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ar.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):42264
                                                                                                                                                                                                                          Entropy (8bit):4.792883323942892
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Lfr3anBDBGHCIYi6yApiaPxh8E9VF0NyY/J32:/3anT8Yi6yePxWEuk
                                                                                                                                                                                                                          MD5:11993FD5B218BF08DC072EBC23E5D162
                                                                                                                                                                                                                          SHA1:36B72292E03CFCCF782AEFB15270E3A0F9F9E384
                                                                                                                                                                                                                          SHA-256:ED1534A527647D3E16568963C162DAD043003A4ADF1C022E1A6A81E9A699C3CE
                                                                                                                                                                                                                          SHA-512:9EB2FFF8A5F7D4E5C597C590D3481817BBFD7E2E20A239AD112BEDCB4891535877D46A3FAFC8E775AF1AF1D6D98B7781AB98CEBC145A71E73AFBC8D832BAE395
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........v......h........ .......................................B....@.............................I....0..(....@...m...........|...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....m...@...n..................@..@.reloc.. ............z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_bg.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.824742237255707
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:U/Q9tck8aGIZBOcw1IYi6ylCG5Pxh8E9VF0NyYMUUJ:U49l7DlYi6yRPxWEutUJ
                                                                                                                                                                                                                          MD5:E09B858FAFF3573AEB5389CD92E0D7BF
                                                                                                                                                                                                                          SHA1:F22E4A97BE5A6A303C2226F63C6DC47F131DCFD9
                                                                                                                                                                                                                          SHA-256:BE863F710558EA45955BBEAB27922D01CB3A297FC52E36ECD4EC18334692C391
                                                                                                                                                                                                                          SHA-512:48CEB5A060F9D4DFD8DC2D7BAC007C2C57346DF7C017EA0391CFF526CA5B852A26D25963AFDFDCE1F39CF4871A68BEB5E84AC84CF056CDE69B4E957EDF49D9EA
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................s.....@.............................I....0..(....@..Py...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...Py...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_bn.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.881101683488677
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:/dEvUx7tVF7qTFoFrTFgRj+mBwTnIYi6yj+Pxh8E9VF0Nyb20F:1Eu0FoFXFWBwkYi6yKPxWEpzF
                                                                                                                                                                                                                          MD5:BAA39403D8ABC3E74BA70EFCE7005E86
                                                                                                                                                                                                                          SHA1:C7D96C312547F4D973E54BD203E2821CEAAD8ED1
                                                                                                                                                                                                                          SHA-256:908045B4D1745E39031DC7861221332DD87FA9AD89DA86D68353BEDF982DB3BA
                                                                                                                                                                                                                          SHA-512:A0051323857B1854FAA1F6589431FC75BE1705B9B4A275E9408F1338E916B86A710E22F0EAF87F8F5B6FE35ACDED9F9D1CE3AB018B6436915802D551D03ADA08
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................I....0..(....@...x...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ca.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.599056937006775
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:d5FH2yrzVu/k4bHk0IYi6yqIvdAJYPxh8E9VF0NybWPAbI:fFH2yrBuVWYi6yxvdAJYPxWEpeAbI
                                                                                                                                                                                                                          MD5:C6C4220211CA3631F98D967F24287D80
                                                                                                                                                                                                                          SHA1:8859BBA7E3E68342D28772B47AA0CE388602AEB0
                                                                                                                                                                                                                          SHA-256:D7CA0004F69927F78A2EC004FD0935392D3E49928FB6BDED29335CCB7D4B1DE0
                                                                                                                                                                                                                          SHA-512:2F5EE9E2192A0E4CBE3F82ED1CDED0164CA190634D54B3BF10340D17F61B29C86BFADCD1F189AC5E97DB0FBA027D80FD9CFA3537AACD73E13AE79551A170DA93
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................dn....@.............................I....0..(....@...x...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_cs.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.652100534440651
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:cGcPVBWDqBkwEAufy6fIYi6y29iPxh8E9VF0Nyb8Yg3:aPGj/gYi6yvPxWEpi3
                                                                                                                                                                                                                          MD5:39189C8922EFBBDD87E0586599CCA15C
                                                                                                                                                                                                                          SHA1:01C79D31D72579F79684198758E5E3D74D7A677E
                                                                                                                                                                                                                          SHA-256:B33CA4894EAB5A1F2D0498172BED467B601B90DCEC99489EAAA04CE20ECEB566
                                                                                                                                                                                                                          SHA-512:D023DD306C09AE5FDD1F3E32916D7FEF3A0963024DA8124BDE65100EC59A90D6C8FBF3494A23F6D37F206C2A9F0BCAF38B2B86331A7DB2223779C8E31576F39A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................3....@.............................I....0..(....@..@u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...@u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_da.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.605348492828605
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:nMZfN3wtpOcqJ0YIYi6yszPxh8E9VF0Nyef8MK:ML3wxoeYi6y6PxWEo4
                                                                                                                                                                                                                          MD5:72414179BFE08FF73DA291BAFB776E29
                                                                                                                                                                                                                          SHA1:23D5C5F72CB9099316A11337D682E3FE417260E4
                                                                                                                                                                                                                          SHA-256:88AEA5D1E31A63BFCD2AA37E87D50BC2C31F3075073353D25E8B1A5440165287
                                                                                                                                                                                                                          SHA-512:4B2945CD4A468D94A63D7DB5299E6A73AC8E528AF936E128388A7497F6B19379CDA6CAC90A2FED84478C75469E967E00A49248B21F37BB5BB1BF499D6734340C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................p....@.............................I....0..(....@..hu...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_de.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):46360
                                                                                                                                                                                                                          Entropy (8bit):4.597090073727154
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:M8JUy8gjhO4MesINK/QXIYi6yW7Pxh8E9VF0NyevgRef:9V1MeZsQYYi6yKPxWEoIRef
                                                                                                                                                                                                                          MD5:EAF4C90A423F20A1E97BA7CD59B250CD
                                                                                                                                                                                                                          SHA1:CCAA876DA63431DEE7D9199850D5FAF9029E8DF4
                                                                                                                                                                                                                          SHA-256:FE1B6E21C8FE46EB1115356A2660FE269FC585FECA18A6F2D30190C57066C66A
                                                                                                                                                                                                                          SHA-512:D34AC9119D661D00C1EA606DDB9A9F93226E62A44AF219353E4BB938023011C364B075E35AF397EF6B07FDD61A20BB83CD5AEFFB6B9EA515F6FF0D3CEEF35AEB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................!^....@.............................I....0..(....@...|...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_el.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.8976143355145165
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:LqWEDleILkSIuHCSqlIxRFiAhkg8zBdfsBsTbjIYi6yQNgK/Pxh8E9VF0Nye+u:2rZlLOWR5m/kYi6y2RPxWEoj
                                                                                                                                                                                                                          MD5:8FB8A25261502F728ECD840588CA9092
                                                                                                                                                                                                                          SHA1:D6D1BC01F4DDAEFEDB8C558467666E713A76804A
                                                                                                                                                                                                                          SHA-256:05D06BFA7E8D7FA47EF354D811BBEC1F432D80680733AA1553E2F83C4946DBAE
                                                                                                                                                                                                                          SHA-512:3EAFA72C1DA27FB369F602DA4A1491CF9B9CF573D367E546B9FB854A71B221A1DB0037E9A784EC579FE4D1B65E849A8C2A2746C560F5A3ED79F1C15C3BD0F048
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................I....0..(....@...{...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_en-GB.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.60441142316265
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:B1YtagyXbubQIYi6y9gSPxh8E9VF0NyZup:ktagyXqFYi6ylPxWEre
                                                                                                                                                                                                                          MD5:B1BB07E2B719CF58CA052490F5A0B9ED
                                                                                                                                                                                                                          SHA1:2EC7B9C8A22E2699303E59B19AA67DA3B7096A5B
                                                                                                                                                                                                                          SHA-256:A290A6ED4403BD1B04C46D80FA8AE6C944C2E863BFCFBB022FFDB9A89685F86D
                                                                                                                                                                                                                          SHA-512:D41FBF79B4FF54AA75D95272D6D03F5F0F056E9CAE0F6D65D1F0911DD46F5279A1F37101364F606DFED528FB1F033E3AE457F6A18A7A1A9C7D2208918B5711DE
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ .......................................}....@.............................L....0..(....@...q...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_en.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.600381831559855
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:e28agyMeRpIYi6ymeimF/Pxh8E9VF0NyZQq:h8agyMe+Yi6y5F/PxWErB
                                                                                                                                                                                                                          MD5:BBF04B9C1C75340D5381D1048CB39279
                                                                                                                                                                                                                          SHA1:00DB86888A3EFF90FBBC032EA24F7019D802EE82
                                                                                                                                                                                                                          SHA-256:B5A2FC0F28DEB7841BD92B4F257C4B163EC2CE2D8FED8DE82FABF950A91DF623
                                                                                                                                                                                                                          SHA-512:323154686BDE5B5519A06DAFD4F49B56590312A3D6EFE558D883FF8D333191D6C9EE7F9EAF9BF69355DFA6A3A57C923F7026D5A492656354AB0B00B34056AB37
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ ...........................................@.............................I....0..(....@..xq...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...xq...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_es-419.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.590269055522172
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:nhU+fy4JIYi6yz5qb4Pxh8E9VF0Nysvx7cJf+8:hU+fy4eYi6ywb4PxWEy5t8
                                                                                                                                                                                                                          MD5:8A63D1AA28F7AE7D8032A9742BAFE5BB
                                                                                                                                                                                                                          SHA1:0A8C7AED30A515765592015542A92EAD0EE69682
                                                                                                                                                                                                                          SHA-256:4DD91E89F612E830AD12A32D4701A58B1A80C2A7B842C5A131266DAA3B1E2924
                                                                                                                                                                                                                          SHA-512:46F04316B1B9A9A8927850C4BA2A01F16BD1DD991F59C9694A3C89A95CD6556DC379547908CD08D62233D06D09EE379BAFBEDEA661B6EA347F7CBAD60381F41B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................l........ ......................................Y.....@.............................M....0..(....@...v...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_es.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):46360
                                                                                                                                                                                                                          Entropy (8bit):4.577785468213174
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:BYxUNRaLElwIYi6yaNEPxh8E9VF0NyZk3AN:CxUN2ElZYi6ya+PxWErCAN
                                                                                                                                                                                                                          MD5:8CC30D9C08FD15EF0FAB843F397B0990
                                                                                                                                                                                                                          SHA1:EDECF20A1A24BDF7028BBA0CE90D86BED8E55147
                                                                                                                                                                                                                          SHA-256:9715039D587CB8F3682DB31914241D4090B2A01E6DC06D238CE7C1F7D7EDF57B
                                                                                                                                                                                                                          SHA-512:A63AC3E300B7D01B96837F12D8580BD4AF0198E2CC50A02371B8B770D2BE03490EADDA891B6BA3E28B5C3847081202258F6985CAE77439F1CCEB128633710A9B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................Y....@.............................I....0..(....@..x|...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...x|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_et.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.590367117520583
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:TPHrbDFbDuVEbJRzSQ/IYi6yuQzcPxh8E9VF0Nysh0S:Lz9umDnAYi6yZzcPxWEyWS
                                                                                                                                                                                                                          MD5:31870C48CAA9C14A0313DA23E9BC9371
                                                                                                                                                                                                                          SHA1:EE2570B889E80ACBEBE58B802FF9E6C190D45494
                                                                                                                                                                                                                          SHA-256:77700EBC335B683DD704A74D7516A912D98A3D50F331B6F90786ED8E5B2B4AA3
                                                                                                                                                                                                                          SHA-512:6FFB8AD9779F0D0C3FD29930AD42CE6A06B768EE237B45C73A162F9EE5642E9050D2DB66500CAE198759FD0852173D94AFCCDB3DEB3A9DC73929E22332952BBC
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ............................................@.............................I....0..(....@..Hr...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...Hr...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fa.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.798383453705228
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:5OVpZbXQ5JIYi6yuDplgFPxh8E9VF0Nys256df:EkeYi6yGplgFPxWEy+q
                                                                                                                                                                                                                          MD5:F3B382FFA29ACEF1E7CFF94442567056
                                                                                                                                                                                                                          SHA1:BDA9AB76353EE28616C57F4DD1957A559E2E2E9C
                                                                                                                                                                                                                          SHA-256:9A47BA46806E377D4332F70BF54D80A692F0CEC06241B0BEAB921972BC01F68E
                                                                                                                                                                                                                          SHA-512:B5157D305252DC110B209026AB9A2D0014B119AD3058A8356231D18BB3ABDF5FC55E6F409D50F48156C052A3018E5FF043A9E5993981C569FE107D2522EF524B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ ......................................-.....@.............................I....0..(....@...q...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fi.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.600153905845738
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:augkfEUPhXY7RTYXU9hKh9GAHrIYi6yWGPxh8E9VF0NyfxY:dBfEomQj0Yi6yZPxWEdK
                                                                                                                                                                                                                          MD5:F4C0685C628AA15D2A3DB93F8B872283
                                                                                                                                                                                                                          SHA1:3C36FDFF1E3438BA30CC5F48BA52397F9BB3876F
                                                                                                                                                                                                                          SHA-256:30E38B21AEEF6590F827F22CDBCCA7DD08836BDCD56117CF3CE4B02C104C2187
                                                                                                                                                                                                                          SHA-512:774548D47665C3463AE35CC09FDAAD4843F9A8EA3C387AD356848C66BC2851B53EA3EA2A84D23C5A2257C3816E994B473127348F9F1E6DCFD5CFB24B88F3B285
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@...t...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fil.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.585524929878328
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:o9rcjUrPer+B3Rlaw7y9kIYi6yF2lN6NPxh8E9VF0NyfxtR:opcjU7c+B3RlawWDYi6yk3yPxWEdl
                                                                                                                                                                                                                          MD5:506D2799D9B8AF3F1DA2279099FC2DD8
                                                                                                                                                                                                                          SHA1:A296C34FE957DD1AF650CED2C28D2BDCC4964EA4
                                                                                                                                                                                                                          SHA-256:24A12004C97A2DAE0CF622F546BA1EBF757D6DFF4B49E9AE280A39D3B6C7128A
                                                                                                                                                                                                                          SHA-512:45929D695080D2E490C5AC69C852D99E23C4DC9571E965C3BB34E84FD834FA7EA961DDBB1E04F75BA2133DEA95F36F47CCB33F36AED8ADF0362529C6CE2FF777
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................J....0..(....@...x...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_fr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.600204897430851
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:PBa98EoMcpW4xDIYi6y/qYLPxh8E9VF0Nyedq:ZaaMcNsYi6yyYLPxWEE4
                                                                                                                                                                                                                          MD5:F58CF20D123D30013824AFA63882CDB0
                                                                                                                                                                                                                          SHA1:16761EB515C35732EFC7CD941E200328AFB29C58
                                                                                                                                                                                                                          SHA-256:DD2F56CCF7DF887810C044F560144F2440DB8CE18CDEBD52FAA0B9477BC39692
                                                                                                                                                                                                                          SHA-512:D676CECC0C19A22FF62B1B17F7D781A89EF530B2D492225202ED1DEF01E4459564818865833EB50C79E05923DE202B9906020D7AF93838B910FC34F651BAA14D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................$a....@.............................I....0..(....@...z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_gu.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.878931760360402
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Wf63UrpgV4DkYCQsfwDkIAIYi6yJOPxh8E9VF0Nye5Km:YoUrpbouJYi6yoPxWEEgm
                                                                                                                                                                                                                          MD5:C624B75BF89DA60A8468B249B8E2F16D
                                                                                                                                                                                                                          SHA1:BC2A436C5A4D0157928A0B247412E8B9A385B23C
                                                                                                                                                                                                                          SHA-256:96CBA45A780B344AB373CB5CDCE52C962E3DFEC08A570FAA6BDC33FDD277116A
                                                                                                                                                                                                                          SHA-512:D8721A97A0E4E5C78F08DF4C031B519E6EACDBB3BC86F673A97325B79E0AE1DD4F9FBF9FB8A7428890076954F5515A82E677F92B0E45DD8B93DEACFCC8E6A5B7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................Y....@.............................I....0..(....@...z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_hi.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.83542724723739
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:jl+M6Ac6AbEcXwwVRYi6yIPxWEE58NIp7:jl+xX1R7APxa+8
                                                                                                                                                                                                                          MD5:9D24FFE112B64B278C97D7A6C5B52B11
                                                                                                                                                                                                                          SHA1:A8596CAE57634C63630AE2A75B672B71CF06DB83
                                                                                                                                                                                                                          SHA-256:B1177587CFF272AA288AD209892A0B6351FCC69855C928F6C28209906F84DA85
                                                                                                                                                                                                                          SHA-512:5AEA4EC4ABAFFB33A1876240F7D4A648D0E4A993594E79239AC1BE6E98B71E2C760DB1D729A3B5D2272407E3EFE4028B311157829A4B19D5BFF997DCC1D6D27E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................I....@.............................I....0..(....@..pu...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...pu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_hr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.60451381822393
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:8psONeXz1J2zMB5qBL/bIYi6yNAPxh8E9VF0NyZjEb:Qsd5IL/kYi6yiPxWEX6
                                                                                                                                                                                                                          MD5:BBA3A0029E2C7A87A3C0CEE4E87D2575
                                                                                                                                                                                                                          SHA1:E325E0E210F8D1360D31BDEB3822838B63F61144
                                                                                                                                                                                                                          SHA-256:225B36D48A8391DEE8F5BF03DEDE1A7A785FE9EE723D31173922980FA9FBDC03
                                                                                                                                                                                                                          SHA-512:DE50029843E5AE018F65AD15F17A159BCC4308A0A02AE72BEFEB7CBE4593BCF8B6136A78D40F3D9829FF8A547AA0DC59E22123623E12CEDB216EC9AAA5115ACB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................s....@.............................I....0..(....@..@v...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...@v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_hu.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.634211400841873
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:N97U7oPX1C2TycfBwGFTbeSNp6931lBVZpOAy3FGVsSYi6yjDWPxWEX1F:N97U7e1C2TzpwGFTbnp6d1lBVZ8Ay3FL
                                                                                                                                                                                                                          MD5:03AF7CCCBE96406F9FE2160C767200A2
                                                                                                                                                                                                                          SHA1:BC3EEAE5C5DD2581629F5180EE88373377261EDB
                                                                                                                                                                                                                          SHA-256:445C3E49BD054A6D43CF74435DEF1D347BFE68720071BEFE1A949A647F0B61A2
                                                                                                                                                                                                                          SHA-512:FC2E736793D9895100B57A259F5C5E65A51BBC9DEF8CA661D34F5001582B4A52A07A5E66AB1AEDD767B366C90124FE034334BE4895596EBCF0470788585D7359
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................t.....@.............................I....0..(....@...v...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_id.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.582086896816898
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:WC3P5juSkAHqQ3lbZe2E9RyrUJrIYi6yz0Pxh8E9VF0NyZhEz:WkEARwaYi6yYPxWEXO
                                                                                                                                                                                                                          MD5:0D38FA0F9455D2F68DF65659473DD514
                                                                                                                                                                                                                          SHA1:4EE6784DBA18087846951D517032A52F53CEEE52
                                                                                                                                                                                                                          SHA-256:425C509C7F6310C4791CF44965F27783D2BF2FCBBBB91DC5BADDFA3BABF8DCA6
                                                                                                                                                                                                                          SHA-512:B61AE6C01241DC2E0C0FDF82418765D091D0436A8452BAD946536FB646BC84D74ED607F646E1890D8F026755CAC108289EDC7618BD0CA140A5D939C6E96E2AF5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ............................................@.............................I....0..(....@..8r...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...8r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_is.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.629080038197288
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:4M6iBA06DkU3QF5EefV35+Yi6yTAc/PxWE6cZZ:4M6iBA06DkU3ubfVo77NPxF
                                                                                                                                                                                                                          MD5:A533D11418F301BCF17469394DA295C1
                                                                                                                                                                                                                          SHA1:5D4AE33DB437B3CDF1E6951276295A8A007D8F86
                                                                                                                                                                                                                          SHA-256:1D67D474D375C10EBC9A6FA1C94F7455AD537C2AC9F238CA24918EDB388E0187
                                                                                                                                                                                                                          SHA-512:5A1F4B991B29283479FD24F3C966C472D3A90673EFFB5504B72237BF0D6E5CAF5BEFB4DE1F6C2D0025E1B57BDD33D7D60D2FF068AE77E36366DA3FA336343E68
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ .......................................T....@.............................I....0..(....@...s...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_it.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.576895481344007
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:dD1lrIn+sdB35IYi6yjsMzPxh8E9VF0NyYvRL:ftIn+m3uYi6yAMzPxWE6pL
                                                                                                                                                                                                                          MD5:C7FF0AD03D3B207DEE620141BB81B8E9
                                                                                                                                                                                                                          SHA1:AD0A4EE39AF1B0800BE4522C77CDFA1781755891
                                                                                                                                                                                                                          SHA-256:2FE0B0315C67DC54CFB5372BB968AA2C72B310FCE27F96C4EC81A060F0CC7CA6
                                                                                                                                                                                                                          SHA-512:F040EE31BE3D0EB3479C20723C9B36A5B07C1E44B6AD01849AF4BA771FB691254FC7CCAD0B0C8EE7ED75E6A03B4F20FA8D24E2A531054C7D12B9CF9F726AE547
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................?.....@.............................I....0..(....@..@z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...@z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_iw.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):41752
                                                                                                                                                                                                                          Entropy (8bit):4.804437784456202
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Rpxv7kdVe4DyCc53iKFIYi6yeXIPxh8E9VF0NyYrvkFa:H9SqyYi6y1PxWE6zk4
                                                                                                                                                                                                                          MD5:08F41413611656BA8ED9775F7B6BC1DD
                                                                                                                                                                                                                          SHA1:8526E5ED40059B798D4C6BDD7DB9A5EADB70552D
                                                                                                                                                                                                                          SHA-256:13AEC975CB276789021E4566994FDFBF50DA5481379D927B6D3FFC168D29EA85
                                                                                                                                                                                                                          SHA-512:C53DA672BD691CA5EA1C4A55A089020F149482FA50EC6AB657F1853615685EE84FABD1C79DEF995CE1F7F5022B62D7C01678B755A2934B7E0F5BD564A851B093
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........t......h........ ............................................@.............................I....0..(....@..(k...........z...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...(k...@...l..................@..@.reloc.. ............x..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ja.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):40728
                                                                                                                                                                                                                          Entropy (8bit):4.827744296736407
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:sGlGEXjOBWceUIYi6y7NPxh8E9VF0NybLD:tGETOBWcelYi6yRPxWEFn
                                                                                                                                                                                                                          MD5:1EF10961FDA02309F371069ADC566867
                                                                                                                                                                                                                          SHA1:D9E66B6A7748F34C53631B15F7991E02A53CC6F5
                                                                                                                                                                                                                          SHA-256:38DE19425E692EEF89C60032D30979A7E637FB189BE4A57C7006C01CEF17C375
                                                                                                                                                                                                                          SHA-512:0C136F56822DCC31EED9589A00DCA4818E1CCFBDA31F34B111564D21F78DC518AFFD289C71FE49C03D408AAC29B1264A9C14796AE90B5D82AC4788F26C1B9EEF
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........p......h........ ......................................(s....@.............................I....0..(....@...f...........v...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....f...@...h..................@..@.reloc.. ............t..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_kn.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.908661026016275
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:QZJDfWBBShIYi6yimpjPxh8E9VF0Nybugz:ODf2k2Yi6yzjPxWEF5
                                                                                                                                                                                                                          MD5:8F894D02D9F67C8772AA0973F3F671FD
                                                                                                                                                                                                                          SHA1:00DE35930695CB35BCE61ABEC54B08404AC89F0D
                                                                                                                                                                                                                          SHA-256:67EC1F62656C23778DCADAA7189959180E7513CB89A3F5489610804B441672A9
                                                                                                                                                                                                                          SHA-512:1FF95A91500575234E40BDBF6E9955F8E28C1F6AA0008D93CB397B2E6BB696E3ADF28AE6DF87F95102543E60C81AC5CFF070AFCFF6DC1DC09FD87E715F55A8A5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................R....@.............................I....0..(....@..@{...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...@{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ko.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):39704
                                                                                                                                                                                                                          Entropy (8bit):4.880724677108415
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:PplRzd3IY+N1vZ0YoRHgA12slxB4xR0kTY1M5tkO3IYi6yYjGV1Pxh8E9VF0Nyb3:hlRVmAaPjv4Yi6yqGPPxWEF3
                                                                                                                                                                                                                          MD5:8A0F8959736813333246851A913808E3
                                                                                                                                                                                                                          SHA1:EB07825CD226FEFB4B5B9C010163091459DCC0DC
                                                                                                                                                                                                                          SHA-256:8CD95C91FD0154C8BC422B7A5923B1FF5FE98BDA9AE9FCACCAD16B745629CA69
                                                                                                                                                                                                                          SHA-512:625CDC0F4A3372A26A9A790F828F89A2DADDC1D9AF44D147E6A7F5F444C7B5A8A0BBCBBF734ACBD21C01E30CEE73383C89968DB0A836AD3EC4E4E6436B29402F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........l......h........ .......................................(....@.............................I....0..(....@...c...........r...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....c...@...d..................@..@.reloc.. ............p..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_lt.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.622895215899392
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:3Xc3nc9eHz03T0R8C923FQIYi6ylSbPxh8E9VF0NyK0FW0:HSckHz03T0R8C92Yi6yuPxWEIN0
                                                                                                                                                                                                                          MD5:ACCDB0606FB0F8170AAC4C8C38268EE7
                                                                                                                                                                                                                          SHA1:91FD807D1AD07CB7F88085D7B029A825BA58A880
                                                                                                                                                                                                                          SHA-256:31A5062DF59BE2A68D064BE3C84FF9B61E5CF67E6E1ED8953326A0E330013316
                                                                                                                                                                                                                          SHA-512:45FCF67061F5C343E769D090612FCB35C3C4D671B317F6A2ABC86C2B2CFF59ED79E87DC4DD4D90B0E5BC35438A54C2F437B19163B58B00D4AFE96351AB085FA0
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ .......................................N....@.............................I....0..(....@...r...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_lv.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.652443029242609
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:APY5yQOea2ebIYi6yTeg4Pxh8E9VF0NyK2S:emCkYi6yp4PxWEIH
                                                                                                                                                                                                                          MD5:1E19438C998571F705BF53CCBCFAD437
                                                                                                                                                                                                                          SHA1:C0A45E4FDCDFF0CE807C797736DE128C5DA2F114
                                                                                                                                                                                                                          SHA-256:652D32F8C1166C26218F4C735373C037F750904996630AD55DAF1E216F2D1F0F
                                                                                                                                                                                                                          SHA-512:B541042B37B4BB543BF5AEFDA66D2C4110F288B78B251124364F72D99A24A240C64EFDB1F218092A9F27BB78661AFD93B688C97B716E2DA72660D2FB51838BEA
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................R*....@.............................I....0..(....@...w...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ml.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):47384
                                                                                                                                                                                                                          Entropy (8bit):4.8783143880201845
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:ltgMfBJvfZigR8/JLvIYi6yNN/KJPxh8E9VF0NyK68:9roJLQYi6yPsPxWEIB
                                                                                                                                                                                                                          MD5:571250F94A32A48E75A8D706334F6864
                                                                                                                                                                                                                          SHA1:6DE00CF2431C24A512DD6644C5A66A8D1A9AE6E9
                                                                                                                                                                                                                          SHA-256:8624CAF8E3BEE406383C117EE46D827E0F1A3B8F3CB7F7134F6315461DCDB18A
                                                                                                                                                                                                                          SHA-512:B1E577E6B6BAA16DDD6CDA4C643AABE5D7C085BF7C03A065EB5F6A842D59F4E7BF8DEE989265EA68254C1F25544A07F0158460991722F255738DD3A9F93B052C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................N....@.............................I....0..(....@..H................)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...H....@......................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_mr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.8496881134355165
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:lIsCrdCT73y7OiAEMfIYi6yJRwgCPxh8E9VF0NyVd0:pC5CT73y7DTrYi6yczPxWELq
                                                                                                                                                                                                                          MD5:C481BF590070431252657C878D10998C
                                                                                                                                                                                                                          SHA1:D92F435FD487478CA7DACA09AFBB9BB6D276BE92
                                                                                                                                                                                                                          SHA-256:26E695817DCB78468E674E4C8939EC942A852BC4F877BF9E6A3C28AC96D1677A
                                                                                                                                                                                                                          SHA-512:98A26FCEA4501519CD15AC261298B486D293ACD484E126A76C4EC7015907B8485395B163E5A2687D0EF7536E4239873B0AAACDEDCD53E5823C53911F606922F9
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................l.....@.............................I....0..(....@..(y...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...(y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ms.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.590975822839844
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:lzGovVFCrRLtUv6odpayK/YjfZ/fbMwTRlRElIYi6yM6Pxh8E9VF0NyVhV:dxhf3TFfYi6yZPxWELP
                                                                                                                                                                                                                          MD5:48084EE97EB61770DF2F5FF01CBEE0DC
                                                                                                                                                                                                                          SHA1:3E0F7E9B23759180BE0DCD70E976AF5EEB7D4D38
                                                                                                                                                                                                                          SHA-256:17E2AE76C7E6C185F51D93A6E031B82445730BF941B5109910EC6915BF78DAFB
                                                                                                                                                                                                                          SHA-512:B0620305ABDFE1AFC2B8BF7138D74AAB99E9B98BB648A185DF9BE7DEDA17B09753CCB03A5F8D1E29B98400A2A8E41D0732A45BE5A57072BC18297567FAA73FD5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ............................................@.............................I....0..(....@..0s...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...0s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_nl.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.58455886453974
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:luLoTcrh3Ne1hIYi6y7f6Pxh8E9VF0NyV5D:2og/eEYi6ymPxWEL9
                                                                                                                                                                                                                          MD5:D05F9C041CF607B26A1B7E31FF83D496
                                                                                                                                                                                                                          SHA1:49EF8C77557CD6F31597F76A8049D5B8A3798149
                                                                                                                                                                                                                          SHA-256:3C99288CF6E5EB23CDC0ABEF3EC0FD0D209BD7972133F8DC180A341BDB381591
                                                                                                                                                                                                                          SHA-512:89F0A4E13390B089A9CCE28830E058A4D7DFC186ACAC7CED254B74D9B0EC1F8C40FBFDD9ABAF7B4E86CFFF0FBE51C9408EDCB24D5CBB4B2EF1D38ECA298B2919
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................mq....@.............................I....0..(....@..(x...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...(x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_no.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.608238070049028
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Rzi5JZSiyCSiylyVqeAYiTv4yywQf6IYi6ywCwfPxh8E9VF0NyUe+:RbyVmYGAyBQfYi6yPcPxWEOh
                                                                                                                                                                                                                          MD5:6D12E0728FCB675AC92F88B678E710CD
                                                                                                                                                                                                                          SHA1:612BF8D27FB19244E98348BCEFCBD705151F1861
                                                                                                                                                                                                                          SHA-256:3D935AB10A1BE22E275BCAF303C6E10672595545DC53D83D502B35616531B353
                                                                                                                                                                                                                          SHA-512:18E68D92ECB4A8DCC542B72C39DFBFA3D6438C0BA04FC8427271AB041FD9AE265DE55E3C967A130399F1EEA3DE7F0976CC2325EC1F2F093F65CA5438DCB43384
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................|....@.............................I....0..(....@..hu...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_pl.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.650238754966078
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Bj+n7KZHWCE1UuGp6hUIYi6ySt4fPPxh8E9VF0NyUgYpKo9:N8yLEGUrYi6y/fPPxWEOJKo9
                                                                                                                                                                                                                          MD5:F391A11212A29A212214699CA3C30ED5
                                                                                                                                                                                                                          SHA1:83FCC8ADD2333A2E7163DE1D38FA1FF62F0A6373
                                                                                                                                                                                                                          SHA-256:E9C8365AAFB2CA0C8090995AED82FE105B88139CA0CF77F7FBA83D3BFD8C9D78
                                                                                                                                                                                                                          SHA-512:94A2A3AB2C90A80E8A1B0AA2558737AC1C880A785B38B12FBB93F2C2CF73FE573D413A582D7573E9392595642B56A789339215DFF8C4DCA977AD1F63ED398654
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................-.....@.............................I....0..(....@.. w...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc... w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_pt-BR.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.612711318856317
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:aj4hcxr/vX8lIYi6y4aPxh8E9VF0NyUaIj:MWmsSYi6ypPxWEOP
                                                                                                                                                                                                                          MD5:97DF57FDAEFD9C539758E276468BF33C
                                                                                                                                                                                                                          SHA1:466ECEF60CA1CD972094050FDC4059645C874CD9
                                                                                                                                                                                                                          SHA-256:6B1C63FB3615A13AA566CED25ABAF1E128CE5A9E9D6162EE009EF59574B8EEEB
                                                                                                                                                                                                                          SHA-512:1BD2B656031F7BF9AEE499A9DA9724E683BFE3EF45E8CDEB5418D2F23E7054E3C7A187EAFFFF0D02AA07A2B264BF5AB4AF82954A5465B5F2C2C995C00CADD96F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................L....0..(....@...u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_pt-PT.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.61394491647438
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:eeOLqst7KKEx+1GGBitIYi6yecCPxh8E9VF0NyUgR:eHTwxMGWvYi6y0PxWEOw
                                                                                                                                                                                                                          MD5:4E3DAADB94D67728EB3CEC220CAC46E3
                                                                                                                                                                                                                          SHA1:3C9529E6448B4EA88D9B9DEAFC9625AB11B6FEB5
                                                                                                                                                                                                                          SHA-256:662DAFFBB94E976E25DBC8231FC1E5F4F59941317200EAAB3222496B3605D80F
                                                                                                                                                                                                                          SHA-512:73805CD9425697F5FDE6AE1B582A2E9F64BEA515B36DA96E65DF903261012F7DA86025C4C11C4B166F066B2E4B3B9FEAD56FD33894AFE43403C28A7B3E265472
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................z....@.............................L....0..(....@...u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ro.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.623157202718964
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:dt/CRNND67qGGQdVqbrI1naEpuYi6yxPxWEJ3:dtjdVqPMaD75PxD
                                                                                                                                                                                                                          MD5:62FF57D9AB77311574A72B62EF85A8A4
                                                                                                                                                                                                                          SHA1:6FB7F38D1D68534541015BE2DBB9ACD716A0E87F
                                                                                                                                                                                                                          SHA-256:D8BFA6315C2EE18D5D1734D4AD4700C3CE7C23B8E0740A136FE0CA9A3FC9F3C0
                                                                                                                                                                                                                          SHA-512:AEEEFFFF267AFB67878843C68A204A7B64DF9AA7A7769739D495EDF5BB70B89F51980073EA2573FC76C02E388025415B62B540F30DEE400F7DD9500379EC7A5F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................V....@.............................I....0..(....@...w...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ru.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.813508731590378
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:vLU1FA4ZUvHlzo4d2yIYi6yVfPxh8E9VF0Nynn8rb:4+vHufYi6yZPxWEJs
                                                                                                                                                                                                                          MD5:3F4F808D45DCC1B5103264518A733A32
                                                                                                                                                                                                                          SHA1:945EB6C696D9933CDAEB3C5F4229A9B940DD0D0D
                                                                                                                                                                                                                          SHA-256:8E614E2763D290B08C9B4D05D1F6D7E66490DFE2D33D8B35C43126EE3E71B2EE
                                                                                                                                                                                                                          SHA-512:39A46DD2862B737EE96ED65F55996CE9A17D31C3B90B794F6F00BC3162EFBA60E32CE7ADC003E0D03A44E572064B03BFA047FEBB59E9E2E8CECAC56E3B5DA39C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ............................................@.............................I....0..(....@...r...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sk.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.641674498049339
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:tVkHUqha1iR6wLTOBIYi6yEpAWXPxh8E9VF0NynL+Z2:Lk0gxRDTYi6yaAWXPxWEJys
                                                                                                                                                                                                                          MD5:F86B22E5301E31E059FB5A505C01EA8F
                                                                                                                                                                                                                          SHA1:138E4A765122BB9AA34BD6BDB1CE3E5043A29CCC
                                                                                                                                                                                                                          SHA-256:D19B647149C2259918C63DF91C97C6FDDEA6A5D42C6AD491D6B74D4032061BDF
                                                                                                                                                                                                                          SHA-512:D9B025CC813EF6464A4BAF767478134AFB393EA18EB4734C4849D4B39226840D6A929A855D4A84560C243F12A1625A399DB99854A5D879E4658B97BE08672B25
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ...........................................@.............................I....0..(....@...t...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sl.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.599080620997685
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:zPhTvshVyiWQZpdpWBdd1imIXousEIYi6ySOCePxh8E9VF0NynmVZX:TzrQZpO14Zs1Yi6yZPxWEJEZX
                                                                                                                                                                                                                          MD5:BBD912F98AE91A8EE2CD7B13BB5F33E7
                                                                                                                                                                                                                          SHA1:8641CFCE8F088FFFF9ED247DDB07B8CAB30F4031
                                                                                                                                                                                                                          SHA-256:065886E6A5EDC11E681E5A587AE1736C5BCE4365CD9742FC13EB3B76D7FC8419
                                                                                                                                                                                                                          SHA-512:A70FCABA41375AADD59BA5C95B7F71BE62D626E5387B9E47FC2CC804339B1A900855FA8E812EE8FB721CA0DB84D90AEB36BBCDE87D8A38754A73A4BB56865C3C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................I....0..(....@...v...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.8148046027403035
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:fbwExgxLUjYFotG9SIYi6yPNPxh8E9VF0NynsV:Tw9UjO4GFYi6ylPxWEJg
                                                                                                                                                                                                                          MD5:D2D55CEEEE9BD3586636734B0CA75FF9
                                                                                                                                                                                                                          SHA1:C37D88F83B5F1DD131A92112CEA6C94D85BAFDA2
                                                                                                                                                                                                                          SHA-256:347A476F5EF633DDD0C0C7DD42983E170509B1AA29B598C7F9AE6E530BF4DFA4
                                                                                                                                                                                                                          SHA-512:1059C86E74D7A7F9E8DE191E2D79F161170135150080752293950127B469B33BB51418D9C8E589F5D88BA27B98E7A64EAFD64C8830D4D10A94FFCFBBB1578E42
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@..8u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...8u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sv.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.614017574533736
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:pCBxa77CEhEPIYi6yD0pePxh8E9VF0Ny2uy5k:gBxaCEhEwYi6yYMPxWEc95k
                                                                                                                                                                                                                          MD5:9B2256F83EA52D2594CF4A5A2298D3A5
                                                                                                                                                                                                                          SHA1:C3F9490237D89EFF6721CA4E017143643BDAC96A
                                                                                                                                                                                                                          SHA-256:5B747C342479111586D76D33A6709A82305FE65658D4D9251A8E115C54373E9E
                                                                                                                                                                                                                          SHA-512:8F2287E0BC314E3F10341399EA5F10C185BEA0984CE57B85DBA64B3D94265BB9333EEBFB514172CA084466A048ED0AD840C5FA3FCB83314A8CC73DC306B00F0A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@...u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_sw.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.64450126869808
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:aNtgicgiN7upv4MZzKIYi6y/aFOtPxh8E9VF0Ny2uqK4:WtQx72v4MZrYi6yCmPxWEcpK4
                                                                                                                                                                                                                          MD5:10895B69F3A262849B740CF22F0AD7C4
                                                                                                                                                                                                                          SHA1:DFCEE47D3B8D6FBA3F49EBCA69BD651077F72822
                                                                                                                                                                                                                          SHA-256:E18139D09C62D3B5DE2D52D606D5963D99FA73FE71251DB2767B7E4D65AB94B0
                                                                                                                                                                                                                          SHA-512:46A19AFA519B45FABDAE36432C195D48444558CD5C8D2B7C1687F7109D65A5B7EFE016EF5F277D2F1299A7655CE09FCA901F16E8A01AB2BA605D4A71DE82B967
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................."....@.............................I....0..(....@...z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ta.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):46360
                                                                                                                                                                                                                          Entropy (8bit):4.8965201701122085
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:C4Gw8Y51ZLmE4r2+IYi6yuc1Pxh8E9VF0Ny2OZ6:HGvY51ZLmE4r2TYi6y71PxWEcQ6
                                                                                                                                                                                                                          MD5:9C6147CFCFAA7C4B95A5A0B73DB434E0
                                                                                                                                                                                                                          SHA1:15E9CCC76929365DD7029D0F2BA436AB346015B9
                                                                                                                                                                                                                          SHA-256:D87854A260E69358D4D72861B1134038F56675EDA53AF3022BFCF02A761879E7
                                                                                                                                                                                                                          SHA-512:4FA7F80CA0139452C3D8626EB5012804A8AF3AB8E1CB300E7F37B59D6B5922EE3C57233979B7EF1430788B1AAECFDCAFF1FB380DECCE4463FBECC4F44CB8A79C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................I....0..(....@...|...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_te.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.851623372946808
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:0UAjjo45Z49fN1XnSVIYi6yRoVPxh8E9VF0Ny2Wo:cjjV5yFXXnXYi6yaPxWEcT
                                                                                                                                                                                                                          MD5:3BA8E2E974CE0CC32BC2DBFBEAD2174A
                                                                                                                                                                                                                          SHA1:8CB88FED511484EE79B30CBCF71FFC3E3D0888AD
                                                                                                                                                                                                                          SHA-256:39BB0535BBEBEE9048F720EB618080927D07503EE6AF7A4D29439E34E87E129D
                                                                                                                                                                                                                          SHA-512:BC827ED3D83D68CDD539BF0842A0279BDED14E12E68805DD776F9F37DB63A2C634853DE26F31262797CD32051E82ACFD339E94C06E92079D40D09CA28C7DDD02
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................Q.....@.............................I....0..(....@..8z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...8z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_th.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.845506523025811
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:XNW6rrGsMKt8hetngIYi6yf2Pxh8E9VF0Ny2UW4T:g6rrGszt8hetnpYi6y+PxWEcf4T
                                                                                                                                                                                                                          MD5:30B60FA1197030F2F1C7753FB69E806F
                                                                                                                                                                                                                          SHA1:64DB38B38B02BC3BA53C5571DE7202E4075058D8
                                                                                                                                                                                                                          SHA-256:4AB2A0AD4E421264598EB33DFCF4F2315A51224E9F508D55363F45FB0540A1A5
                                                                                                                                                                                                                          SHA-512:DC1B28031D39E855E2E79C6B51E5A3C093CECAE416E93FE50B0A3632A3A11540EE3C6E698EF3AD7F17D54B7D8B1C26E54A228047568B80233B2170308B49B987
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ ......................................r6....@.............................I....0..(....@...p...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_tr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.656919832110724
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:8jXp9FRqnk6qXQEdmvgNPTEw+G9Ahrxe+BzQSX9Yi6yIPxWEcGD3:sXtA6hdmvATEwSxrQK97QPx9
                                                                                                                                                                                                                          MD5:115B36C9702C985348A3F1E18F2F8519
                                                                                                                                                                                                                          SHA1:7F69C1AF5657271DD1A631402C8F0B3A29E7AC02
                                                                                                                                                                                                                          SHA-256:F44032D867A13AD2D7858EBB47B4FD9E73244563F3131C8D5F04B7D3F453BF11
                                                                                                                                                                                                                          SHA-512:0D0CB5BC29033BFEC15CA436E80E9DA6584C6379B0AA427E5BF1D4E2D7034BED51489E6FC03DBD4E11094363F4151CE78BE42FB36E5A4B21F5EA76DE1D7B3183
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@...u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_uk.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.816921084129834
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:gFAqwKgHxyC2secvVJE/GfumIYi6yN72Pxh8E9VF0NyxRD:xqwVu7Yi6yB2PxWEPx
                                                                                                                                                                                                                          MD5:9C1219D3C56BE9102BDC06557A2867A8
                                                                                                                                                                                                                          SHA1:589CF7461BB3E0098D92EB44C5AA63EDBADF66E1
                                                                                                                                                                                                                          SHA-256:7598182C0DEC3E8AFB21F2D3E77A1B92E6A3ACD18C68FFA4601B79142159F89E
                                                                                                                                                                                                                          SHA-512:D078BD445551544C05040EB54463B0CFE2B65D0AB042A7B65127B97A0F3A0FB8EDC9475F5ED384147BA644B3822CC75A6A1FA881C607DEA1D15264DE1C3936CD
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ......................................b.....@.............................I....0..(....@...t...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_ur.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.801006021470219
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:7hwhq9zmAco2u9keeZyYGiEIYi6yGuFPxh8E9VF0Nyx9XkZl:7Ohq9zmAco2AkeesYnYi6yZFPxWEP6P
                                                                                                                                                                                                                          MD5:4253754E567D430E4EE6D0530F16EA26
                                                                                                                                                                                                                          SHA1:CF224B4C59D8C535C987C54A4CE6A6FFA66131FF
                                                                                                                                                                                                                          SHA-256:BB38B7F9486BCF5DBC639523C2D30FB950294897A032AB33BD69658B6C375B42
                                                                                                                                                                                                                          SHA-512:91E9DD02192C30BD57B67B833F9EDEBE0192EB4C93CA0DE8D19DF4E6E44E3061030272CDB467220C288DB81CD18A6E12A21B02C35FAA0D22088F7F9713C12B8E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@..0t...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...0t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_vi.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.71606919536003
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:/QAxXlJnc3IYi6yrfNUPxh8E9VF0Nyx8KdW4:YAxX3c4Yi6yOPxWEP8+W4
                                                                                                                                                                                                                          MD5:DBF34144608D85A43F7DDB116816D542
                                                                                                                                                                                                                          SHA1:4B4E01E223B3FD6208937471CA034C13E412DF67
                                                                                                                                                                                                                          SHA-256:49D8836991438F030965C691F78C7B86CA28090A72B22998ADF54571E484F751
                                                                                                                                                                                                                          SHA-512:F87E28B49744F0320F32D4B1A88DB4AA75627CE9FC9FBB1F49F1A300D73D1A1BC52DF7219B6FC18E9B6CC0F44CA4115A27CF31D1CF00746DE70CA59156A8A257
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ......................................R.....@.............................I....0..(....@..0s...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...0s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_zh-CN.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):38168
                                                                                                                                                                                                                          Entropy (8bit):4.78057562926328
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:z435s9AoByKIYi6yFsPxh8E9VF0NyxZtO:0QAoBuYi6y+PxWEP+
                                                                                                                                                                                                                          MD5:27262CE0670BB0404BCF0EDD46F6A8B9
                                                                                                                                                                                                                          SHA1:5E213D9740317BBB8FED04EAA538C342567770F3
                                                                                                                                                                                                                          SHA-256:87A3956E1E71F3A71BDF65472F7D4DB3871B5AAE16BBEE89766EB1B05F8D6F0C
                                                                                                                                                                                                                          SHA-512:9D77DA34F5D1BF0475AA08E04A9C65162A0909F160D652F9964CDF02E82D326021C6323886F959114ED289C0D985D29B7CCC9A0B13CF17E969223D62D3E22233
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........f......h........ ............................................@.............................L....0..(....@...\...........l...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....\...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\goopdateres_zh-TW.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):38168
                                                                                                                                                                                                                          Entropy (8bit):4.7941068085405
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:4e5dd29GxrIYi6y+0UATPxh8E9VF0Nyxe/:42ddxUYi6yvdPxWEPm
                                                                                                                                                                                                                          MD5:84788884CD1EB1CF6B8A54F2321D8263
                                                                                                                                                                                                                          SHA1:A4DBAD8AC6A407010A460F9E597BA8F7A811D9E4
                                                                                                                                                                                                                          SHA-256:B070B63F0CDD17E974DC1408C74178A93A4E7A6F68CF2B1DCFA5643699D8BE12
                                                                                                                                                                                                                          SHA-512:EC57AF66941C31C50A214403B40FFC578C55214E764D91B7D5A5B2CE1CB4EBFD25DCB9F673DA97279A63CD45000FCD57E440EE44AF935E76CF19688DC7B53DF7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........f......h........ ......................................*.....@.............................L....0..(....@..0]...........l...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...0]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\psmachine.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):278808
                                                                                                                                                                                                                          Entropy (8bit):6.535825539703751
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:CpIyzjJAe5mgGbjcJ6oKUf6dPpmAOQVguMxtwQ7H0X/mwHtaC:CpnXJAe5mpjcJ69nPpm6VguM7wRv/taC
                                                                                                                                                                                                                          MD5:BA80FA8244AB66BAFAB7DAD90DEED0A2
                                                                                                                                                                                                                          SHA1:07FB59CF24AD8E764321AE25E792EE22AD9152CC
                                                                                                                                                                                                                          SHA-256:BFD3CD97BB461F81847A3F1869BFDF14CA290EC1A89476FC25215809EEEE0A25
                                                                                                                                                                                                                          SHA-512:9ACCCFA2432B1614915F245FBC6B017D664297BDDD950407923D7E40ED56A18EEC10C645CBC488F375B74B1E7D3884989E4C4C80E0B82B27B754659FFEBDD13E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F..O..............................#...............9.........................v...1...v.......v.........i.....v.......Rich............PE..L.....d...........!.....*...................P...............................p...........@..........................r.......r...........h...............)...@...-...b..T............................b..@............P..h............................text....'.......(.................. ..`.orpc...c....@.......,.............. ..`.rdata...6...P...6..................@..@.data...85...........d..............@....rsrc....h.......j..................@..@.reloc...-...@......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\psmachine_64.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):355608
                                                                                                                                                                                                                          Entropy (8bit):6.162510247878532
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:36tZH+wSATioVOG31+aOEyxTE+d9woh9bL8HKRwCV0X/mw8s:qPBSATioVR31+2yvDwoz8Uwrvks
                                                                                                                                                                                                                          MD5:1E54DB6716CA3151FAB88FC59488A48A
                                                                                                                                                                                                                          SHA1:A4731B2CFB3ED43924E024EC54D697330B0501CF
                                                                                                                                                                                                                          SHA-256:68419E93A522212E5452F853FC9AFBF77181B3CF572E541F956D26209954A47D
                                                                                                                                                                                                                          SHA-512:30204C2472880EAE5FE0D52C415201935E2B23192FECA809C42A1CA1A2130455B3BFD4D7BCEE4B04C37F47D5F17AE2C68CAD52F5EF8C76EA8C8BC3E7BACF8684
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3z.?w..lw..lw..l.i.m...l.i.m{..l.q.mW..l.q.m~..l.q.mK..l.i.m`..l.i.ml..lw..l...l.p.mD..l.p.mv..l.p8lv..lw.Plv..l.p.mv..lRichw..l........................PE..d.....d.........." .................9..............................................x.....`......................................... ^.......^.......P...h.......$...D...)......$....8..T............................9...............................................text............................... ..`.orpc...$........................... ..`.rdata..V...........................@..@.data...|P.......*...X..............@....pdata...$.......&..................@..@_RDATA..............................@..@.gxfg...0.... ......................@..@.gehcont.....@......................@..@.rsrc....h...P...j..................@..@.reloc..$............,..............@..B........................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\psuser.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):278808
                                                                                                                                                                                                                          Entropy (8bit):6.535609072667348
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:CPIyzjJAe5mgGbjcJ6oKUf6dPpmAOXYglXtwQ7H0X/mwHtay:CPnXJAe5mpjcJ69nPpmNYgldwRv/tay
                                                                                                                                                                                                                          MD5:C5973AE258AD5CFE60817E0BBFACCB06
                                                                                                                                                                                                                          SHA1:B644D01D635F5AA2ACAC85D2C2912533A9DD866B
                                                                                                                                                                                                                          SHA-256:AA49DEAC49A1C8392D56631ABC2960BAB264C8BD541155C51FF3FDDD09879AB8
                                                                                                                                                                                                                          SHA-512:4625B8A8937F63062427A624DCE9211C348995739254487E533EB845FACAE53D956F851E3B7573EC69265294B0F1AFC2E20E440D574A10174FA85A1BC6482F9E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F..O..............................#...............9.........................v...1...v.......v.........i.....v.......Rich............PE..L.....d...........!.....*...................P...............................p......].....@..........................r.......r...........h...............)...@...-...b..T............................b..@............P..h............................text....'.......(.................. ..`.orpc...c....@.......,.............. ..`.rdata...6...P...6..................@..@.data...85...........d..............@....rsrc....h.......j..................@..@.reloc...-...@......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\1.3.36.292\psuser_64.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):355608
                                                                                                                                                                                                                          Entropy (8bit):6.162165353226854
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:3UtZ3uwSATioVOG31+aOEyxTE+d9Eoh0b+8hwRwCns0X/mws:E/RSATioVR31+2yvDEoT8gwSJvk
                                                                                                                                                                                                                          MD5:018A1568E6B953427D393159A39C3778
                                                                                                                                                                                                                          SHA1:6FB6731DD730895762A8DB5F7C4AE01BDC280A68
                                                                                                                                                                                                                          SHA-256:F8CE6AE6C271B808DF14612F47A9A7EAE6F9B4A699E835ADFC2182FD197B3A97
                                                                                                                                                                                                                          SHA-512:606E532CF1443C9C9A685E83F62B205164C36F451A10D50BE9D0E083CFC36FC764CEDB51FA7AADD85B8696C963C525C840412BC64F3EA92F948ED80DA9663261
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3z.?w..lw..lw..l.i.m...l.i.m{..l.q.mW..l.q.m~..l.q.mK..l.i.m`..l.i.ml..lw..l...l.p.mD..l.p.mv..l.p8lv..lw.Plv..l.p.mv..lRichw..l........................PE..d.....d.........." .................9..............................................k.....`..........................................^.......^.......P...h.......$...D...)......$....8..T............................9...............................................text............................... ..`.orpc...$........................... ..`.rdata..F...........................@..@.data...|P.......*...X..............@....pdata...$.......&..................@..@_RDATA..............................@..@.gxfg...0.... ......................@..@.gehcont.....@......................@..@.rsrc....h...P...j..................@..@.reloc..$............,..............@..B........................................................

                                                                                                                                                                                                                          C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):162072
                                                                                                                                                                                                                          Entropy (8bit):5.988644157808262
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:xwzvOYwt5YP/aKavT/DvbEvK9aobNI2B+el0LTGzkWJWXVfShNgpNcOJkeaNd1KY:XtiP/aK2h9H/B+XE
                                                                                                                                                                                                                          MD5:047FDBAE45C6D08B606BF3E8CEEFB4C5
                                                                                                                                                                                                                          SHA1:6887347C7640EF86B87066ABAB5A43ACECC9A962
                                                                                                                                                                                                                          SHA-256:0010A33FCDA893D72DA357D8F8751F0ED243908F1A83B51748E81B508EBF03BA
                                                                                                                                                                                                                          SHA-512:A0E94D3657A02A8C3A05AACCFBD56DF18ED6DC03F38A455ECB404902F4FF2045CC4AD794CF00E7570553897C5E4CD32AA8F52BB294890F9458C23E4EF815A354
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9.d.................D..........Ru.......`....@.......................................@.................................P...x....... ............P...)..........p[..T............................[..@...............L............................text....B.......D.................. ..`.data...x....`.......H..............@....idata...............R..............@..@.rsrc... ............\..............@..@.reloc...............@..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\40d62672

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):2291789
                                                                                                                                                                                                                          Entropy (8bit):7.899471700164292
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:twh1an1WuawlVbOffFrMZxMQK/kGsi7BvBFghNPRhOmpWbf:39aEqy3KWkh8bPOmpWbf
                                                                                                                                                                                                                          MD5:45C78FAEF1B57ACE1C0A8DEE008DDDE3
                                                                                                                                                                                                                          SHA1:82653303E529A2E76808F50591DB14F781AC05EB
                                                                                                                                                                                                                          SHA-256:AD29CE214AF9456A250AC110D17B2A50F589266CA4CF52C41761B00951F7CFA8
                                                                                                                                                                                                                          SHA-512:B6BA2204C533CAE19CDFD3E7110FBFBEE1451F7D30D8D1C0151BA538B28E4E2DBA86C46A30777230F4D11F6C0120B06ECD73D38F3B96ABD6086C3EA13CC8910A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:St..Pt..Pt..Pt..Qt..tt...t..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..u5..5.u(..3..?......?.....$T..>.."..1.....$...Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt......9..<......Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt......5......1..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..u#...=...9."..6.... ."..'..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..&F..~A..bC..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..Pt..

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleCrashHandler.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):301848
                                                                                                                                                                                                                          Entropy (8bit):6.648559159903329
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:ShInmyy8rSVW61Vd5nirfggy9HaAOrECXwckQQx+08i:5nPyUSVr/5nirfgsVECXwzx+08i
                                                                                                                                                                                                                          MD5:DA1DD236ECD7C2C550604F1DD791AB81
                                                                                                                                                                                                                          SHA1:952B1EA7A2A6D74A40BA312AEB04D4A5BA3A5536
                                                                                                                                                                                                                          SHA-256:77F31C188C1F2AD34287DA7A14BCAB9A5EBBE6546F20263AF73973A8FE422DE2
                                                                                                                                                                                                                          SHA-512:D4C1AE558969F234D505261E0C3874B02B27722BD20233FB867F5AFF4CBA4B27673E6798846F0513C5363BCD38F5C5981A25217932BB83090F49FCA9AF857C15
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........0.tc.tc.tc..wb.tc..qb|.tco.pb..tco.wb.tco.qb..tc..pb.tc..ub..tc.ucq.tc..}b..tc..c.tc..vb.tcRich.tc........................PE..L...A.d.............................r............@.................................8.....@..........................................P...2...........r...)......t(......T...............................@............................................text............................... ..`.rdata..l%.......&..................@..@.data...d(... ......................@....rsrc....2...P...4..................@..@.reloc..t(.......*...H..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleCrashHandler64.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):401688
                                                                                                                                                                                                                          Entropy (8bit):6.360013717980644
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:6ELy9SEPWzVB2zUM2WJoROZVAgFXaoZfuYw8tGx+3:62ywEQ7gFXaA2Yw+GxU
                                                                                                                                                                                                                          MD5:5692DD1940AC1D772B3508169BFA0148
                                                                                                                                                                                                                          SHA1:5DF49A367B49EE628AA53ACF4D63D6AFF925B618
                                                                                                                                                                                                                          SHA-256:86010716B5B36F44071EF9C80BB520FC85BC16F7226E7750436D3181F5ECD83F
                                                                                                                                                                                                                          SHA-512:8B7E3B03EA031D1C2E5259DF8F67E3DE47B62CCDB4843D439DE8F6B2D86242D3CDC5FB18211AE3C7FC128ACBB004507A7ED4C0C8C1636BEFA20E2210E73FED02
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G0...Q.].Q.].Q.].#.\.Q.].#.\.Q.].;.\!Q.].;.\.Q.].;.\GQ.].#.\.Q.].#.\.Q.].Q.].P.]w:.\HQ.]w:!].Q.]w:.\.Q.]Rich.Q.]........PE..d...Y.d.........."..........R.................@.............................p......I.....`.................................................hM....... ...2.......,.......)...`..8...` ..T............................ ...............................................text...X........................... ..`.rdata..Z...........................@..@.data....6...p.......V..............@....pdata...,...........h..............@..@_RDATA..............................@..@.gxfg...0...........................@..@.gehcont............................@..@.rsrc....2... ...4..................@..@.reloc..8....`......................@..B................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):162072
                                                                                                                                                                                                                          Entropy (8bit):5.988644157808262
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:xwzvOYwt5YP/aKavT/DvbEvK9aobNI2B+el0LTGzkWJWXVfShNgpNcOJkeaNd1KY:XtiP/aK2h9H/B+XE
                                                                                                                                                                                                                          MD5:047FDBAE45C6D08B606BF3E8CEEFB4C5
                                                                                                                                                                                                                          SHA1:6887347C7640EF86B87066ABAB5A43ACECC9A962
                                                                                                                                                                                                                          SHA-256:0010A33FCDA893D72DA357D8F8751F0ED243908F1A83B51748E81B508EBF03BA
                                                                                                                                                                                                                          SHA-512:A0E94D3657A02A8C3A05AACCFBD56DF18ED6DC03F38A455ECB404902F4FF2045CC4AD794CF00E7570553897C5E4CD32AA8F52BB294890F9458C23E4EF815A354
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9.d.................D..........Ru.......`....@.......................................@.................................P...x....... ............P...)..........p[..T............................[..@...............L............................text....B.......D.................. ..`.data...x....`.......H..............@....idata...............R..............@..@.rsrc... ............\..............@..@.reloc...............@..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateBroker.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):108312
                                                                                                                                                                                                                          Entropy (8bit):6.4784780227418
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:bMxJ7Rfp8K172YPrN4vzT+PpZpsB+JG+EOX79xU:bMH7cCxPppsB+M9Kk
                                                                                                                                                                                                                          MD5:E9C3B566C6B059F23EA2A63FC3747FCA
                                                                                                                                                                                                                          SHA1:D001D14775D212D57991FEEA1330FE9E5ED4FC68
                                                                                                                                                                                                                          SHA-256:7A47BC22E09AF91EF7B176DB9788415A4EDA8D7679D89AA6102D72F231BA50FA
                                                                                                                                                                                                                          SHA-512:84E7CF8F4A0702721C4666C446E493403E050053CFCAF33C7EEF42E0065680B4AEF73AC9EB74127C034A2F8B6851B5F9AB98F4B4821212DF39F26AB43EB4413B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...:.d..........................................@.................................v.....@..................................5..<....`..p2...........~...)...........+..T...........................X+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateComRegisterShell64.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):185624
                                                                                                                                                                                                                          Entropy (8bit):6.209107446544636
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:uni3ZkI1rXRAmWt9h8QlLISqG+T1DpN9qEKLmoY46WKz5B+O3dnD/Yxu:uni3ZkQrBAmWt9h8QlLISZWVhohob7dv
                                                                                                                                                                                                                          MD5:C6119D93099CEFC4D75C8B70BBE981DD
                                                                                                                                                                                                                          SHA1:5F04DE21031EE27B6CD6D0BA2D73A50DD96237C6
                                                                                                                                                                                                                          SHA-256:9D5F50FC14DE8308EDEC2B17DB01613F827C14313BDF9479C5D6D11DED86AF36
                                                                                                                                                                                                                          SHA-512:E00A9012CE835374807731DE1B042D5E9FB4CBCC26BE091CE3C2859FD3DB6498895297AC003A74C960E4667B883678E44D2AA7F88D0071EA114C70BB0A296229
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O...O...O..)=.._O..)=...O..N%...O..N%...O..N%..O..$...O..)=...O..)=...O...O..kN..$...O..$...O..Rich.O..........PE..d...A.d.........."......R...z.......R.........@.............................0......TB....`..................................................p..x........................)... .......V..T...........................0W...............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data...x3...........d..............@....pdata...............t..............@..@_RDATA..............................@..@.gxfg...............................@..@.gehcont............................@..@.reloc....... ......................@..B........................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateCore.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):223000
                                                                                                                                                                                                                          Entropy (8bit):6.648111951374837
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:OMtqCya7IdoB0SJmRi1Qf66AOKW/+GwIAfx+c+FfFyr:JtqCya7IdoBLJmRW6B/Pwpx+cafFyr
                                                                                                                                                                                                                          MD5:8D612B697FFEDD556A24EE4C04D2972F
                                                                                                                                                                                                                          SHA1:EEDDB66EF38DE6A9CE3A002C2A8AB81D8106B743
                                                                                                                                                                                                                          SHA-256:FB47B90747658700D6B18555CBD604DE8689ADE666E52CFED24EFC7CEA9E7E1E
                                                                                                                                                                                                                          SHA-512:BA0C06FE8704CAF0BA01270EF239D39E3BE8DBEDB094631769118BE75C56BA0031E34FA291FD4DDCEEE5D03BF8CA04E8E5FF760BB4CFF1FA744EF371AB67BB7F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../..N...N...N..T<...N..T<..!N..3$...N..3$...N..3$...N..T<...N..T<...N...N...O...%...N...%y..N...%...N..Rich.N..........PE..L...Z.d.....................r....................@......................................@..........................................0...2...........>...)...p... ......T...........................h...@............................................text...e........................... ..`.rdata..b...........................@..@.data....'..........................@....rsrc....2...0...4..................@..@.reloc... ...p..."..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateOnDemand.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):108312
                                                                                                                                                                                                                          Entropy (8bit):6.479748154452283
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:qER5AhC48S1m2YPrh4qR8v4ZksB+JGdqhOaxOt:qEXAe6QPxksB+MYQv
                                                                                                                                                                                                                          MD5:A5BDDCA8078F8D043EF1BA52408E3A63
                                                                                                                                                                                                                          SHA1:4F9068968E803E90D57873786C29E38258539209
                                                                                                                                                                                                                          SHA-256:FF68C58C8B4600C1362AD3BB441FE8F1DD1FF206ED92EDD795AA71504E6286B4
                                                                                                                                                                                                                          SHA-512:360A55AE06C52FE945D208BD3DDEBB27A2BF1C598115300306D8E64E60A5F750F90AD5552F3BE97517AD3EF68232DA067D62EE546204D9B33FF91813F08C2D2E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...;.d..........................................@.......................................@..................................5..<....`..p2...........~...)...........+..T...........................h+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1372712
                                                                                                                                                                                                                          Entropy (8bit):7.919440458007018
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24576:KJvKjZQYfXDPJZOE9PjCFaAL11MJY7pjtafbojRAaUtYQCK16dck0tWrH6:OK9QYfDPJZr9ra11M+jtIbCRLlv7p0t9
                                                                                                                                                                                                                          MD5:5F0299E8AA87A9C4AC70ED9F7DC8BB69
                                                                                                                                                                                                                          SHA1:B8D65FFA13DD75CEFF65C22F1BC9C6EECE28A0E7
                                                                                                                                                                                                                          SHA-256:F6B1F463677C99AC7B68241758BF9BF756D448E4D35152C7FF3722C2D1C144DA
                                                                                                                                                                                                                          SHA-512:37F31078D6965DD0ADC585F1F1F062366C5C51B80D681C7D7D987BECB8E8697308E96A20CCD990166139226C62DB48D1CFA540423930906FF800697AC37BCDFA
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../..VNe.VNe.VNe.<f.\Ne.<`..Ne.<a.BNe..$a.GNe..$f.DNe..$`.{Ne."%l.PNe.<d.[Ne.VNd. Ne."%..WNe.VN..aNe."%g.WNe.RichVNe.........PE..L...4.d.........."......x...*......tS............@.................................H/....@.....................................x.... ..................(L..............T...............................@............................................text....v.......x.................. ..`.rdata..Fo.......p...|..............@..@.data...............................@....rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdate.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):2026776
                                                                                                                                                                                                                          Entropy (8bit):6.853078405445965
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:y0bxVqH+t6rw7AQ9RdcKFlk2Y/gCXPvxzP:y03si+k9UKFlAL
                                                                                                                                                                                                                          MD5:394D22417AB10BCDABC67B89DC2210D7
                                                                                                                                                                                                                          SHA1:F3F17D76B62CFFD6E9BE62B17CC4E9C10E7D5B9A
                                                                                                                                                                                                                          SHA-256:74449270D9FE9BBD229AF902B6C1379F3545ACC04585D39EFD1933F14062E4CC
                                                                                                                                                                                                                          SHA-512:35BCF29C94AC01EDF914D663692A34850588ECC381FD3300526078119D8198D66E6BCD40868CBD51AD9EC5A6D9D915302904F52EDDDEA836A582ED2B9661C65C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......./i..k..Uk..Uk..U.z.Tj..U.z.Tj..U.z.Tz..U.z.T...U.b.TJ..U.b.T|..U.b.T*..U.z.Tq..U.z.TB..Uk..U...U.c.T1..U.c.Tj..U.c.Uj..Uk.FUP..U.c.Tj..URichk..U................PE..L.....d...........!.................M.......0............................... ......4.....@..........................w..X...8x.......P..................)......|....[..T....................\.......\..@............0...............................text............................... ..`.rdata...{...0...|..."..............@..@.data...........^..................@....rsrc.......P......................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_am.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.795840750645376
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:aIH4k4sI+h2JIYi6yF1x5ofPxh8E9VF0NyYWn:zHZJ7Yi6yXiPxWEuK
                                                                                                                                                                                                                          MD5:03E78010DB04CD34227B7BC7544403FC
                                                                                                                                                                                                                          SHA1:25F39BBC0A335C229D40AD13D8856E63D7D7DE2D
                                                                                                                                                                                                                          SHA-256:627C25893A0F91AADC921EA93A472DCDB39CA8A714CE3FE634EFD5EC65487A39
                                                                                                                                                                                                                          SHA-512:D19B239E048C88438155C6AA9397B51579D8C4E73703ABCCD436DCB57A743C6D5C699C9D62875E68A333735F1009A87FA85B7A762792038CD6FC1D2AE4857D5A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ ......................................^)....@.............................I....0..(....@..Pp...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...Pp...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ar.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):42264
                                                                                                                                                                                                                          Entropy (8bit):4.792883323942892
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Lfr3anBDBGHCIYi6yApiaPxh8E9VF0NyY/J32:/3anT8Yi6yePxWEuk
                                                                                                                                                                                                                          MD5:11993FD5B218BF08DC072EBC23E5D162
                                                                                                                                                                                                                          SHA1:36B72292E03CFCCF782AEFB15270E3A0F9F9E384
                                                                                                                                                                                                                          SHA-256:ED1534A527647D3E16568963C162DAD043003A4ADF1C022E1A6A81E9A699C3CE
                                                                                                                                                                                                                          SHA-512:9EB2FFF8A5F7D4E5C597C590D3481817BBFD7E2E20A239AD112BEDCB4891535877D46A3FAFC8E775AF1AF1D6D98B7781AB98CEBC145A71E73AFBC8D832BAE395
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........v......h........ .......................................B....@.............................I....0..(....@...m...........|...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....m...@...n..................@..@.reloc.. ............z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_bg.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.824742237255707
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:U/Q9tck8aGIZBOcw1IYi6ylCG5Pxh8E9VF0NyYMUUJ:U49l7DlYi6yRPxWEutUJ
                                                                                                                                                                                                                          MD5:E09B858FAFF3573AEB5389CD92E0D7BF
                                                                                                                                                                                                                          SHA1:F22E4A97BE5A6A303C2226F63C6DC47F131DCFD9
                                                                                                                                                                                                                          SHA-256:BE863F710558EA45955BBEAB27922D01CB3A297FC52E36ECD4EC18334692C391
                                                                                                                                                                                                                          SHA-512:48CEB5A060F9D4DFD8DC2D7BAC007C2C57346DF7C017EA0391CFF526CA5B852A26D25963AFDFDCE1F39CF4871A68BEB5E84AC84CF056CDE69B4E957EDF49D9EA
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................s.....@.............................I....0..(....@..Py...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...Py...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_bn.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.881101683488677
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:/dEvUx7tVF7qTFoFrTFgRj+mBwTnIYi6yj+Pxh8E9VF0Nyb20F:1Eu0FoFXFWBwkYi6yKPxWEpzF
                                                                                                                                                                                                                          MD5:BAA39403D8ABC3E74BA70EFCE7005E86
                                                                                                                                                                                                                          SHA1:C7D96C312547F4D973E54BD203E2821CEAAD8ED1
                                                                                                                                                                                                                          SHA-256:908045B4D1745E39031DC7861221332DD87FA9AD89DA86D68353BEDF982DB3BA
                                                                                                                                                                                                                          SHA-512:A0051323857B1854FAA1F6589431FC75BE1705B9B4A275E9408F1338E916B86A710E22F0EAF87F8F5B6FE35ACDED9F9D1CE3AB018B6436915802D551D03ADA08
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................I....0..(....@...x...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ca.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.599056937006775
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:d5FH2yrzVu/k4bHk0IYi6yqIvdAJYPxh8E9VF0NybWPAbI:fFH2yrBuVWYi6yxvdAJYPxWEpeAbI
                                                                                                                                                                                                                          MD5:C6C4220211CA3631F98D967F24287D80
                                                                                                                                                                                                                          SHA1:8859BBA7E3E68342D28772B47AA0CE388602AEB0
                                                                                                                                                                                                                          SHA-256:D7CA0004F69927F78A2EC004FD0935392D3E49928FB6BDED29335CCB7D4B1DE0
                                                                                                                                                                                                                          SHA-512:2F5EE9E2192A0E4CBE3F82ED1CDED0164CA190634D54B3BF10340D17F61B29C86BFADCD1F189AC5E97DB0FBA027D80FD9CFA3537AACD73E13AE79551A170DA93
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................dn....@.............................I....0..(....@...x...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_cs.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.652100534440651
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:cGcPVBWDqBkwEAufy6fIYi6y29iPxh8E9VF0Nyb8Yg3:aPGj/gYi6yvPxWEpi3
                                                                                                                                                                                                                          MD5:39189C8922EFBBDD87E0586599CCA15C
                                                                                                                                                                                                                          SHA1:01C79D31D72579F79684198758E5E3D74D7A677E
                                                                                                                                                                                                                          SHA-256:B33CA4894EAB5A1F2D0498172BED467B601B90DCEC99489EAAA04CE20ECEB566
                                                                                                                                                                                                                          SHA-512:D023DD306C09AE5FDD1F3E32916D7FEF3A0963024DA8124BDE65100EC59A90D6C8FBF3494A23F6D37F206C2A9F0BCAF38B2B86331A7DB2223779C8E31576F39A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................3....@.............................I....0..(....@..@u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...@u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_da.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.605348492828605
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:nMZfN3wtpOcqJ0YIYi6yszPxh8E9VF0Nyef8MK:ML3wxoeYi6y6PxWEo4
                                                                                                                                                                                                                          MD5:72414179BFE08FF73DA291BAFB776E29
                                                                                                                                                                                                                          SHA1:23D5C5F72CB9099316A11337D682E3FE417260E4
                                                                                                                                                                                                                          SHA-256:88AEA5D1E31A63BFCD2AA37E87D50BC2C31F3075073353D25E8B1A5440165287
                                                                                                                                                                                                                          SHA-512:4B2945CD4A468D94A63D7DB5299E6A73AC8E528AF936E128388A7497F6B19379CDA6CAC90A2FED84478C75469E967E00A49248B21F37BB5BB1BF499D6734340C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................p....@.............................I....0..(....@..hu...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_de.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):46360
                                                                                                                                                                                                                          Entropy (8bit):4.597090073727154
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:M8JUy8gjhO4MesINK/QXIYi6yW7Pxh8E9VF0NyevgRef:9V1MeZsQYYi6yKPxWEoIRef
                                                                                                                                                                                                                          MD5:EAF4C90A423F20A1E97BA7CD59B250CD
                                                                                                                                                                                                                          SHA1:CCAA876DA63431DEE7D9199850D5FAF9029E8DF4
                                                                                                                                                                                                                          SHA-256:FE1B6E21C8FE46EB1115356A2660FE269FC585FECA18A6F2D30190C57066C66A
                                                                                                                                                                                                                          SHA-512:D34AC9119D661D00C1EA606DDB9A9F93226E62A44AF219353E4BB938023011C364B075E35AF397EF6B07FDD61A20BB83CD5AEFFB6B9EA515F6FF0D3CEEF35AEB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................!^....@.............................I....0..(....@...|...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_el.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.8976143355145165
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:LqWEDleILkSIuHCSqlIxRFiAhkg8zBdfsBsTbjIYi6yQNgK/Pxh8E9VF0Nye+u:2rZlLOWR5m/kYi6y2RPxWEoj
                                                                                                                                                                                                                          MD5:8FB8A25261502F728ECD840588CA9092
                                                                                                                                                                                                                          SHA1:D6D1BC01F4DDAEFEDB8C558467666E713A76804A
                                                                                                                                                                                                                          SHA-256:05D06BFA7E8D7FA47EF354D811BBEC1F432D80680733AA1553E2F83C4946DBAE
                                                                                                                                                                                                                          SHA-512:3EAFA72C1DA27FB369F602DA4A1491CF9B9CF573D367E546B9FB854A71B221A1DB0037E9A784EC579FE4D1B65E849A8C2A2746C560F5A3ED79F1C15C3BD0F048
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................I....0..(....@...{...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_en-GB.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.60441142316265
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:B1YtagyXbubQIYi6y9gSPxh8E9VF0NyZup:ktagyXqFYi6ylPxWEre
                                                                                                                                                                                                                          MD5:B1BB07E2B719CF58CA052490F5A0B9ED
                                                                                                                                                                                                                          SHA1:2EC7B9C8A22E2699303E59B19AA67DA3B7096A5B
                                                                                                                                                                                                                          SHA-256:A290A6ED4403BD1B04C46D80FA8AE6C944C2E863BFCFBB022FFDB9A89685F86D
                                                                                                                                                                                                                          SHA-512:D41FBF79B4FF54AA75D95272D6D03F5F0F056E9CAE0F6D65D1F0911DD46F5279A1F37101364F606DFED528FB1F033E3AE457F6A18A7A1A9C7D2208918B5711DE
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ .......................................}....@.............................L....0..(....@...q...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_en.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.600381831559855
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:e28agyMeRpIYi6ymeimF/Pxh8E9VF0NyZQq:h8agyMe+Yi6y5F/PxWErB
                                                                                                                                                                                                                          MD5:BBF04B9C1C75340D5381D1048CB39279
                                                                                                                                                                                                                          SHA1:00DB86888A3EFF90FBBC032EA24F7019D802EE82
                                                                                                                                                                                                                          SHA-256:B5A2FC0F28DEB7841BD92B4F257C4B163EC2CE2D8FED8DE82FABF950A91DF623
                                                                                                                                                                                                                          SHA-512:323154686BDE5B5519A06DAFD4F49B56590312A3D6EFE558D883FF8D333191D6C9EE7F9EAF9BF69355DFA6A3A57C923F7026D5A492656354AB0B00B34056AB37
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ ...........................................@.............................I....0..(....@..xq...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...xq...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_es-419.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.590269055522172
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:nhU+fy4JIYi6yz5qb4Pxh8E9VF0Nysvx7cJf+8:hU+fy4eYi6ywb4PxWEy5t8
                                                                                                                                                                                                                          MD5:8A63D1AA28F7AE7D8032A9742BAFE5BB
                                                                                                                                                                                                                          SHA1:0A8C7AED30A515765592015542A92EAD0EE69682
                                                                                                                                                                                                                          SHA-256:4DD91E89F612E830AD12A32D4701A58B1A80C2A7B842C5A131266DAA3B1E2924
                                                                                                                                                                                                                          SHA-512:46F04316B1B9A9A8927850C4BA2A01F16BD1DD991F59C9694A3C89A95CD6556DC379547908CD08D62233D06D09EE379BAFBEDEA661B6EA347F7CBAD60381F41B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................l........ ......................................Y.....@.............................M....0..(....@...v...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_es.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):46360
                                                                                                                                                                                                                          Entropy (8bit):4.577785468213174
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:BYxUNRaLElwIYi6yaNEPxh8E9VF0NyZk3AN:CxUN2ElZYi6ya+PxWErCAN
                                                                                                                                                                                                                          MD5:8CC30D9C08FD15EF0FAB843F397B0990
                                                                                                                                                                                                                          SHA1:EDECF20A1A24BDF7028BBA0CE90D86BED8E55147
                                                                                                                                                                                                                          SHA-256:9715039D587CB8F3682DB31914241D4090B2A01E6DC06D238CE7C1F7D7EDF57B
                                                                                                                                                                                                                          SHA-512:A63AC3E300B7D01B96837F12D8580BD4AF0198E2CC50A02371B8B770D2BE03490EADDA891B6BA3E28B5C3847081202258F6985CAE77439F1CCEB128633710A9B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................Y....@.............................I....0..(....@..x|...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...x|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_et.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.590367117520583
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:TPHrbDFbDuVEbJRzSQ/IYi6yuQzcPxh8E9VF0Nysh0S:Lz9umDnAYi6yZzcPxWEyWS
                                                                                                                                                                                                                          MD5:31870C48CAA9C14A0313DA23E9BC9371
                                                                                                                                                                                                                          SHA1:EE2570B889E80ACBEBE58B802FF9E6C190D45494
                                                                                                                                                                                                                          SHA-256:77700EBC335B683DD704A74D7516A912D98A3D50F331B6F90786ED8E5B2B4AA3
                                                                                                                                                                                                                          SHA-512:6FFB8AD9779F0D0C3FD29930AD42CE6A06B768EE237B45C73A162F9EE5642E9050D2DB66500CAE198759FD0852173D94AFCCDB3DEB3A9DC73929E22332952BBC
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ............................................@.............................I....0..(....@..Hr...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...Hr...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_fa.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.798383453705228
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:5OVpZbXQ5JIYi6yuDplgFPxh8E9VF0Nys256df:EkeYi6yGplgFPxWEy+q
                                                                                                                                                                                                                          MD5:F3B382FFA29ACEF1E7CFF94442567056
                                                                                                                                                                                                                          SHA1:BDA9AB76353EE28616C57F4DD1957A559E2E2E9C
                                                                                                                                                                                                                          SHA-256:9A47BA46806E377D4332F70BF54D80A692F0CEC06241B0BEAB921972BC01F68E
                                                                                                                                                                                                                          SHA-512:B5157D305252DC110B209026AB9A2D0014B119AD3058A8356231D18BB3ABDF5FC55E6F409D50F48156C052A3018E5FF043A9E5993981C569FE107D2522EF524B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ ......................................-.....@.............................I....0..(....@...q...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_fi.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.600153905845738
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:augkfEUPhXY7RTYXU9hKh9GAHrIYi6yWGPxh8E9VF0NyfxY:dBfEomQj0Yi6yZPxWEdK
                                                                                                                                                                                                                          MD5:F4C0685C628AA15D2A3DB93F8B872283
                                                                                                                                                                                                                          SHA1:3C36FDFF1E3438BA30CC5F48BA52397F9BB3876F
                                                                                                                                                                                                                          SHA-256:30E38B21AEEF6590F827F22CDBCCA7DD08836BDCD56117CF3CE4B02C104C2187
                                                                                                                                                                                                                          SHA-512:774548D47665C3463AE35CC09FDAAD4843F9A8EA3C387AD356848C66BC2851B53EA3EA2A84D23C5A2257C3816E994B473127348F9F1E6DCFD5CFB24B88F3B285
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@...t...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_fil.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.585524929878328
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:o9rcjUrPer+B3Rlaw7y9kIYi6yF2lN6NPxh8E9VF0NyfxtR:opcjU7c+B3RlawWDYi6yk3yPxWEdl
                                                                                                                                                                                                                          MD5:506D2799D9B8AF3F1DA2279099FC2DD8
                                                                                                                                                                                                                          SHA1:A296C34FE957DD1AF650CED2C28D2BDCC4964EA4
                                                                                                                                                                                                                          SHA-256:24A12004C97A2DAE0CF622F546BA1EBF757D6DFF4B49E9AE280A39D3B6C7128A
                                                                                                                                                                                                                          SHA-512:45929D695080D2E490C5AC69C852D99E23C4DC9571E965C3BB34E84FD834FA7EA961DDBB1E04F75BA2133DEA95F36F47CCB33F36AED8ADF0362529C6CE2FF777
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................J....0..(....@...x...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_fr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.600204897430851
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:PBa98EoMcpW4xDIYi6y/qYLPxh8E9VF0Nyedq:ZaaMcNsYi6yyYLPxWEE4
                                                                                                                                                                                                                          MD5:F58CF20D123D30013824AFA63882CDB0
                                                                                                                                                                                                                          SHA1:16761EB515C35732EFC7CD941E200328AFB29C58
                                                                                                                                                                                                                          SHA-256:DD2F56CCF7DF887810C044F560144F2440DB8CE18CDEBD52FAA0B9477BC39692
                                                                                                                                                                                                                          SHA-512:D676CECC0C19A22FF62B1B17F7D781A89EF530B2D492225202ED1DEF01E4459564818865833EB50C79E05923DE202B9906020D7AF93838B910FC34F651BAA14D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................$a....@.............................I....0..(....@...z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_gu.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.878931760360402
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Wf63UrpgV4DkYCQsfwDkIAIYi6yJOPxh8E9VF0Nye5Km:YoUrpbouJYi6yoPxWEEgm
                                                                                                                                                                                                                          MD5:C624B75BF89DA60A8468B249B8E2F16D
                                                                                                                                                                                                                          SHA1:BC2A436C5A4D0157928A0B247412E8B9A385B23C
                                                                                                                                                                                                                          SHA-256:96CBA45A780B344AB373CB5CDCE52C962E3DFEC08A570FAA6BDC33FDD277116A
                                                                                                                                                                                                                          SHA-512:D8721A97A0E4E5C78F08DF4C031B519E6EACDBB3BC86F673A97325B79E0AE1DD4F9FBF9FB8A7428890076954F5515A82E677F92B0E45DD8B93DEACFCC8E6A5B7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................Y....@.............................I....0..(....@...z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_hi.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.83542724723739
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:jl+M6Ac6AbEcXwwVRYi6yIPxWEE58NIp7:jl+xX1R7APxa+8
                                                                                                                                                                                                                          MD5:9D24FFE112B64B278C97D7A6C5B52B11
                                                                                                                                                                                                                          SHA1:A8596CAE57634C63630AE2A75B672B71CF06DB83
                                                                                                                                                                                                                          SHA-256:B1177587CFF272AA288AD209892A0B6351FCC69855C928F6C28209906F84DA85
                                                                                                                                                                                                                          SHA-512:5AEA4EC4ABAFFB33A1876240F7D4A648D0E4A993594E79239AC1BE6E98B71E2C760DB1D729A3B5D2272407E3EFE4028B311157829A4B19D5BFF997DCC1D6D27E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................I....@.............................I....0..(....@..pu...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...pu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_hr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.60451381822393
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:8psONeXz1J2zMB5qBL/bIYi6yNAPxh8E9VF0NyZjEb:Qsd5IL/kYi6yiPxWEX6
                                                                                                                                                                                                                          MD5:BBA3A0029E2C7A87A3C0CEE4E87D2575
                                                                                                                                                                                                                          SHA1:E325E0E210F8D1360D31BDEB3822838B63F61144
                                                                                                                                                                                                                          SHA-256:225B36D48A8391DEE8F5BF03DEDE1A7A785FE9EE723D31173922980FA9FBDC03
                                                                                                                                                                                                                          SHA-512:DE50029843E5AE018F65AD15F17A159BCC4308A0A02AE72BEFEB7CBE4593BCF8B6136A78D40F3D9829FF8A547AA0DC59E22123623E12CEDB216EC9AAA5115ACB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................s....@.............................I....0..(....@..@v...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...@v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_hu.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.634211400841873
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:N97U7oPX1C2TycfBwGFTbeSNp6931lBVZpOAy3FGVsSYi6yjDWPxWEX1F:N97U7e1C2TzpwGFTbnp6d1lBVZ8Ay3FL
                                                                                                                                                                                                                          MD5:03AF7CCCBE96406F9FE2160C767200A2
                                                                                                                                                                                                                          SHA1:BC3EEAE5C5DD2581629F5180EE88373377261EDB
                                                                                                                                                                                                                          SHA-256:445C3E49BD054A6D43CF74435DEF1D347BFE68720071BEFE1A949A647F0B61A2
                                                                                                                                                                                                                          SHA-512:FC2E736793D9895100B57A259F5C5E65A51BBC9DEF8CA661D34F5001582B4A52A07A5E66AB1AEDD767B366C90124FE034334BE4895596EBCF0470788585D7359
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................t.....@.............................I....0..(....@...v...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_id.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.582086896816898
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:WC3P5juSkAHqQ3lbZe2E9RyrUJrIYi6yz0Pxh8E9VF0NyZhEz:WkEARwaYi6yYPxWEXO
                                                                                                                                                                                                                          MD5:0D38FA0F9455D2F68DF65659473DD514
                                                                                                                                                                                                                          SHA1:4EE6784DBA18087846951D517032A52F53CEEE52
                                                                                                                                                                                                                          SHA-256:425C509C7F6310C4791CF44965F27783D2BF2FCBBBB91DC5BADDFA3BABF8DCA6
                                                                                                                                                                                                                          SHA-512:B61AE6C01241DC2E0C0FDF82418765D091D0436A8452BAD946536FB646BC84D74ED607F646E1890D8F026755CAC108289EDC7618BD0CA140A5D939C6E96E2AF5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ............................................@.............................I....0..(....@..8r...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...8r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_is.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.629080038197288
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:4M6iBA06DkU3QF5EefV35+Yi6yTAc/PxWE6cZZ:4M6iBA06DkU3ubfVo77NPxF
                                                                                                                                                                                                                          MD5:A533D11418F301BCF17469394DA295C1
                                                                                                                                                                                                                          SHA1:5D4AE33DB437B3CDF1E6951276295A8A007D8F86
                                                                                                                                                                                                                          SHA-256:1D67D474D375C10EBC9A6FA1C94F7455AD537C2AC9F238CA24918EDB388E0187
                                                                                                                                                                                                                          SHA-512:5A1F4B991B29283479FD24F3C966C472D3A90673EFFB5504B72237BF0D6E5CAF5BEFB4DE1F6C2D0025E1B57BDD33D7D60D2FF068AE77E36366DA3FA336343E68
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ .......................................T....@.............................I....0..(....@...s...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_it.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.576895481344007
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:dD1lrIn+sdB35IYi6yjsMzPxh8E9VF0NyYvRL:ftIn+m3uYi6yAMzPxWE6pL
                                                                                                                                                                                                                          MD5:C7FF0AD03D3B207DEE620141BB81B8E9
                                                                                                                                                                                                                          SHA1:AD0A4EE39AF1B0800BE4522C77CDFA1781755891
                                                                                                                                                                                                                          SHA-256:2FE0B0315C67DC54CFB5372BB968AA2C72B310FCE27F96C4EC81A060F0CC7CA6
                                                                                                                                                                                                                          SHA-512:F040EE31BE3D0EB3479C20723C9B36A5B07C1E44B6AD01849AF4BA771FB691254FC7CCAD0B0C8EE7ED75E6A03B4F20FA8D24E2A531054C7D12B9CF9F726AE547
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................?.....@.............................I....0..(....@..@z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...@z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_iw.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):41752
                                                                                                                                                                                                                          Entropy (8bit):4.804437784456202
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Rpxv7kdVe4DyCc53iKFIYi6yeXIPxh8E9VF0NyYrvkFa:H9SqyYi6y1PxWE6zk4
                                                                                                                                                                                                                          MD5:08F41413611656BA8ED9775F7B6BC1DD
                                                                                                                                                                                                                          SHA1:8526E5ED40059B798D4C6BDD7DB9A5EADB70552D
                                                                                                                                                                                                                          SHA-256:13AEC975CB276789021E4566994FDFBF50DA5481379D927B6D3FFC168D29EA85
                                                                                                                                                                                                                          SHA-512:C53DA672BD691CA5EA1C4A55A089020F149482FA50EC6AB657F1853615685EE84FABD1C79DEF995CE1F7F5022B62D7C01678B755A2934B7E0F5BD564A851B093
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........t......h........ ............................................@.............................I....0..(....@..(k...........z...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...(k...@...l..................@..@.reloc.. ............x..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ja.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):40728
                                                                                                                                                                                                                          Entropy (8bit):4.827744296736407
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:sGlGEXjOBWceUIYi6y7NPxh8E9VF0NybLD:tGETOBWcelYi6yRPxWEFn
                                                                                                                                                                                                                          MD5:1EF10961FDA02309F371069ADC566867
                                                                                                                                                                                                                          SHA1:D9E66B6A7748F34C53631B15F7991E02A53CC6F5
                                                                                                                                                                                                                          SHA-256:38DE19425E692EEF89C60032D30979A7E637FB189BE4A57C7006C01CEF17C375
                                                                                                                                                                                                                          SHA-512:0C136F56822DCC31EED9589A00DCA4818E1CCFBDA31F34B111564D21F78DC518AFFD289C71FE49C03D408AAC29B1264A9C14796AE90B5D82AC4788F26C1B9EEF
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........p......h........ ......................................(s....@.............................I....0..(....@...f...........v...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....f...@...h..................@..@.reloc.. ............t..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_kn.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.908661026016275
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:QZJDfWBBShIYi6yimpjPxh8E9VF0Nybugz:ODf2k2Yi6yzjPxWEF5
                                                                                                                                                                                                                          MD5:8F894D02D9F67C8772AA0973F3F671FD
                                                                                                                                                                                                                          SHA1:00DE35930695CB35BCE61ABEC54B08404AC89F0D
                                                                                                                                                                                                                          SHA-256:67EC1F62656C23778DCADAA7189959180E7513CB89A3F5489610804B441672A9
                                                                                                                                                                                                                          SHA-512:1FF95A91500575234E40BDBF6E9955F8E28C1F6AA0008D93CB397B2E6BB696E3ADF28AE6DF87F95102543E60C81AC5CFF070AFCFF6DC1DC09FD87E715F55A8A5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................R....@.............................I....0..(....@..@{...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...@{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ko.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):39704
                                                                                                                                                                                                                          Entropy (8bit):4.880724677108415
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:PplRzd3IY+N1vZ0YoRHgA12slxB4xR0kTY1M5tkO3IYi6yYjGV1Pxh8E9VF0Nyb3:hlRVmAaPjv4Yi6yqGPPxWEF3
                                                                                                                                                                                                                          MD5:8A0F8959736813333246851A913808E3
                                                                                                                                                                                                                          SHA1:EB07825CD226FEFB4B5B9C010163091459DCC0DC
                                                                                                                                                                                                                          SHA-256:8CD95C91FD0154C8BC422B7A5923B1FF5FE98BDA9AE9FCACCAD16B745629CA69
                                                                                                                                                                                                                          SHA-512:625CDC0F4A3372A26A9A790F828F89A2DADDC1D9AF44D147E6A7F5F444C7B5A8A0BBCBBF734ACBD21C01E30CEE73383C89968DB0A836AD3EC4E4E6436B29402F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........l......h........ .......................................(....@.............................I....0..(....@...c...........r...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....c...@...d..................@..@.reloc.. ............p..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_lt.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.622895215899392
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:3Xc3nc9eHz03T0R8C923FQIYi6ylSbPxh8E9VF0NyK0FW0:HSckHz03T0R8C92Yi6yuPxWEIN0
                                                                                                                                                                                                                          MD5:ACCDB0606FB0F8170AAC4C8C38268EE7
                                                                                                                                                                                                                          SHA1:91FD807D1AD07CB7F88085D7B029A825BA58A880
                                                                                                                                                                                                                          SHA-256:31A5062DF59BE2A68D064BE3C84FF9B61E5CF67E6E1ED8953326A0E330013316
                                                                                                                                                                                                                          SHA-512:45FCF67061F5C343E769D090612FCB35C3C4D671B317F6A2ABC86C2B2CFF59ED79E87DC4DD4D90B0E5BC35438A54C2F437B19163B58B00D4AFE96351AB085FA0
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ .......................................N....@.............................I....0..(....@...r...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_lv.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.652443029242609
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:APY5yQOea2ebIYi6yTeg4Pxh8E9VF0NyK2S:emCkYi6yp4PxWEIH
                                                                                                                                                                                                                          MD5:1E19438C998571F705BF53CCBCFAD437
                                                                                                                                                                                                                          SHA1:C0A45E4FDCDFF0CE807C797736DE128C5DA2F114
                                                                                                                                                                                                                          SHA-256:652D32F8C1166C26218F4C735373C037F750904996630AD55DAF1E216F2D1F0F
                                                                                                                                                                                                                          SHA-512:B541042B37B4BB543BF5AEFDA66D2C4110F288B78B251124364F72D99A24A240C64EFDB1F218092A9F27BB78661AFD93B688C97B716E2DA72660D2FB51838BEA
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................R*....@.............................I....0..(....@...w...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ml.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):47384
                                                                                                                                                                                                                          Entropy (8bit):4.8783143880201845
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:ltgMfBJvfZigR8/JLvIYi6yNN/KJPxh8E9VF0NyK68:9roJLQYi6yPsPxWEIB
                                                                                                                                                                                                                          MD5:571250F94A32A48E75A8D706334F6864
                                                                                                                                                                                                                          SHA1:6DE00CF2431C24A512DD6644C5A66A8D1A9AE6E9
                                                                                                                                                                                                                          SHA-256:8624CAF8E3BEE406383C117EE46D827E0F1A3B8F3CB7F7134F6315461DCDB18A
                                                                                                                                                                                                                          SHA-512:B1E577E6B6BAA16DDD6CDA4C643AABE5D7C085BF7C03A065EB5F6A842D59F4E7BF8DEE989265EA68254C1F25544A07F0158460991722F255738DD3A9F93B052C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................N....@.............................I....0..(....@..H................)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...H....@......................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_mr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.8496881134355165
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:lIsCrdCT73y7OiAEMfIYi6yJRwgCPxh8E9VF0NyVd0:pC5CT73y7DTrYi6yczPxWELq
                                                                                                                                                                                                                          MD5:C481BF590070431252657C878D10998C
                                                                                                                                                                                                                          SHA1:D92F435FD487478CA7DACA09AFBB9BB6D276BE92
                                                                                                                                                                                                                          SHA-256:26E695817DCB78468E674E4C8939EC942A852BC4F877BF9E6A3C28AC96D1677A
                                                                                                                                                                                                                          SHA-512:98A26FCEA4501519CD15AC261298B486D293ACD484E126A76C4EC7015907B8485395B163E5A2687D0EF7536E4239873B0AAACDEDCD53E5823C53911F606922F9
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................l.....@.............................I....0..(....@..(y...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...(y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ms.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.590975822839844
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:lzGovVFCrRLtUv6odpayK/YjfZ/fbMwTRlRElIYi6yM6Pxh8E9VF0NyVhV:dxhf3TFfYi6yZPxWELP
                                                                                                                                                                                                                          MD5:48084EE97EB61770DF2F5FF01CBEE0DC
                                                                                                                                                                                                                          SHA1:3E0F7E9B23759180BE0DCD70E976AF5EEB7D4D38
                                                                                                                                                                                                                          SHA-256:17E2AE76C7E6C185F51D93A6E031B82445730BF941B5109910EC6915BF78DAFB
                                                                                                                                                                                                                          SHA-512:B0620305ABDFE1AFC2B8BF7138D74AAB99E9B98BB648A185DF9BE7DEDA17B09753CCB03A5F8D1E29B98400A2A8E41D0732A45BE5A57072BC18297567FAA73FD5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ............................................@.............................I....0..(....@..0s...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...0s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_nl.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.58455886453974
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:luLoTcrh3Ne1hIYi6y7f6Pxh8E9VF0NyV5D:2og/eEYi6ymPxWEL9
                                                                                                                                                                                                                          MD5:D05F9C041CF607B26A1B7E31FF83D496
                                                                                                                                                                                                                          SHA1:49EF8C77557CD6F31597F76A8049D5B8A3798149
                                                                                                                                                                                                                          SHA-256:3C99288CF6E5EB23CDC0ABEF3EC0FD0D209BD7972133F8DC180A341BDB381591
                                                                                                                                                                                                                          SHA-512:89F0A4E13390B089A9CCE28830E058A4D7DFC186ACAC7CED254B74D9B0EC1F8C40FBFDD9ABAF7B4E86CFFF0FBE51C9408EDCB24D5CBB4B2EF1D38ECA298B2919
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................mq....@.............................I....0..(....@..(x...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...(x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_no.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.608238070049028
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Rzi5JZSiyCSiylyVqeAYiTv4yywQf6IYi6ywCwfPxh8E9VF0NyUe+:RbyVmYGAyBQfYi6yPcPxWEOh
                                                                                                                                                                                                                          MD5:6D12E0728FCB675AC92F88B678E710CD
                                                                                                                                                                                                                          SHA1:612BF8D27FB19244E98348BCEFCBD705151F1861
                                                                                                                                                                                                                          SHA-256:3D935AB10A1BE22E275BCAF303C6E10672595545DC53D83D502B35616531B353
                                                                                                                                                                                                                          SHA-512:18E68D92ECB4A8DCC542B72C39DFBFA3D6438C0BA04FC8427271AB041FD9AE265DE55E3C967A130399F1EEA3DE7F0976CC2325EC1F2F093F65CA5438DCB43384
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................|....@.............................I....0..(....@..hu...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_pl.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.650238754966078
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Bj+n7KZHWCE1UuGp6hUIYi6ySt4fPPxh8E9VF0NyUgYpKo9:N8yLEGUrYi6y/fPPxWEOJKo9
                                                                                                                                                                                                                          MD5:F391A11212A29A212214699CA3C30ED5
                                                                                                                                                                                                                          SHA1:83FCC8ADD2333A2E7163DE1D38FA1FF62F0A6373
                                                                                                                                                                                                                          SHA-256:E9C8365AAFB2CA0C8090995AED82FE105B88139CA0CF77F7FBA83D3BFD8C9D78
                                                                                                                                                                                                                          SHA-512:94A2A3AB2C90A80E8A1B0AA2558737AC1C880A785B38B12FBB93F2C2CF73FE573D413A582D7573E9392595642B56A789339215DFF8C4DCA977AD1F63ED398654
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................-.....@.............................I....0..(....@.. w...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc... w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_pt-BR.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.612711318856317
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:aj4hcxr/vX8lIYi6y4aPxh8E9VF0NyUaIj:MWmsSYi6ypPxWEOP
                                                                                                                                                                                                                          MD5:97DF57FDAEFD9C539758E276468BF33C
                                                                                                                                                                                                                          SHA1:466ECEF60CA1CD972094050FDC4059645C874CD9
                                                                                                                                                                                                                          SHA-256:6B1C63FB3615A13AA566CED25ABAF1E128CE5A9E9D6162EE009EF59574B8EEEB
                                                                                                                                                                                                                          SHA-512:1BD2B656031F7BF9AEE499A9DA9724E683BFE3EF45E8CDEB5418D2F23E7054E3C7A187EAFFFF0D02AA07A2B264BF5AB4AF82954A5465B5F2C2C995C00CADD96F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................L....0..(....@...u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_pt-PT.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.61394491647438
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:eeOLqst7KKEx+1GGBitIYi6yecCPxh8E9VF0NyUgR:eHTwxMGWvYi6y0PxWEOw
                                                                                                                                                                                                                          MD5:4E3DAADB94D67728EB3CEC220CAC46E3
                                                                                                                                                                                                                          SHA1:3C9529E6448B4EA88D9B9DEAFC9625AB11B6FEB5
                                                                                                                                                                                                                          SHA-256:662DAFFBB94E976E25DBC8231FC1E5F4F59941317200EAAB3222496B3605D80F
                                                                                                                                                                                                                          SHA-512:73805CD9425697F5FDE6AE1B582A2E9F64BEA515B36DA96E65DF903261012F7DA86025C4C11C4B166F066B2E4B3B9FEAD56FD33894AFE43403C28A7B3E265472
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................z....@.............................L....0..(....@...u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ro.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.623157202718964
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:dt/CRNND67qGGQdVqbrI1naEpuYi6yxPxWEJ3:dtjdVqPMaD75PxD
                                                                                                                                                                                                                          MD5:62FF57D9AB77311574A72B62EF85A8A4
                                                                                                                                                                                                                          SHA1:6FB7F38D1D68534541015BE2DBB9ACD716A0E87F
                                                                                                                                                                                                                          SHA-256:D8BFA6315C2EE18D5D1734D4AD4700C3CE7C23B8E0740A136FE0CA9A3FC9F3C0
                                                                                                                                                                                                                          SHA-512:AEEEFFFF267AFB67878843C68A204A7B64DF9AA7A7769739D495EDF5BB70B89F51980073EA2573FC76C02E388025415B62B540F30DEE400F7DD9500379EC7A5F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................V....@.............................I....0..(....@...w...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ru.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.813508731590378
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:vLU1FA4ZUvHlzo4d2yIYi6yVfPxh8E9VF0Nynn8rb:4+vHufYi6yZPxWEJs
                                                                                                                                                                                                                          MD5:3F4F808D45DCC1B5103264518A733A32
                                                                                                                                                                                                                          SHA1:945EB6C696D9933CDAEB3C5F4229A9B940DD0D0D
                                                                                                                                                                                                                          SHA-256:8E614E2763D290B08C9B4D05D1F6D7E66490DFE2D33D8B35C43126EE3E71B2EE
                                                                                                                                                                                                                          SHA-512:39A46DD2862B737EE96ED65F55996CE9A17D31C3B90B794F6F00BC3162EFBA60E32CE7ADC003E0D03A44E572064B03BFA047FEBB59E9E2E8CECAC56E3B5DA39C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ............................................@.............................I....0..(....@...r...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sk.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.641674498049339
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:tVkHUqha1iR6wLTOBIYi6yEpAWXPxh8E9VF0NynL+Z2:Lk0gxRDTYi6yaAWXPxWEJys
                                                                                                                                                                                                                          MD5:F86B22E5301E31E059FB5A505C01EA8F
                                                                                                                                                                                                                          SHA1:138E4A765122BB9AA34BD6BDB1CE3E5043A29CCC
                                                                                                                                                                                                                          SHA-256:D19B647149C2259918C63DF91C97C6FDDEA6A5D42C6AD491D6B74D4032061BDF
                                                                                                                                                                                                                          SHA-512:D9B025CC813EF6464A4BAF767478134AFB393EA18EB4734C4849D4B39226840D6A929A855D4A84560C243F12A1625A399DB99854A5D879E4658B97BE08672B25
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ...........................................@.............................I....0..(....@...t...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sl.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.599080620997685
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:zPhTvshVyiWQZpdpWBdd1imIXousEIYi6ySOCePxh8E9VF0NynmVZX:TzrQZpO14Zs1Yi6yZPxWEJEZX
                                                                                                                                                                                                                          MD5:BBD912F98AE91A8EE2CD7B13BB5F33E7
                                                                                                                                                                                                                          SHA1:8641CFCE8F088FFFF9ED247DDB07B8CAB30F4031
                                                                                                                                                                                                                          SHA-256:065886E6A5EDC11E681E5A587AE1736C5BCE4365CD9742FC13EB3B76D7FC8419
                                                                                                                                                                                                                          SHA-512:A70FCABA41375AADD59BA5C95B7F71BE62D626E5387B9E47FC2CC804339B1A900855FA8E812EE8FB721CA0DB84D90AEB36BBCDE87D8A38754A73A4BB56865C3C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................I....0..(....@...v...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.8148046027403035
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:fbwExgxLUjYFotG9SIYi6yPNPxh8E9VF0NynsV:Tw9UjO4GFYi6ylPxWEJg
                                                                                                                                                                                                                          MD5:D2D55CEEEE9BD3586636734B0CA75FF9
                                                                                                                                                                                                                          SHA1:C37D88F83B5F1DD131A92112CEA6C94D85BAFDA2
                                                                                                                                                                                                                          SHA-256:347A476F5EF633DDD0C0C7DD42983E170509B1AA29B598C7F9AE6E530BF4DFA4
                                                                                                                                                                                                                          SHA-512:1059C86E74D7A7F9E8DE191E2D79F161170135150080752293950127B469B33BB51418D9C8E589F5D88BA27B98E7A64EAFD64C8830D4D10A94FFCFBBB1578E42
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@..8u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...8u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sv.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.614017574533736
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:pCBxa77CEhEPIYi6yD0pePxh8E9VF0Ny2uy5k:gBxaCEhEwYi6yYMPxWEc95k
                                                                                                                                                                                                                          MD5:9B2256F83EA52D2594CF4A5A2298D3A5
                                                                                                                                                                                                                          SHA1:C3F9490237D89EFF6721CA4E017143643BDAC96A
                                                                                                                                                                                                                          SHA-256:5B747C342479111586D76D33A6709A82305FE65658D4D9251A8E115C54373E9E
                                                                                                                                                                                                                          SHA-512:8F2287E0BC314E3F10341399EA5F10C185BEA0984CE57B85DBA64B3D94265BB9333EEBFB514172CA084466A048ED0AD840C5FA3FCB83314A8CC73DC306B00F0A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@...u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_sw.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.64450126869808
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:aNtgicgiN7upv4MZzKIYi6y/aFOtPxh8E9VF0Ny2uqK4:WtQx72v4MZrYi6yCmPxWEcpK4
                                                                                                                                                                                                                          MD5:10895B69F3A262849B740CF22F0AD7C4
                                                                                                                                                                                                                          SHA1:DFCEE47D3B8D6FBA3F49EBCA69BD651077F72822
                                                                                                                                                                                                                          SHA-256:E18139D09C62D3B5DE2D52D606D5963D99FA73FE71251DB2767B7E4D65AB94B0
                                                                                                                                                                                                                          SHA-512:46A19AFA519B45FABDAE36432C195D48444558CD5C8D2B7C1687F7109D65A5B7EFE016EF5F277D2F1299A7655CE09FCA901F16E8A01AB2BA605D4A71DE82B967
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................."....@.............................I....0..(....@...z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ta.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):46360
                                                                                                                                                                                                                          Entropy (8bit):4.8965201701122085
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:C4Gw8Y51ZLmE4r2+IYi6yuc1Pxh8E9VF0Ny2OZ6:HGvY51ZLmE4r2TYi6y71PxWEcQ6
                                                                                                                                                                                                                          MD5:9C6147CFCFAA7C4B95A5A0B73DB434E0
                                                                                                                                                                                                                          SHA1:15E9CCC76929365DD7029D0F2BA436AB346015B9
                                                                                                                                                                                                                          SHA-256:D87854A260E69358D4D72861B1134038F56675EDA53AF3022BFCF02A761879E7
                                                                                                                                                                                                                          SHA-512:4FA7F80CA0139452C3D8626EB5012804A8AF3AB8E1CB300E7F37B59D6B5922EE3C57233979B7EF1430788B1AAECFDCAFF1FB380DECCE4463FBECC4F44CB8A79C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................I....0..(....@...|...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_te.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.851623372946808
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:0UAjjo45Z49fN1XnSVIYi6yRoVPxh8E9VF0Ny2Wo:cjjV5yFXXnXYi6yaPxWEcT
                                                                                                                                                                                                                          MD5:3BA8E2E974CE0CC32BC2DBFBEAD2174A
                                                                                                                                                                                                                          SHA1:8CB88FED511484EE79B30CBCF71FFC3E3D0888AD
                                                                                                                                                                                                                          SHA-256:39BB0535BBEBEE9048F720EB618080927D07503EE6AF7A4D29439E34E87E129D
                                                                                                                                                                                                                          SHA-512:BC827ED3D83D68CDD539BF0842A0279BDED14E12E68805DD776F9F37DB63A2C634853DE26F31262797CD32051E82ACFD339E94C06E92079D40D09CA28C7DDD02
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................Q.....@.............................I....0..(....@..8z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...8z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_th.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.845506523025811
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:XNW6rrGsMKt8hetngIYi6yf2Pxh8E9VF0Ny2UW4T:g6rrGszt8hetnpYi6y+PxWEcf4T
                                                                                                                                                                                                                          MD5:30B60FA1197030F2F1C7753FB69E806F
                                                                                                                                                                                                                          SHA1:64DB38B38B02BC3BA53C5571DE7202E4075058D8
                                                                                                                                                                                                                          SHA-256:4AB2A0AD4E421264598EB33DFCF4F2315A51224E9F508D55363F45FB0540A1A5
                                                                                                                                                                                                                          SHA-512:DC1B28031D39E855E2E79C6B51E5A3C093CECAE416E93FE50B0A3632A3A11540EE3C6E698EF3AD7F17D54B7D8B1C26E54A228047568B80233B2170308B49B987
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ ......................................r6....@.............................I....0..(....@...p...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_tr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.656919832110724
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:8jXp9FRqnk6qXQEdmvgNPTEw+G9Ahrxe+BzQSX9Yi6yIPxWEcGD3:sXtA6hdmvATEwSxrQK97QPx9
                                                                                                                                                                                                                          MD5:115B36C9702C985348A3F1E18F2F8519
                                                                                                                                                                                                                          SHA1:7F69C1AF5657271DD1A631402C8F0B3A29E7AC02
                                                                                                                                                                                                                          SHA-256:F44032D867A13AD2D7858EBB47B4FD9E73244563F3131C8D5F04B7D3F453BF11
                                                                                                                                                                                                                          SHA-512:0D0CB5BC29033BFEC15CA436E80E9DA6584C6379B0AA427E5BF1D4E2D7034BED51489E6FC03DBD4E11094363F4151CE78BE42FB36E5A4B21F5EA76DE1D7B3183
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@...u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_uk.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.816921084129834
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:gFAqwKgHxyC2secvVJE/GfumIYi6yN72Pxh8E9VF0NyxRD:xqwVu7Yi6yB2PxWEPx
                                                                                                                                                                                                                          MD5:9C1219D3C56BE9102BDC06557A2867A8
                                                                                                                                                                                                                          SHA1:589CF7461BB3E0098D92EB44C5AA63EDBADF66E1
                                                                                                                                                                                                                          SHA-256:7598182C0DEC3E8AFB21F2D3E77A1B92E6A3ACD18C68FFA4601B79142159F89E
                                                                                                                                                                                                                          SHA-512:D078BD445551544C05040EB54463B0CFE2B65D0AB042A7B65127B97A0F3A0FB8EDC9475F5ED384147BA644B3822CC75A6A1FA881C607DEA1D15264DE1C3936CD
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ......................................b.....@.............................I....0..(....@...t...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_ur.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.801006021470219
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:7hwhq9zmAco2u9keeZyYGiEIYi6yGuFPxh8E9VF0Nyx9XkZl:7Ohq9zmAco2AkeesYnYi6yZFPxWEP6P
                                                                                                                                                                                                                          MD5:4253754E567D430E4EE6D0530F16EA26
                                                                                                                                                                                                                          SHA1:CF224B4C59D8C535C987C54A4CE6A6FFA66131FF
                                                                                                                                                                                                                          SHA-256:BB38B7F9486BCF5DBC639523C2D30FB950294897A032AB33BD69658B6C375B42
                                                                                                                                                                                                                          SHA-512:91E9DD02192C30BD57B67B833F9EDEBE0192EB4C93CA0DE8D19DF4E6E44E3061030272CDB467220C288DB81CD18A6E12A21B02C35FAA0D22088F7F9713C12B8E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@..0t...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...0t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_vi.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.71606919536003
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:/QAxXlJnc3IYi6yrfNUPxh8E9VF0Nyx8KdW4:YAxX3c4Yi6yOPxWEP8+W4
                                                                                                                                                                                                                          MD5:DBF34144608D85A43F7DDB116816D542
                                                                                                                                                                                                                          SHA1:4B4E01E223B3FD6208937471CA034C13E412DF67
                                                                                                                                                                                                                          SHA-256:49D8836991438F030965C691F78C7B86CA28090A72B22998ADF54571E484F751
                                                                                                                                                                                                                          SHA-512:F87E28B49744F0320F32D4B1A88DB4AA75627CE9FC9FBB1F49F1A300D73D1A1BC52DF7219B6FC18E9B6CC0F44CA4115A27CF31D1CF00746DE70CA59156A8A257
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ......................................R.....@.............................I....0..(....@..0s...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...0s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_zh-CN.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):38168
                                                                                                                                                                                                                          Entropy (8bit):4.78057562926328
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:z435s9AoByKIYi6yFsPxh8E9VF0NyxZtO:0QAoBuYi6y+PxWEP+
                                                                                                                                                                                                                          MD5:27262CE0670BB0404BCF0EDD46F6A8B9
                                                                                                                                                                                                                          SHA1:5E213D9740317BBB8FED04EAA538C342567770F3
                                                                                                                                                                                                                          SHA-256:87A3956E1E71F3A71BDF65472F7D4DB3871B5AAE16BBEE89766EB1B05F8D6F0C
                                                                                                                                                                                                                          SHA-512:9D77DA34F5D1BF0475AA08E04A9C65162A0909F160D652F9964CDF02E82D326021C6323886F959114ED289C0D985D29B7CCC9A0B13CF17E969223D62D3E22233
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........f......h........ ............................................@.............................L....0..(....@...\...........l...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....\...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\goopdateres_zh-TW.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):38168
                                                                                                                                                                                                                          Entropy (8bit):4.7941068085405
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:4e5dd29GxrIYi6y+0UATPxh8E9VF0Nyxe/:42ddxUYi6yvdPxWEPm
                                                                                                                                                                                                                          MD5:84788884CD1EB1CF6B8A54F2321D8263
                                                                                                                                                                                                                          SHA1:A4DBAD8AC6A407010A460F9E597BA8F7A811D9E4
                                                                                                                                                                                                                          SHA-256:B070B63F0CDD17E974DC1408C74178A93A4E7A6F68CF2B1DCFA5643699D8BE12
                                                                                                                                                                                                                          SHA-512:EC57AF66941C31C50A214403B40FFC578C55214E764D91B7D5A5B2CE1CB4EBFD25DCB9F673DA97279A63CD45000FCD57E440EE44AF935E76CF19688DC7B53DF7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........f......h........ ......................................*.....@.............................L....0..(....@..0]...........l...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...0]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\psmachine.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):278808
                                                                                                                                                                                                                          Entropy (8bit):6.535825539703751
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:CpIyzjJAe5mgGbjcJ6oKUf6dPpmAOQVguMxtwQ7H0X/mwHtaC:CpnXJAe5mpjcJ69nPpm6VguM7wRv/taC
                                                                                                                                                                                                                          MD5:BA80FA8244AB66BAFAB7DAD90DEED0A2
                                                                                                                                                                                                                          SHA1:07FB59CF24AD8E764321AE25E792EE22AD9152CC
                                                                                                                                                                                                                          SHA-256:BFD3CD97BB461F81847A3F1869BFDF14CA290EC1A89476FC25215809EEEE0A25
                                                                                                                                                                                                                          SHA-512:9ACCCFA2432B1614915F245FBC6B017D664297BDDD950407923D7E40ED56A18EEC10C645CBC488F375B74B1E7D3884989E4C4C80E0B82B27B754659FFEBDD13E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F..O..............................#...............9.........................v...1...v.......v.........i.....v.......Rich............PE..L.....d...........!.....*...................P...............................p...........@..........................r.......r...........h...............)...@...-...b..T............................b..@............P..h............................text....'.......(.................. ..`.orpc...c....@.......,.............. ..`.rdata...6...P...6..................@..@.data...85...........d..............@....rsrc....h.......j..................@..@.reloc...-...@......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\psmachine_64.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):355608
                                                                                                                                                                                                                          Entropy (8bit):6.162510247878532
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:36tZH+wSATioVOG31+aOEyxTE+d9woh9bL8HKRwCV0X/mw8s:qPBSATioVR31+2yvDwoz8Uwrvks
                                                                                                                                                                                                                          MD5:1E54DB6716CA3151FAB88FC59488A48A
                                                                                                                                                                                                                          SHA1:A4731B2CFB3ED43924E024EC54D697330B0501CF
                                                                                                                                                                                                                          SHA-256:68419E93A522212E5452F853FC9AFBF77181B3CF572E541F956D26209954A47D
                                                                                                                                                                                                                          SHA-512:30204C2472880EAE5FE0D52C415201935E2B23192FECA809C42A1CA1A2130455B3BFD4D7BCEE4B04C37F47D5F17AE2C68CAD52F5EF8C76EA8C8BC3E7BACF8684
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3z.?w..lw..lw..l.i.m...l.i.m{..l.q.mW..l.q.m~..l.q.mK..l.i.m`..l.i.ml..lw..l...l.p.mD..l.p.mv..l.p8lv..lw.Plv..l.p.mv..lRichw..l........................PE..d.....d.........." .................9..............................................x.....`......................................... ^.......^.......P...h.......$...D...)......$....8..T............................9...............................................text............................... ..`.orpc...$........................... ..`.rdata..V...........................@..@.data...|P.......*...X..............@....pdata...$.......&..................@..@_RDATA..............................@..@.gxfg...0.... ......................@..@.gehcont.....@......................@..@.rsrc....h...P...j..................@..@.reloc..$............,..............@..B........................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\psuser.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):278808
                                                                                                                                                                                                                          Entropy (8bit):6.535609072667348
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:CPIyzjJAe5mgGbjcJ6oKUf6dPpmAOXYglXtwQ7H0X/mwHtay:CPnXJAe5mpjcJ69nPpmNYgldwRv/tay
                                                                                                                                                                                                                          MD5:C5973AE258AD5CFE60817E0BBFACCB06
                                                                                                                                                                                                                          SHA1:B644D01D635F5AA2ACAC85D2C2912533A9DD866B
                                                                                                                                                                                                                          SHA-256:AA49DEAC49A1C8392D56631ABC2960BAB264C8BD541155C51FF3FDDD09879AB8
                                                                                                                                                                                                                          SHA-512:4625B8A8937F63062427A624DCE9211C348995739254487E533EB845FACAE53D956F851E3B7573EC69265294B0F1AFC2E20E440D574A10174FA85A1BC6482F9E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F..O..............................#...............9.........................v...1...v.......v.........i.....v.......Rich............PE..L.....d...........!.....*...................P...............................p......].....@..........................r.......r...........h...............)...@...-...b..T............................b..@............P..h............................text....'.......(.................. ..`.orpc...c....@.......,.............. ..`.rdata...6...P...6..................@..@.data...85...........d..............@....rsrc....h.......j..................@..@.reloc...-...@......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUM6678.tmp\psuser_64.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):355608
                                                                                                                                                                                                                          Entropy (8bit):6.162165353226854
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:3UtZ3uwSATioVOG31+aOEyxTE+d9Eoh0b+8hwRwCns0X/mws:E/RSATioVR31+2yvDEoT8gwSJvk
                                                                                                                                                                                                                          MD5:018A1568E6B953427D393159A39C3778
                                                                                                                                                                                                                          SHA1:6FB6731DD730895762A8DB5F7C4AE01BDC280A68
                                                                                                                                                                                                                          SHA-256:F8CE6AE6C271B808DF14612F47A9A7EAE6F9B4A699E835ADFC2182FD197B3A97
                                                                                                                                                                                                                          SHA-512:606E532CF1443C9C9A685E83F62B205164C36F451A10D50BE9D0E083CFC36FC764CEDB51FA7AADD85B8696C963C525C840412BC64F3EA92F948ED80DA9663261
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3z.?w..lw..lw..l.i.m...l.i.m{..l.q.mW..l.q.m~..l.q.mK..l.i.m`..l.i.ml..lw..l...l.p.mD..l.p.mv..l.p8lv..lw.Plv..l.p.mv..lRichw..l........................PE..d.....d.........." .................9..............................................k.....`..........................................^.......^.......P...h.......$...D...)......$....8..T............................9...............................................text............................... ..`.orpc...$........................... ..`.rdata..F...........................@..@.data...|P.......*...X..............@....pdata...$.......&..................@..@_RDATA..............................@..@.gxfg...0.... ......................@..@.gehcont.....@......................@..@.rsrc....h...P...j..................@..@.reloc..$............,..............@..B........................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\GUT6679.tmp

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:POSIX tar archive (GNU)
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):7270400
                                                                                                                                                                                                                          Entropy (8bit):6.34842792092482
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:98304:dKklDfgFc03si+k9UKFlAX3mRgb9o3pn/J6VprjGv+Pn/J6VpBjG8RocqxmRMC:rQc++k9SGEeUj81jLzCC
                                                                                                                                                                                                                          MD5:86649FB061CFA1952CFABAFAC364ABCF
                                                                                                                                                                                                                          SHA1:0B89CEC279C289E08A40A72EF92367CCE6626DA6
                                                                                                                                                                                                                          SHA-256:EC2F937D82AC3B926DFF90EC28B9AE957D3CBB589DC640CCC21F9916F853D0BA
                                                                                                                                                                                                                          SHA-512:9D24E17D4D04B872D05707C182AB9DE92301B7C0A99E157CF3E49C0F6BC0B13AB8896A41E52170C42811271CC36852B362B7CFE4DAD83C32FFBEB6E6CC163F57
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:GoogleUpdate.exe....................................................................................0000777.0000000.0000000.00000474430.14455371072.012321. 0....................................................................................................ustar .................................................................0000000.0000000........................................................................................................................................................................MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9.d.................D..........Ru.......`....@.......................................@.................................P...x....... ............P...)..........p[..T............................[..@...............L...........

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nudqwvipwdofy

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):480768
                                                                                                                                                                                                                          Entropy (8bit):6.778341966131848
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:A9J8R3ygHziX1ah2+MNCM7P/Xg1V5tjRAg:AjYygHziX1a7McYEV5v/
                                                                                                                                                                                                                          MD5:40BF356D89CBACE7FEFC9F114AA247A2
                                                                                                                                                                                                                          SHA1:FD660A6E8DED578A9722EE8EBFC51EA3FF67C4D9
                                                                                                                                                                                                                          SHA-256:48D1816BD0D5CD2E202C254A31154DFBCA83993FB4C2060FD42AA38A299DAB4F
                                                                                                                                                                                                                          SHA-512:62F8267A50A5F75F8BCC53F7076FB2E88D6B6BC58D2DC889FD8074D6C9E9F4BB439F204603C4F4C5C09B8877BC6889530363BB9E081BFDFE511C0C418FF54B87
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                          • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: C:\Users\user\AppData\Local\Temp\nudqwvipwdofy, Author: Joe Security
                                                                                                                                                                                                                          • Rule: infostealer_win_lumma_strings_sept23, Description: Finds Lumma samples based on the specific strings, Source: C:\Users\user\AppData\Local\Temp\nudqwvipwdofy, Author: Sekoia.io
                                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....!W.................B..........L.............@.......................................@.................................`................................P......................................................d...<............................text....@.......B.................. ..`.rdata..T....`.......F..............@..@.data...T ... ..."..................@....reloc.......P... ...&..............@..Bkvywpd.......p.......F..............@...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\ChromeSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1372712
                                                                                                                                                                                                                          Entropy (8bit):7.919440458007018
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24576:KJvKjZQYfXDPJZOE9PjCFaAL11MJY7pjtafbojRAaUtYQCK16dck0tWrH6:OK9QYfDPJZr9ra11M+jtIbCRLlv7p0t9
                                                                                                                                                                                                                          MD5:5F0299E8AA87A9C4AC70ED9F7DC8BB69
                                                                                                                                                                                                                          SHA1:B8D65FFA13DD75CEFF65C22F1BC9C6EECE28A0E7
                                                                                                                                                                                                                          SHA-256:F6B1F463677C99AC7B68241758BF9BF756D448E4D35152C7FF3722C2D1C144DA
                                                                                                                                                                                                                          SHA-512:37F31078D6965DD0ADC585F1F1F062366C5C51B80D681C7D7D987BECB8E8697308E96A20CCD990166139226C62DB48D1CFA540423930906FF800697AC37BCDFA
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../..VNe.VNe.VNe.<f.\Ne.<`..Ne.<a.BNe..$a.GNe..$f.DNe..$`.{Ne."%l.PNe.<d.[Ne.VNd. Ne."%..WNe.VN..aNe."%g.WNe.RichVNe.........PE..L...4.d.........."......x...*......tS............@.................................H/....@.....................................x.... ..................(L..............T...............................@............................................text....v.......x.................. ..`.rdata..Fo.......p...|..............@..@.data...............................@....rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\GoogleCrashHandler.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):301848
                                                                                                                                                                                                                          Entropy (8bit):6.648559159903329
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:ShInmyy8rSVW61Vd5nirfggy9HaAOrECXwckQQx+08i:5nPyUSVr/5nirfgsVECXwzx+08i
                                                                                                                                                                                                                          MD5:DA1DD236ECD7C2C550604F1DD791AB81
                                                                                                                                                                                                                          SHA1:952B1EA7A2A6D74A40BA312AEB04D4A5BA3A5536
                                                                                                                                                                                                                          SHA-256:77F31C188C1F2AD34287DA7A14BCAB9A5EBBE6546F20263AF73973A8FE422DE2
                                                                                                                                                                                                                          SHA-512:D4C1AE558969F234D505261E0C3874B02B27722BD20233FB867F5AFF4CBA4B27673E6798846F0513C5363BCD38F5C5981A25217932BB83090F49FCA9AF857C15
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........0.tc.tc.tc..wb.tc..qb|.tco.pb..tco.wb.tco.qb..tc..pb.tc..ub..tc.ucq.tc..}b..tc..c.tc..vb.tcRich.tc........................PE..L...A.d.............................r............@.................................8.....@..........................................P...2...........r...)......t(......T...............................@............................................text............................... ..`.rdata..l%.......&..................@..@.data...d(... ......................@....rsrc....2...P...4..................@..@.reloc..t(.......*...H..............@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\GoogleCrashHandler64.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):401688
                                                                                                                                                                                                                          Entropy (8bit):6.360013717980644
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:6ELy9SEPWzVB2zUM2WJoROZVAgFXaoZfuYw8tGx+3:62ywEQ7gFXaA2Yw+GxU
                                                                                                                                                                                                                          MD5:5692DD1940AC1D772B3508169BFA0148
                                                                                                                                                                                                                          SHA1:5DF49A367B49EE628AA53ACF4D63D6AFF925B618
                                                                                                                                                                                                                          SHA-256:86010716B5B36F44071EF9C80BB520FC85BC16F7226E7750436D3181F5ECD83F
                                                                                                                                                                                                                          SHA-512:8B7E3B03EA031D1C2E5259DF8F67E3DE47B62CCDB4843D439DE8F6B2D86242D3CDC5FB18211AE3C7FC128ACBB004507A7ED4C0C8C1636BEFA20E2210E73FED02
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......G0...Q.].Q.].Q.].#.\.Q.].#.\.Q.].;.\!Q.].;.\.Q.].;.\GQ.].#.\.Q.].#.\.Q.].Q.].P.]w:.\HQ.]w:!].Q.]w:.\.Q.]Rich.Q.]........PE..d...Y.d.........."..........R.................@.............................p......I.....`.................................................hM....... ...2.......,.......)...`..8...` ..T............................ ...............................................text...X........................... ..`.rdata..Z...........................@..@.data....6...p.......V..............@....pdata...,...........h..............@..@_RDATA..............................@..@.gxfg...0...........................@..@.gehcont............................@..@.rsrc....2... ...4..................@..@.reloc..8....`......................@..B................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):162072
                                                                                                                                                                                                                          Entropy (8bit):5.988644157808262
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:xwzvOYwt5YP/aKavT/DvbEvK9aobNI2B+el0LTGzkWJWXVfShNgpNcOJkeaNd1KY:XtiP/aK2h9H/B+XE
                                                                                                                                                                                                                          MD5:047FDBAE45C6D08B606BF3E8CEEFB4C5
                                                                                                                                                                                                                          SHA1:6887347C7640EF86B87066ABAB5A43ACECC9A962
                                                                                                                                                                                                                          SHA-256:0010A33FCDA893D72DA357D8F8751F0ED243908F1A83B51748E81B508EBF03BA
                                                                                                                                                                                                                          SHA-512:A0E94D3657A02A8C3A05AACCFBD56DF18ED6DC03F38A455ECB404902F4FF2045CC4AD794CF00E7570553897C5E4CD32AA8F52BB294890F9458C23E4EF815A354
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9.d.................D..........Ru.......`....@.......................................@.................................P...x....... ............P...)..........p[..T............................[..@...............L............................text....B.......D.................. ..`.data...x....`.......H..............@....idata...............R..............@..@.rsrc... ............\..............@..@.reloc...............@..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateBroker.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):108312
                                                                                                                                                                                                                          Entropy (8bit):6.4784780227418
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:bMxJ7Rfp8K172YPrN4vzT+PpZpsB+JG+EOX79xU:bMH7cCxPppsB+M9Kk
                                                                                                                                                                                                                          MD5:E9C3B566C6B059F23EA2A63FC3747FCA
                                                                                                                                                                                                                          SHA1:D001D14775D212D57991FEEA1330FE9E5ED4FC68
                                                                                                                                                                                                                          SHA-256:7A47BC22E09AF91EF7B176DB9788415A4EDA8D7679D89AA6102D72F231BA50FA
                                                                                                                                                                                                                          SHA-512:84E7CF8F4A0702721C4666C446E493403E050053CFCAF33C7EEF42E0065680B4AEF73AC9EB74127C034A2F8B6851B5F9AB98F4B4821212DF39F26AB43EB4413B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...:.d..........................................@.................................v.....@..................................5..<....`..p2...........~...)...........+..T...........................X+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateComRegisterShell64.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):185624
                                                                                                                                                                                                                          Entropy (8bit):6.209107446544636
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:uni3ZkI1rXRAmWt9h8QlLISqG+T1DpN9qEKLmoY46WKz5B+O3dnD/Yxu:uni3ZkQrBAmWt9h8QlLISZWVhohob7dv
                                                                                                                                                                                                                          MD5:C6119D93099CEFC4D75C8B70BBE981DD
                                                                                                                                                                                                                          SHA1:5F04DE21031EE27B6CD6D0BA2D73A50DD96237C6
                                                                                                                                                                                                                          SHA-256:9D5F50FC14DE8308EDEC2B17DB01613F827C14313BDF9479C5D6D11DED86AF36
                                                                                                                                                                                                                          SHA-512:E00A9012CE835374807731DE1B042D5E9FB4CBCC26BE091CE3C2859FD3DB6498895297AC003A74C960E4667B883678E44D2AA7F88D0071EA114C70BB0A296229
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............O...O...O..)=.._O..)=...O..N%...O..N%...O..N%..O..$...O..)=...O..)=...O...O..kN..$...O..$...O..Rich.O..........PE..d...A.d.........."......R...z.......R.........@.............................0......TB....`..................................................p..x........................)... .......V..T...........................0W...............p...............................text....P.......R.................. ..`.rdata.......p.......V..............@..@.data...x3...........d..............@....pdata...............t..............@..@_RDATA..............................@..@.gxfg...............................@..@.gehcont............................@..@.reloc....... ......................@..B........................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateCore.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):223000
                                                                                                                                                                                                                          Entropy (8bit):6.648111951374837
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:OMtqCya7IdoB0SJmRi1Qf66AOKW/+GwIAfx+c+FfFyr:JtqCya7IdoBLJmRW6B/Pwpx+cafFyr
                                                                                                                                                                                                                          MD5:8D612B697FFEDD556A24EE4C04D2972F
                                                                                                                                                                                                                          SHA1:EEDDB66EF38DE6A9CE3A002C2A8AB81D8106B743
                                                                                                                                                                                                                          SHA-256:FB47B90747658700D6B18555CBD604DE8689ADE666E52CFED24EFC7CEA9E7E1E
                                                                                                                                                                                                                          SHA-512:BA0C06FE8704CAF0BA01270EF239D39E3BE8DBEDB094631769118BE75C56BA0031E34FA291FD4DDCEEE5D03BF8CA04E8E5FF760BB4CFF1FA744EF371AB67BB7F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../..N...N...N..T<...N..T<..!N..3$...N..3$...N..3$...N..T<...N..T<...N...N...O...%...N...%y..N...%...N..Rich.N..........PE..L...Z.d.....................r....................@......................................@..........................................0...2...........>...)...p... ......T...........................h...@............................................text...e........................... ..`.rdata..b...........................@..@.data....'..........................@....rsrc....2...0...4..................@..@.reloc... ...p..."..................@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateOnDemand.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):108312
                                                                                                                                                                                                                          Entropy (8bit):6.479748154452283
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3072:qER5AhC48S1m2YPrh4qR8v4ZksB+JGdqhOaxOt:qEXAe6QPxksB+MYQv
                                                                                                                                                                                                                          MD5:A5BDDCA8078F8D043EF1BA52408E3A63
                                                                                                                                                                                                                          SHA1:4F9068968E803E90D57873786C29E38258539209
                                                                                                                                                                                                                          SHA-256:FF68C58C8B4600C1362AD3BB441FE8F1DD1FF206ED92EDD795AA71504E6286B4
                                                                                                                                                                                                                          SHA-512:360A55AE06C52FE945D208BD3DDEBB27A2BF1C598115300306D8E64E60A5F750F90AD5552F3BE97517AD3EF68232DA067D62EE546204D9B33FF91813F08C2D2E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............Z...Z...Z..[..Z..[L..Z..[..Zu.[.Zu.[..Zu.[..Z..[..Z...Z...Z..[...Z..]Z...Z..5Z...Z..[...ZRich...Z........................PE..L...;.d..........................................@.......................................@..................................5..<....`..p2...........~...)...........+..T...........................h+..@............................................text...h........................... ..`.rdata...\.......^..................@..@.data........@.......0..............@....rsrc...p2...`...4...:..............@..@.reloc...............n..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdateSetup.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1372712
                                                                                                                                                                                                                          Entropy (8bit):7.919440458007018
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24576:KJvKjZQYfXDPJZOE9PjCFaAL11MJY7pjtafbojRAaUtYQCK16dck0tWrH6:OK9QYfDPJZr9ra11M+jtIbCRLlv7p0t9
                                                                                                                                                                                                                          MD5:5F0299E8AA87A9C4AC70ED9F7DC8BB69
                                                                                                                                                                                                                          SHA1:B8D65FFA13DD75CEFF65C22F1BC9C6EECE28A0E7
                                                                                                                                                                                                                          SHA-256:F6B1F463677C99AC7B68241758BF9BF756D448E4D35152C7FF3722C2D1C144DA
                                                                                                                                                                                                                          SHA-512:37F31078D6965DD0ADC585F1F1F062366C5C51B80D681C7D7D987BECB8E8697308E96A20CCD990166139226C62DB48D1CFA540423930906FF800697AC37BCDFA
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......../..VNe.VNe.VNe.<f.\Ne.<`..Ne.<a.BNe..$a.GNe..$f.DNe..$`.{Ne."%l.PNe.<d.[Ne.VNd. Ne."%..WNe.VN..aNe."%g.WNe.RichVNe.........PE..L...4.d.........."......x...*......tS............@.................................H/....@.....................................x.... ..................(L..............T...............................@............................................text....v.......x.................. ..`.rdata..Fo.......p...|..............@..@.data...............................@....rsrc........ ......................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdate.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):2026776
                                                                                                                                                                                                                          Entropy (8bit):6.853078405445965
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:y0bxVqH+t6rw7AQ9RdcKFlk2Y/gCXPvxzP:y03si+k9UKFlAL
                                                                                                                                                                                                                          MD5:394D22417AB10BCDABC67B89DC2210D7
                                                                                                                                                                                                                          SHA1:F3F17D76B62CFFD6E9BE62B17CC4E9C10E7D5B9A
                                                                                                                                                                                                                          SHA-256:74449270D9FE9BBD229AF902B6C1379F3545ACC04585D39EFD1933F14062E4CC
                                                                                                                                                                                                                          SHA-512:35BCF29C94AC01EDF914D663692A34850588ECC381FD3300526078119D8198D66E6BCD40868CBD51AD9EC5A6D9D915302904F52EDDDEA836A582ED2B9661C65C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$......./i..k..Uk..Uk..U.z.Tj..U.z.Tj..U.z.Tz..U.z.T...U.b.TJ..U.b.T|..U.b.T*..U.z.Tq..U.z.TB..Uk..U...U.c.T1..U.c.Tj..U.c.Uj..Uk.FUP..U.c.Tj..URichk..U................PE..L.....d...........!.................M.......0............................... ......4.....@..........................w..X...8x.......P..................)......|....[..T....................\.......\..@............0...............................text............................... ..`.rdata...{...0...|..."..............@..@.data...........^..................@....rsrc.......P......................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_am.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.795840750645376
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:aIH4k4sI+h2JIYi6yF1x5ofPxh8E9VF0NyYWn:zHZJ7Yi6yXiPxWEuK
                                                                                                                                                                                                                          MD5:03E78010DB04CD34227B7BC7544403FC
                                                                                                                                                                                                                          SHA1:25F39BBC0A335C229D40AD13D8856E63D7D7DE2D
                                                                                                                                                                                                                          SHA-256:627C25893A0F91AADC921EA93A472DCDB39CA8A714CE3FE634EFD5EC65487A39
                                                                                                                                                                                                                          SHA-512:D19B239E048C88438155C6AA9397B51579D8C4E73703ABCCD436DCB57A743C6D5C699C9D62875E68A333735F1009A87FA85B7A762792038CD6FC1D2AE4857D5A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ ......................................^)....@.............................I....0..(....@..Pp...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...Pp...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ar.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):42264
                                                                                                                                                                                                                          Entropy (8bit):4.792883323942892
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Lfr3anBDBGHCIYi6yApiaPxh8E9VF0NyY/J32:/3anT8Yi6yePxWEuk
                                                                                                                                                                                                                          MD5:11993FD5B218BF08DC072EBC23E5D162
                                                                                                                                                                                                                          SHA1:36B72292E03CFCCF782AEFB15270E3A0F9F9E384
                                                                                                                                                                                                                          SHA-256:ED1534A527647D3E16568963C162DAD043003A4ADF1C022E1A6A81E9A699C3CE
                                                                                                                                                                                                                          SHA-512:9EB2FFF8A5F7D4E5C597C590D3481817BBFD7E2E20A239AD112BEDCB4891535877D46A3FAFC8E775AF1AF1D6D98B7781AB98CEBC145A71E73AFBC8D832BAE395
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........v......h........ .......................................B....@.............................I....0..(....@...m...........|...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....m...@...n..................@..@.reloc.. ............z..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_bg.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.824742237255707
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:U/Q9tck8aGIZBOcw1IYi6ylCG5Pxh8E9VF0NyYMUUJ:U49l7DlYi6yRPxWEutUJ
                                                                                                                                                                                                                          MD5:E09B858FAFF3573AEB5389CD92E0D7BF
                                                                                                                                                                                                                          SHA1:F22E4A97BE5A6A303C2226F63C6DC47F131DCFD9
                                                                                                                                                                                                                          SHA-256:BE863F710558EA45955BBEAB27922D01CB3A297FC52E36ECD4EC18334692C391
                                                                                                                                                                                                                          SHA-512:48CEB5A060F9D4DFD8DC2D7BAC007C2C57346DF7C017EA0391CFF526CA5B852A26D25963AFDFDCE1F39CF4871A68BEB5E84AC84CF056CDE69B4E957EDF49D9EA
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................s.....@.............................I....0..(....@..Py...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...Py...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_bn.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.881101683488677
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:/dEvUx7tVF7qTFoFrTFgRj+mBwTnIYi6yj+Pxh8E9VF0Nyb20F:1Eu0FoFXFWBwkYi6yKPxWEpzF
                                                                                                                                                                                                                          MD5:BAA39403D8ABC3E74BA70EFCE7005E86
                                                                                                                                                                                                                          SHA1:C7D96C312547F4D973E54BD203E2821CEAAD8ED1
                                                                                                                                                                                                                          SHA-256:908045B4D1745E39031DC7861221332DD87FA9AD89DA86D68353BEDF982DB3BA
                                                                                                                                                                                                                          SHA-512:A0051323857B1854FAA1F6589431FC75BE1705B9B4A275E9408F1338E916B86A710E22F0EAF87F8F5B6FE35ACDED9F9D1CE3AB018B6436915802D551D03ADA08
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................I....0..(....@...x...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ca.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.599056937006775
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:d5FH2yrzVu/k4bHk0IYi6yqIvdAJYPxh8E9VF0NybWPAbI:fFH2yrBuVWYi6yxvdAJYPxWEpeAbI
                                                                                                                                                                                                                          MD5:C6C4220211CA3631F98D967F24287D80
                                                                                                                                                                                                                          SHA1:8859BBA7E3E68342D28772B47AA0CE388602AEB0
                                                                                                                                                                                                                          SHA-256:D7CA0004F69927F78A2EC004FD0935392D3E49928FB6BDED29335CCB7D4B1DE0
                                                                                                                                                                                                                          SHA-512:2F5EE9E2192A0E4CBE3F82ED1CDED0164CA190634D54B3BF10340D17F61B29C86BFADCD1F189AC5E97DB0FBA027D80FD9CFA3537AACD73E13AE79551A170DA93
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................dn....@.............................I....0..(....@...x...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_cs.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.652100534440651
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:cGcPVBWDqBkwEAufy6fIYi6y29iPxh8E9VF0Nyb8Yg3:aPGj/gYi6yvPxWEpi3
                                                                                                                                                                                                                          MD5:39189C8922EFBBDD87E0586599CCA15C
                                                                                                                                                                                                                          SHA1:01C79D31D72579F79684198758E5E3D74D7A677E
                                                                                                                                                                                                                          SHA-256:B33CA4894EAB5A1F2D0498172BED467B601B90DCEC99489EAAA04CE20ECEB566
                                                                                                                                                                                                                          SHA-512:D023DD306C09AE5FDD1F3E32916D7FEF3A0963024DA8124BDE65100EC59A90D6C8FBF3494A23F6D37F206C2A9F0BCAF38B2B86331A7DB2223779C8E31576F39A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................3....@.............................I....0..(....@..@u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...@u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_da.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.605348492828605
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:nMZfN3wtpOcqJ0YIYi6yszPxh8E9VF0Nyef8MK:ML3wxoeYi6y6PxWEo4
                                                                                                                                                                                                                          MD5:72414179BFE08FF73DA291BAFB776E29
                                                                                                                                                                                                                          SHA1:23D5C5F72CB9099316A11337D682E3FE417260E4
                                                                                                                                                                                                                          SHA-256:88AEA5D1E31A63BFCD2AA37E87D50BC2C31F3075073353D25E8B1A5440165287
                                                                                                                                                                                                                          SHA-512:4B2945CD4A468D94A63D7DB5299E6A73AC8E528AF936E128388A7497F6B19379CDA6CAC90A2FED84478C75469E967E00A49248B21F37BB5BB1BF499D6734340C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................p....@.............................I....0..(....@..hu...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_de.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):46360
                                                                                                                                                                                                                          Entropy (8bit):4.597090073727154
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:M8JUy8gjhO4MesINK/QXIYi6yW7Pxh8E9VF0NyevgRef:9V1MeZsQYYi6yKPxWEoIRef
                                                                                                                                                                                                                          MD5:EAF4C90A423F20A1E97BA7CD59B250CD
                                                                                                                                                                                                                          SHA1:CCAA876DA63431DEE7D9199850D5FAF9029E8DF4
                                                                                                                                                                                                                          SHA-256:FE1B6E21C8FE46EB1115356A2660FE269FC585FECA18A6F2D30190C57066C66A
                                                                                                                                                                                                                          SHA-512:D34AC9119D661D00C1EA606DDB9A9F93226E62A44AF219353E4BB938023011C364B075E35AF397EF6B07FDD61A20BB83CD5AEFFB6B9EA515F6FF0D3CEEF35AEB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................!^....@.............................I....0..(....@...|...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_el.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.8976143355145165
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:LqWEDleILkSIuHCSqlIxRFiAhkg8zBdfsBsTbjIYi6yQNgK/Pxh8E9VF0Nye+u:2rZlLOWR5m/kYi6y2RPxWEoj
                                                                                                                                                                                                                          MD5:8FB8A25261502F728ECD840588CA9092
                                                                                                                                                                                                                          SHA1:D6D1BC01F4DDAEFEDB8C558467666E713A76804A
                                                                                                                                                                                                                          SHA-256:05D06BFA7E8D7FA47EF354D811BBEC1F432D80680733AA1553E2F83C4946DBAE
                                                                                                                                                                                                                          SHA-512:3EAFA72C1DA27FB369F602DA4A1491CF9B9CF573D367E546B9FB854A71B221A1DB0037E9A784EC579FE4D1B65E849A8C2A2746C560F5A3ED79F1C15C3BD0F048
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................I....0..(....@...{...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_en-GB.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.60441142316265
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:B1YtagyXbubQIYi6y9gSPxh8E9VF0NyZup:ktagyXqFYi6ylPxWEre
                                                                                                                                                                                                                          MD5:B1BB07E2B719CF58CA052490F5A0B9ED
                                                                                                                                                                                                                          SHA1:2EC7B9C8A22E2699303E59B19AA67DA3B7096A5B
                                                                                                                                                                                                                          SHA-256:A290A6ED4403BD1B04C46D80FA8AE6C944C2E863BFCFBB022FFDB9A89685F86D
                                                                                                                                                                                                                          SHA-512:D41FBF79B4FF54AA75D95272D6D03F5F0F056E9CAE0F6D65D1F0911DD46F5279A1F37101364F606DFED528FB1F033E3AE457F6A18A7A1A9C7D2208918B5711DE
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ .......................................}....@.............................L....0..(....@...q...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_en.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.600381831559855
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:e28agyMeRpIYi6ymeimF/Pxh8E9VF0NyZQq:h8agyMe+Yi6y5F/PxWErB
                                                                                                                                                                                                                          MD5:BBF04B9C1C75340D5381D1048CB39279
                                                                                                                                                                                                                          SHA1:00DB86888A3EFF90FBBC032EA24F7019D802EE82
                                                                                                                                                                                                                          SHA-256:B5A2FC0F28DEB7841BD92B4F257C4B163EC2CE2D8FED8DE82FABF950A91DF623
                                                                                                                                                                                                                          SHA-512:323154686BDE5B5519A06DAFD4F49B56590312A3D6EFE558D883FF8D333191D6C9EE7F9EAF9BF69355DFA6A3A57C923F7026D5A492656354AB0B00B34056AB37
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ ...........................................@.............................I....0..(....@..xq...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...xq...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_es-419.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.590269055522172
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:nhU+fy4JIYi6yz5qb4Pxh8E9VF0Nysvx7cJf+8:hU+fy4eYi6ywb4PxWEy5t8
                                                                                                                                                                                                                          MD5:8A63D1AA28F7AE7D8032A9742BAFE5BB
                                                                                                                                                                                                                          SHA1:0A8C7AED30A515765592015542A92EAD0EE69682
                                                                                                                                                                                                                          SHA-256:4DD91E89F612E830AD12A32D4701A58B1A80C2A7B842C5A131266DAA3B1E2924
                                                                                                                                                                                                                          SHA-512:46F04316B1B9A9A8927850C4BA2A01F16BD1DD991F59C9694A3C89A95CD6556DC379547908CD08D62233D06D09EE379BAFBEDEA661B6EA347F7CBAD60381F41B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................l........ ......................................Y.....@.............................M....0..(....@...v...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_es.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):46360
                                                                                                                                                                                                                          Entropy (8bit):4.577785468213174
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:BYxUNRaLElwIYi6yaNEPxh8E9VF0NyZk3AN:CxUN2ElZYi6ya+PxWErCAN
                                                                                                                                                                                                                          MD5:8CC30D9C08FD15EF0FAB843F397B0990
                                                                                                                                                                                                                          SHA1:EDECF20A1A24BDF7028BBA0CE90D86BED8E55147
                                                                                                                                                                                                                          SHA-256:9715039D587CB8F3682DB31914241D4090B2A01E6DC06D238CE7C1F7D7EDF57B
                                                                                                                                                                                                                          SHA-512:A63AC3E300B7D01B96837F12D8580BD4AF0198E2CC50A02371B8B770D2BE03490EADDA891B6BA3E28B5C3847081202258F6985CAE77439F1CCEB128633710A9B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................Y....@.............................I....0..(....@..x|...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...x|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_et.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.590367117520583
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:TPHrbDFbDuVEbJRzSQ/IYi6yuQzcPxh8E9VF0Nysh0S:Lz9umDnAYi6yZzcPxWEyWS
                                                                                                                                                                                                                          MD5:31870C48CAA9C14A0313DA23E9BC9371
                                                                                                                                                                                                                          SHA1:EE2570B889E80ACBEBE58B802FF9E6C190D45494
                                                                                                                                                                                                                          SHA-256:77700EBC335B683DD704A74D7516A912D98A3D50F331B6F90786ED8E5B2B4AA3
                                                                                                                                                                                                                          SHA-512:6FFB8AD9779F0D0C3FD29930AD42CE6A06B768EE237B45C73A162F9EE5642E9050D2DB66500CAE198759FD0852173D94AFCCDB3DEB3A9DC73929E22332952BBC
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ............................................@.............................I....0..(....@..Hr...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...Hr...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fa.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.798383453705228
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:5OVpZbXQ5JIYi6yuDplgFPxh8E9VF0Nys256df:EkeYi6yGplgFPxWEy+q
                                                                                                                                                                                                                          MD5:F3B382FFA29ACEF1E7CFF94442567056
                                                                                                                                                                                                                          SHA1:BDA9AB76353EE28616C57F4DD1957A559E2E2E9C
                                                                                                                                                                                                                          SHA-256:9A47BA46806E377D4332F70BF54D80A692F0CEC06241B0BEAB921972BC01F68E
                                                                                                                                                                                                                          SHA-512:B5157D305252DC110B209026AB9A2D0014B119AD3058A8356231D18BB3ABDF5FC55E6F409D50F48156C052A3018E5FF043A9E5993981C569FE107D2522EF524B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ ......................................-.....@.............................I....0..(....@...q...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....q...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fi.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.600153905845738
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:augkfEUPhXY7RTYXU9hKh9GAHrIYi6yWGPxh8E9VF0NyfxY:dBfEomQj0Yi6yZPxWEdK
                                                                                                                                                                                                                          MD5:F4C0685C628AA15D2A3DB93F8B872283
                                                                                                                                                                                                                          SHA1:3C36FDFF1E3438BA30CC5F48BA52397F9BB3876F
                                                                                                                                                                                                                          SHA-256:30E38B21AEEF6590F827F22CDBCCA7DD08836BDCD56117CF3CE4B02C104C2187
                                                                                                                                                                                                                          SHA-512:774548D47665C3463AE35CC09FDAAD4843F9A8EA3C387AD356848C66BC2851B53EA3EA2A84D23C5A2257C3816E994B473127348F9F1E6DCFD5CFB24B88F3B285
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@...t...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fil.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.585524929878328
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:o9rcjUrPer+B3Rlaw7y9kIYi6yF2lN6NPxh8E9VF0NyfxtR:opcjU7c+B3RlawWDYi6yk3yPxWEdl
                                                                                                                                                                                                                          MD5:506D2799D9B8AF3F1DA2279099FC2DD8
                                                                                                                                                                                                                          SHA1:A296C34FE957DD1AF650CED2C28D2BDCC4964EA4
                                                                                                                                                                                                                          SHA-256:24A12004C97A2DAE0CF622F546BA1EBF757D6DFF4B49E9AE280A39D3B6C7128A
                                                                                                                                                                                                                          SHA-512:45929D695080D2E490C5AC69C852D99E23C4DC9571E965C3BB34E84FD834FA7EA961DDBB1E04F75BA2133DEA95F36F47CCB33F36AED8ADF0362529C6CE2FF777
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................J....0..(....@...x...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_fr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.600204897430851
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:PBa98EoMcpW4xDIYi6y/qYLPxh8E9VF0Nyedq:ZaaMcNsYi6yyYLPxWEE4
                                                                                                                                                                                                                          MD5:F58CF20D123D30013824AFA63882CDB0
                                                                                                                                                                                                                          SHA1:16761EB515C35732EFC7CD941E200328AFB29C58
                                                                                                                                                                                                                          SHA-256:DD2F56CCF7DF887810C044F560144F2440DB8CE18CDEBD52FAA0B9477BC39692
                                                                                                                                                                                                                          SHA-512:D676CECC0C19A22FF62B1B17F7D781A89EF530B2D492225202ED1DEF01E4459564818865833EB50C79E05923DE202B9906020D7AF93838B910FC34F651BAA14D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................$a....@.............................I....0..(....@...z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_gu.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.878931760360402
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Wf63UrpgV4DkYCQsfwDkIAIYi6yJOPxh8E9VF0Nye5Km:YoUrpbouJYi6yoPxWEEgm
                                                                                                                                                                                                                          MD5:C624B75BF89DA60A8468B249B8E2F16D
                                                                                                                                                                                                                          SHA1:BC2A436C5A4D0157928A0B247412E8B9A385B23C
                                                                                                                                                                                                                          SHA-256:96CBA45A780B344AB373CB5CDCE52C962E3DFEC08A570FAA6BDC33FDD277116A
                                                                                                                                                                                                                          SHA-512:D8721A97A0E4E5C78F08DF4C031B519E6EACDBB3BC86F673A97325B79E0AE1DD4F9FBF9FB8A7428890076954F5515A82E677F92B0E45DD8B93DEACFCC8E6A5B7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................Y....@.............................I....0..(....@...z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_hi.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.83542724723739
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:jl+M6Ac6AbEcXwwVRYi6yIPxWEE58NIp7:jl+xX1R7APxa+8
                                                                                                                                                                                                                          MD5:9D24FFE112B64B278C97D7A6C5B52B11
                                                                                                                                                                                                                          SHA1:A8596CAE57634C63630AE2A75B672B71CF06DB83
                                                                                                                                                                                                                          SHA-256:B1177587CFF272AA288AD209892A0B6351FCC69855C928F6C28209906F84DA85
                                                                                                                                                                                                                          SHA-512:5AEA4EC4ABAFFB33A1876240F7D4A648D0E4A993594E79239AC1BE6E98B71E2C760DB1D729A3B5D2272407E3EFE4028B311157829A4B19D5BFF997DCC1D6D27E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................I....@.............................I....0..(....@..pu...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...pu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_hr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.60451381822393
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:8psONeXz1J2zMB5qBL/bIYi6yNAPxh8E9VF0NyZjEb:Qsd5IL/kYi6yiPxWEX6
                                                                                                                                                                                                                          MD5:BBA3A0029E2C7A87A3C0CEE4E87D2575
                                                                                                                                                                                                                          SHA1:E325E0E210F8D1360D31BDEB3822838B63F61144
                                                                                                                                                                                                                          SHA-256:225B36D48A8391DEE8F5BF03DEDE1A7A785FE9EE723D31173922980FA9FBDC03
                                                                                                                                                                                                                          SHA-512:DE50029843E5AE018F65AD15F17A159BCC4308A0A02AE72BEFEB7CBE4593BCF8B6136A78D40F3D9829FF8A547AA0DC59E22123623E12CEDB216EC9AAA5115ACB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................s....@.............................I....0..(....@..@v...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...@v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_hu.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.634211400841873
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:N97U7oPX1C2TycfBwGFTbeSNp6931lBVZpOAy3FGVsSYi6yjDWPxWEX1F:N97U7e1C2TzpwGFTbnp6d1lBVZ8Ay3FL
                                                                                                                                                                                                                          MD5:03AF7CCCBE96406F9FE2160C767200A2
                                                                                                                                                                                                                          SHA1:BC3EEAE5C5DD2581629F5180EE88373377261EDB
                                                                                                                                                                                                                          SHA-256:445C3E49BD054A6D43CF74435DEF1D347BFE68720071BEFE1A949A647F0B61A2
                                                                                                                                                                                                                          SHA-512:FC2E736793D9895100B57A259F5C5E65A51BBC9DEF8CA661D34F5001582B4A52A07A5E66AB1AEDD767B366C90124FE034334BE4895596EBCF0470788585D7359
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................t.....@.............................I....0..(....@...v...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_id.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.582086896816898
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:WC3P5juSkAHqQ3lbZe2E9RyrUJrIYi6yz0Pxh8E9VF0NyZhEz:WkEARwaYi6yYPxWEXO
                                                                                                                                                                                                                          MD5:0D38FA0F9455D2F68DF65659473DD514
                                                                                                                                                                                                                          SHA1:4EE6784DBA18087846951D517032A52F53CEEE52
                                                                                                                                                                                                                          SHA-256:425C509C7F6310C4791CF44965F27783D2BF2FCBBBB91DC5BADDFA3BABF8DCA6
                                                                                                                                                                                                                          SHA-512:B61AE6C01241DC2E0C0FDF82418765D091D0436A8452BAD946536FB646BC84D74ED607F646E1890D8F026755CAC108289EDC7618BD0CA140A5D939C6E96E2AF5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ............................................@.............................I....0..(....@..8r...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...8r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_is.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.629080038197288
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:4M6iBA06DkU3QF5EefV35+Yi6yTAc/PxWE6cZZ:4M6iBA06DkU3ubfVo77NPxF
                                                                                                                                                                                                                          MD5:A533D11418F301BCF17469394DA295C1
                                                                                                                                                                                                                          SHA1:5D4AE33DB437B3CDF1E6951276295A8A007D8F86
                                                                                                                                                                                                                          SHA-256:1D67D474D375C10EBC9A6FA1C94F7455AD537C2AC9F238CA24918EDB388E0187
                                                                                                                                                                                                                          SHA-512:5A1F4B991B29283479FD24F3C966C472D3A90673EFFB5504B72237BF0D6E5CAF5BEFB4DE1F6C2D0025E1B57BDD33D7D60D2FF068AE77E36366DA3FA336343E68
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ .......................................T....@.............................I....0..(....@...s...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_it.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.576895481344007
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:dD1lrIn+sdB35IYi6yjsMzPxh8E9VF0NyYvRL:ftIn+m3uYi6yAMzPxWE6pL
                                                                                                                                                                                                                          MD5:C7FF0AD03D3B207DEE620141BB81B8E9
                                                                                                                                                                                                                          SHA1:AD0A4EE39AF1B0800BE4522C77CDFA1781755891
                                                                                                                                                                                                                          SHA-256:2FE0B0315C67DC54CFB5372BB968AA2C72B310FCE27F96C4EC81A060F0CC7CA6
                                                                                                                                                                                                                          SHA-512:F040EE31BE3D0EB3479C20723C9B36A5B07C1E44B6AD01849AF4BA771FB691254FC7CCAD0B0C8EE7ED75E6A03B4F20FA8D24E2A531054C7D12B9CF9F726AE547
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................?.....@.............................I....0..(....@..@z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...@z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_iw.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):41752
                                                                                                                                                                                                                          Entropy (8bit):4.804437784456202
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Rpxv7kdVe4DyCc53iKFIYi6yeXIPxh8E9VF0NyYrvkFa:H9SqyYi6y1PxWE6zk4
                                                                                                                                                                                                                          MD5:08F41413611656BA8ED9775F7B6BC1DD
                                                                                                                                                                                                                          SHA1:8526E5ED40059B798D4C6BDD7DB9A5EADB70552D
                                                                                                                                                                                                                          SHA-256:13AEC975CB276789021E4566994FDFBF50DA5481379D927B6D3FFC168D29EA85
                                                                                                                                                                                                                          SHA-512:C53DA672BD691CA5EA1C4A55A089020F149482FA50EC6AB657F1853615685EE84FABD1C79DEF995CE1F7F5022B62D7C01678B755A2934B7E0F5BD564A851B093
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........t......h........ ............................................@.............................I....0..(....@..(k...........z...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...(k...@...l..................@..@.reloc.. ............x..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ja.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):40728
                                                                                                                                                                                                                          Entropy (8bit):4.827744296736407
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:sGlGEXjOBWceUIYi6y7NPxh8E9VF0NybLD:tGETOBWcelYi6yRPxWEFn
                                                                                                                                                                                                                          MD5:1EF10961FDA02309F371069ADC566867
                                                                                                                                                                                                                          SHA1:D9E66B6A7748F34C53631B15F7991E02A53CC6F5
                                                                                                                                                                                                                          SHA-256:38DE19425E692EEF89C60032D30979A7E637FB189BE4A57C7006C01CEF17C375
                                                                                                                                                                                                                          SHA-512:0C136F56822DCC31EED9589A00DCA4818E1CCFBDA31F34B111564D21F78DC518AFFD289C71FE49C03D408AAC29B1264A9C14796AE90B5D82AC4788F26C1B9EEF
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........p......h........ ......................................(s....@.............................I....0..(....@...f...........v...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....f...@...h..................@..@.reloc.. ............t..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_kn.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.908661026016275
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:QZJDfWBBShIYi6yimpjPxh8E9VF0Nybugz:ODf2k2Yi6yzjPxWEF5
                                                                                                                                                                                                                          MD5:8F894D02D9F67C8772AA0973F3F671FD
                                                                                                                                                                                                                          SHA1:00DE35930695CB35BCE61ABEC54B08404AC89F0D
                                                                                                                                                                                                                          SHA-256:67EC1F62656C23778DCADAA7189959180E7513CB89A3F5489610804B441672A9
                                                                                                                                                                                                                          SHA-512:1FF95A91500575234E40BDBF6E9955F8E28C1F6AA0008D93CB397B2E6BB696E3ADF28AE6DF87F95102543E60C81AC5CFF070AFCFF6DC1DC09FD87E715F55A8A5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................R....@.............................I....0..(....@..@{...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...@{...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ko.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):39704
                                                                                                                                                                                                                          Entropy (8bit):4.880724677108415
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:PplRzd3IY+N1vZ0YoRHgA12slxB4xR0kTY1M5tkO3IYi6yYjGV1Pxh8E9VF0Nyb3:hlRVmAaPjv4Yi6yqGPPxWEF3
                                                                                                                                                                                                                          MD5:8A0F8959736813333246851A913808E3
                                                                                                                                                                                                                          SHA1:EB07825CD226FEFB4B5B9C010163091459DCC0DC
                                                                                                                                                                                                                          SHA-256:8CD95C91FD0154C8BC422B7A5923B1FF5FE98BDA9AE9FCACCAD16B745629CA69
                                                                                                                                                                                                                          SHA-512:625CDC0F4A3372A26A9A790F828F89A2DADDC1D9AF44D147E6A7F5F444C7B5A8A0BBCBBF734ACBD21C01E30CEE73383C89968DB0A836AD3EC4E4E6436B29402F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........l......h........ .......................................(....@.............................I....0..(....@...c...........r...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....c...@...d..................@..@.reloc.. ............p..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_lt.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.622895215899392
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:3Xc3nc9eHz03T0R8C923FQIYi6ylSbPxh8E9VF0NyK0FW0:HSckHz03T0R8C92Yi6yuPxWEIN0
                                                                                                                                                                                                                          MD5:ACCDB0606FB0F8170AAC4C8C38268EE7
                                                                                                                                                                                                                          SHA1:91FD807D1AD07CB7F88085D7B029A825BA58A880
                                                                                                                                                                                                                          SHA-256:31A5062DF59BE2A68D064BE3C84FF9B61E5CF67E6E1ED8953326A0E330013316
                                                                                                                                                                                                                          SHA-512:45FCF67061F5C343E769D090612FCB35C3C4D671B317F6A2ABC86C2B2CFF59ED79E87DC4DD4D90B0E5BC35438A54C2F437B19163B58B00D4AFE96351AB085FA0
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ .......................................N....@.............................I....0..(....@...r...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_lv.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.652443029242609
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:APY5yQOea2ebIYi6yTeg4Pxh8E9VF0NyK2S:emCkYi6yp4PxWEIH
                                                                                                                                                                                                                          MD5:1E19438C998571F705BF53CCBCFAD437
                                                                                                                                                                                                                          SHA1:C0A45E4FDCDFF0CE807C797736DE128C5DA2F114
                                                                                                                                                                                                                          SHA-256:652D32F8C1166C26218F4C735373C037F750904996630AD55DAF1E216F2D1F0F
                                                                                                                                                                                                                          SHA-512:B541042B37B4BB543BF5AEFDA66D2C4110F288B78B251124364F72D99A24A240C64EFDB1F218092A9F27BB78661AFD93B688C97B716E2DA72660D2FB51838BEA
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................R*....@.............................I....0..(....@...w...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ml.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):47384
                                                                                                                                                                                                                          Entropy (8bit):4.8783143880201845
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:ltgMfBJvfZigR8/JLvIYi6yNN/KJPxh8E9VF0NyK68:9roJLQYi6yPsPxWEIB
                                                                                                                                                                                                                          MD5:571250F94A32A48E75A8D706334F6864
                                                                                                                                                                                                                          SHA1:6DE00CF2431C24A512DD6644C5A66A8D1A9AE6E9
                                                                                                                                                                                                                          SHA-256:8624CAF8E3BEE406383C117EE46D827E0F1A3B8F3CB7F7134F6315461DCDB18A
                                                                                                                                                                                                                          SHA-512:B1E577E6B6BAA16DDD6CDA4C643AABE5D7C085BF7C03A065EB5F6A842D59F4E7BF8DEE989265EA68254C1F25544A07F0158460991722F255738DD3A9F93B052C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................N....@.............................I....0..(....@..H................)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...H....@......................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_mr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.8496881134355165
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:lIsCrdCT73y7OiAEMfIYi6yJRwgCPxh8E9VF0NyVd0:pC5CT73y7DTrYi6yczPxWELq
                                                                                                                                                                                                                          MD5:C481BF590070431252657C878D10998C
                                                                                                                                                                                                                          SHA1:D92F435FD487478CA7DACA09AFBB9BB6D276BE92
                                                                                                                                                                                                                          SHA-256:26E695817DCB78468E674E4C8939EC942A852BC4F877BF9E6A3C28AC96D1677A
                                                                                                                                                                                                                          SHA-512:98A26FCEA4501519CD15AC261298B486D293ACD484E126A76C4EC7015907B8485395B163E5A2687D0EF7536E4239873B0AAACDEDCD53E5823C53911F606922F9
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................l.....@.............................I....0..(....@..(y...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...(y...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ms.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.590975822839844
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:lzGovVFCrRLtUv6odpayK/YjfZ/fbMwTRlRElIYi6yM6Pxh8E9VF0NyVhV:dxhf3TFfYi6yZPxWELP
                                                                                                                                                                                                                          MD5:48084EE97EB61770DF2F5FF01CBEE0DC
                                                                                                                                                                                                                          SHA1:3E0F7E9B23759180BE0DCD70E976AF5EEB7D4D38
                                                                                                                                                                                                                          SHA-256:17E2AE76C7E6C185F51D93A6E031B82445730BF941B5109910EC6915BF78DAFB
                                                                                                                                                                                                                          SHA-512:B0620305ABDFE1AFC2B8BF7138D74AAB99E9B98BB648A185DF9BE7DEDA17B09753CCB03A5F8D1E29B98400A2A8E41D0732A45BE5A57072BC18297567FAA73FD5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ............................................@.............................I....0..(....@..0s...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...0s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_nl.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                                                          Entropy (8bit):4.58455886453974
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:luLoTcrh3Ne1hIYi6y7f6Pxh8E9VF0NyV5D:2og/eEYi6ymPxWEL9
                                                                                                                                                                                                                          MD5:D05F9C041CF607B26A1B7E31FF83D496
                                                                                                                                                                                                                          SHA1:49EF8C77557CD6F31597F76A8049D5B8A3798149
                                                                                                                                                                                                                          SHA-256:3C99288CF6E5EB23CDC0ABEF3EC0FD0D209BD7972133F8DC180A341BDB381591
                                                                                                                                                                                                                          SHA-512:89F0A4E13390B089A9CCE28830E058A4D7DFC186ACAC7CED254B74D9B0EC1F8C40FBFDD9ABAF7B4E86CFFF0FBE51C9408EDCB24D5CBB4B2EF1D38ECA298B2919
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................mq....@.............................I....0..(....@..(x...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...(x...@...z..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_no.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.608238070049028
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Rzi5JZSiyCSiylyVqeAYiTv4yywQf6IYi6ywCwfPxh8E9VF0NyUe+:RbyVmYGAyBQfYi6yPcPxWEOh
                                                                                                                                                                                                                          MD5:6D12E0728FCB675AC92F88B678E710CD
                                                                                                                                                                                                                          SHA1:612BF8D27FB19244E98348BCEFCBD705151F1861
                                                                                                                                                                                                                          SHA-256:3D935AB10A1BE22E275BCAF303C6E10672595545DC53D83D502B35616531B353
                                                                                                                                                                                                                          SHA-512:18E68D92ECB4A8DCC542B72C39DFBFA3D6438C0BA04FC8427271AB041FD9AE265DE55E3C967A130399F1EEA3DE7F0976CC2325EC1F2F093F65CA5438DCB43384
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................|....@.............................I....0..(....@..hu...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...hu...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_pl.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.650238754966078
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:Bj+n7KZHWCE1UuGp6hUIYi6ySt4fPPxh8E9VF0NyUgYpKo9:N8yLEGUrYi6y/fPPxWEOJKo9
                                                                                                                                                                                                                          MD5:F391A11212A29A212214699CA3C30ED5
                                                                                                                                                                                                                          SHA1:83FCC8ADD2333A2E7163DE1D38FA1FF62F0A6373
                                                                                                                                                                                                                          SHA-256:E9C8365AAFB2CA0C8090995AED82FE105B88139CA0CF77F7FBA83D3BFD8C9D78
                                                                                                                                                                                                                          SHA-512:94A2A3AB2C90A80E8A1B0AA2558737AC1C880A785B38B12FBB93F2C2CF73FE573D413A582D7573E9392595642B56A789339215DFF8C4DCA977AD1F63ED398654
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................-.....@.............................I....0..(....@.. w...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc... w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_pt-BR.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.612711318856317
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:aj4hcxr/vX8lIYi6y4aPxh8E9VF0NyUaIj:MWmsSYi6ypPxWEOP
                                                                                                                                                                                                                          MD5:97DF57FDAEFD9C539758E276468BF33C
                                                                                                                                                                                                                          SHA1:466ECEF60CA1CD972094050FDC4059645C874CD9
                                                                                                                                                                                                                          SHA-256:6B1C63FB3615A13AA566CED25ABAF1E128CE5A9E9D6162EE009EF59574B8EEEB
                                                                                                                                                                                                                          SHA-512:1BD2B656031F7BF9AEE499A9DA9724E683BFE3EF45E8CDEB5418D2F23E7054E3C7A187EAFFFF0D02AA07A2B264BF5AB4AF82954A5465B5F2C2C995C00CADD96F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................L....0..(....@...u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_pt-PT.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.61394491647438
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:eeOLqst7KKEx+1GGBitIYi6yecCPxh8E9VF0NyUgR:eHTwxMGWvYi6y0PxWEOw
                                                                                                                                                                                                                          MD5:4E3DAADB94D67728EB3CEC220CAC46E3
                                                                                                                                                                                                                          SHA1:3C9529E6448B4EA88D9B9DEAFC9625AB11B6FEB5
                                                                                                                                                                                                                          SHA-256:662DAFFBB94E976E25DBC8231FC1E5F4F59941317200EAAB3222496B3605D80F
                                                                                                                                                                                                                          SHA-512:73805CD9425697F5FDE6AE1B582A2E9F64BEA515B36DA96E65DF903261012F7DA86025C4C11C4B166F066B2E4B3B9FEAD56FD33894AFE43403C28A7B3E265472
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ .......................................z....@.............................L....0..(....@...u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ro.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.623157202718964
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:dt/CRNND67qGGQdVqbrI1naEpuYi6yxPxWEJ3:dtjdVqPMaD75PxD
                                                                                                                                                                                                                          MD5:62FF57D9AB77311574A72B62EF85A8A4
                                                                                                                                                                                                                          SHA1:6FB7F38D1D68534541015BE2DBB9ACD716A0E87F
                                                                                                                                                                                                                          SHA-256:D8BFA6315C2EE18D5D1734D4AD4700C3CE7C23B8E0740A136FE0CA9A3FC9F3C0
                                                                                                                                                                                                                          SHA-512:AEEEFFFF267AFB67878843C68A204A7B64DF9AA7A7769739D495EDF5BB70B89F51980073EA2573FC76C02E388025415B62B540F30DEE400F7DD9500379EC7A5F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ .......................................V....@.............................I....0..(....@...w...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....w...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ru.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.813508731590378
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:vLU1FA4ZUvHlzo4d2yIYi6yVfPxh8E9VF0Nynn8rb:4+vHufYi6yZPxWEJs
                                                                                                                                                                                                                          MD5:3F4F808D45DCC1B5103264518A733A32
                                                                                                                                                                                                                          SHA1:945EB6C696D9933CDAEB3C5F4229A9B940DD0D0D
                                                                                                                                                                                                                          SHA-256:8E614E2763D290B08C9B4D05D1F6D7E66490DFE2D33D8B35C43126EE3E71B2EE
                                                                                                                                                                                                                          SHA-512:39A46DD2862B737EE96ED65F55996CE9A17D31C3B90B794F6F00BC3162EFBA60E32CE7ADC003E0D03A44E572064B03BFA047FEBB59E9E2E8CECAC56E3B5DA39C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ............................................@.............................I....0..(....@...r...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....r...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sk.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.641674498049339
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:tVkHUqha1iR6wLTOBIYi6yEpAWXPxh8E9VF0NynL+Z2:Lk0gxRDTYi6yaAWXPxWEJys
                                                                                                                                                                                                                          MD5:F86B22E5301E31E059FB5A505C01EA8F
                                                                                                                                                                                                                          SHA1:138E4A765122BB9AA34BD6BDB1CE3E5043A29CCC
                                                                                                                                                                                                                          SHA-256:D19B647149C2259918C63DF91C97C6FDDEA6A5D42C6AD491D6B74D4032061BDF
                                                                                                                                                                                                                          SHA-512:D9B025CC813EF6464A4BAF767478134AFB393EA18EB4734C4849D4B39226840D6A929A855D4A84560C243F12A1625A399DB99854A5D879E4658B97BE08672B25
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ...........................................@.............................I....0..(....@...t...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sl.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44824
                                                                                                                                                                                                                          Entropy (8bit):4.599080620997685
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:zPhTvshVyiWQZpdpWBdd1imIXousEIYi6ySOCePxh8E9VF0NynmVZX:TzrQZpO14Zs1Yi6yZPxWEJEZX
                                                                                                                                                                                                                          MD5:BBD912F98AE91A8EE2CD7B13BB5F33E7
                                                                                                                                                                                                                          SHA1:8641CFCE8F088FFFF9ED247DDB07B8CAB30F4031
                                                                                                                                                                                                                          SHA-256:065886E6A5EDC11E681E5A587AE1736C5BCE4365CD9742FC13EB3B76D7FC8419
                                                                                                                                                                                                                          SHA-512:A70FCABA41375AADD59BA5C95B7F71BE62D626E5387B9E47FC2CC804339B1A900855FA8E812EE8FB721CA0DB84D90AEB36BBCDE87D8A38754A73A4BB56865C3C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................I....0..(....@...v...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....v...@...x..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.8148046027403035
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:fbwExgxLUjYFotG9SIYi6yPNPxh8E9VF0NynsV:Tw9UjO4GFYi6ylPxWEJg
                                                                                                                                                                                                                          MD5:D2D55CEEEE9BD3586636734B0CA75FF9
                                                                                                                                                                                                                          SHA1:C37D88F83B5F1DD131A92112CEA6C94D85BAFDA2
                                                                                                                                                                                                                          SHA-256:347A476F5EF633DDD0C0C7DD42983E170509B1AA29B598C7F9AE6E530BF4DFA4
                                                                                                                                                                                                                          SHA-512:1059C86E74D7A7F9E8DE191E2D79F161170135150080752293950127B469B33BB51418D9C8E589F5D88BA27B98E7A64EAFD64C8830D4D10A94FFCFBBB1578E42
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@..8u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...8u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sv.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.614017574533736
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:pCBxa77CEhEPIYi6yD0pePxh8E9VF0Ny2uy5k:gBxaCEhEwYi6yYMPxWEc95k
                                                                                                                                                                                                                          MD5:9B2256F83EA52D2594CF4A5A2298D3A5
                                                                                                                                                                                                                          SHA1:C3F9490237D89EFF6721CA4E017143643BDAC96A
                                                                                                                                                                                                                          SHA-256:5B747C342479111586D76D33A6709A82305FE65658D4D9251A8E115C54373E9E
                                                                                                                                                                                                                          SHA-512:8F2287E0BC314E3F10341399EA5F10C185BEA0984CE57B85DBA64B3D94265BB9333EEBFB514172CA084466A048ED0AD840C5FA3FCB83314A8CC73DC306B00F0A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@...u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_sw.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.64450126869808
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:aNtgicgiN7upv4MZzKIYi6y/aFOtPxh8E9VF0Ny2uqK4:WtQx72v4MZrYi6yCmPxWEcpK4
                                                                                                                                                                                                                          MD5:10895B69F3A262849B740CF22F0AD7C4
                                                                                                                                                                                                                          SHA1:DFCEE47D3B8D6FBA3F49EBCA69BD651077F72822
                                                                                                                                                                                                                          SHA-256:E18139D09C62D3B5DE2D52D606D5963D99FA73FE71251DB2767B7E4D65AB94B0
                                                                                                                                                                                                                          SHA-512:46A19AFA519B45FABDAE36432C195D48444558CD5C8D2B7C1687F7109D65A5B7EFE016EF5F277D2F1299A7655CE09FCA901F16E8A01AB2BA605D4A71DE82B967
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................."....@.............................I....0..(....@...z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ta.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):46360
                                                                                                                                                                                                                          Entropy (8bit):4.8965201701122085
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:C4Gw8Y51ZLmE4r2+IYi6yuc1Pxh8E9VF0Ny2OZ6:HGvY51ZLmE4r2TYi6y71PxWEcQ6
                                                                                                                                                                                                                          MD5:9C6147CFCFAA7C4B95A5A0B73DB434E0
                                                                                                                                                                                                                          SHA1:15E9CCC76929365DD7029D0F2BA436AB346015B9
                                                                                                                                                                                                                          SHA-256:D87854A260E69358D4D72861B1134038F56675EDA53AF3022BFCF02A761879E7
                                                                                                                                                                                                                          SHA-512:4FA7F80CA0139452C3D8626EB5012804A8AF3AB8E1CB300E7F37B59D6B5922EE3C57233979B7EF1430788B1AAECFDCAFF1FB380DECCE4463FBECC4F44CB8A79C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ............................................@.............................I....0..(....@...|...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....|...@...~..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_te.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):45848
                                                                                                                                                                                                                          Entropy (8bit):4.851623372946808
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:0UAjjo45Z49fN1XnSVIYi6yRoVPxh8E9VF0Ny2Wo:cjjV5yFXXnXYi6yaPxWEcT
                                                                                                                                                                                                                          MD5:3BA8E2E974CE0CC32BC2DBFBEAD2174A
                                                                                                                                                                                                                          SHA1:8CB88FED511484EE79B30CBCF71FFC3E3D0888AD
                                                                                                                                                                                                                          SHA-256:39BB0535BBEBEE9048F720EB618080927D07503EE6AF7A4D29439E34E87E129D
                                                                                                                                                                                                                          SHA-512:BC827ED3D83D68CDD539BF0842A0279BDED14E12E68805DD776F9F37DB63A2C634853DE26F31262797CD32051E82ACFD339E94C06E92079D40D09CA28C7DDD02
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!................h........ ......................................Q.....@.............................I....0..(....@..8z...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...8z...@...|..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_th.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43288
                                                                                                                                                                                                                          Entropy (8bit):4.845506523025811
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:XNW6rrGsMKt8hetngIYi6yf2Pxh8E9VF0Ny2UW4T:g6rrGszt8hetnpYi6y+PxWEcf4T
                                                                                                                                                                                                                          MD5:30B60FA1197030F2F1C7753FB69E806F
                                                                                                                                                                                                                          SHA1:64DB38B38B02BC3BA53C5571DE7202E4075058D8
                                                                                                                                                                                                                          SHA-256:4AB2A0AD4E421264598EB33DFCF4F2315A51224E9F508D55363F45FB0540A1A5
                                                                                                                                                                                                                          SHA-512:DC1B28031D39E855E2E79C6B51E5A3C093CECAE416E93FE50B0A3632A3A11540EE3C6E698EF3AD7F17D54B7D8B1C26E54A228047568B80233B2170308B49B987
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........z......h........ ......................................r6....@.............................I....0..(....@...p...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....p...@...r..................@..@.reloc.. ............~..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_tr.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.656919832110724
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:768:8jXp9FRqnk6qXQEdmvgNPTEw+G9Ahrxe+BzQSX9Yi6yIPxWEcGD3:sXtA6hdmvATEwSxrQK97QPx9
                                                                                                                                                                                                                          MD5:115B36C9702C985348A3F1E18F2F8519
                                                                                                                                                                                                                          SHA1:7F69C1AF5657271DD1A631402C8F0B3A29E7AC02
                                                                                                                                                                                                                          SHA-256:F44032D867A13AD2D7858EBB47B4FD9E73244563F3131C8D5F04B7D3F453BF11
                                                                                                                                                                                                                          SHA-512:0D0CB5BC29033BFEC15CA436E80E9DA6584C6379B0AA427E5BF1D4E2D7034BED51489E6FC03DBD4E11094363F4151CE78BE42FB36E5A4B21F5EA76DE1D7B3183
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@...u...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....u...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_uk.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.816921084129834
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:gFAqwKgHxyC2secvVJE/GfumIYi6yN72Pxh8E9VF0NyxRD:xqwVu7Yi6yB2PxWEPx
                                                                                                                                                                                                                          MD5:9C1219D3C56BE9102BDC06557A2867A8
                                                                                                                                                                                                                          SHA1:589CF7461BB3E0098D92EB44C5AA63EDBADF66E1
                                                                                                                                                                                                                          SHA-256:7598182C0DEC3E8AFB21F2D3E77A1B92E6A3ACD18C68FFA4601B79142159F89E
                                                                                                                                                                                                                          SHA-512:D078BD445551544C05040EB54463B0CFE2B65D0AB042A7B65127B97A0F3A0FB8EDC9475F5ED384147BA644B3822CC75A6A1FA881C607DEA1D15264DE1C3936CD
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ......................................b.....@.............................I....0..(....@...t...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_ur.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):44312
                                                                                                                                                                                                                          Entropy (8bit):4.801006021470219
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:7hwhq9zmAco2u9keeZyYGiEIYi6yGuFPxh8E9VF0Nyx9XkZl:7Ohq9zmAco2AkeesYnYi6yZFPxWEP6P
                                                                                                                                                                                                                          MD5:4253754E567D430E4EE6D0530F16EA26
                                                                                                                                                                                                                          SHA1:CF224B4C59D8C535C987C54A4CE6A6FFA66131FF
                                                                                                                                                                                                                          SHA-256:BB38B7F9486BCF5DBC639523C2D30FB950294897A032AB33BD69658B6C375B42
                                                                                                                                                                                                                          SHA-512:91E9DD02192C30BD57B67B833F9EDEBE0192EB4C93CA0DE8D19DF4E6E44E3061030272CDB467220C288DB81CD18A6E12A21B02C35FAA0D22088F7F9713C12B8E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........~......h........ ............................................@.............................I....0..(....@..0t...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...0t...@...v..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_vi.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):43800
                                                                                                                                                                                                                          Entropy (8bit):4.71606919536003
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:/QAxXlJnc3IYi6yrfNUPxh8E9VF0Nyx8KdW4:YAxX3c4Yi6yOPxWEP8+W4
                                                                                                                                                                                                                          MD5:DBF34144608D85A43F7DDB116816D542
                                                                                                                                                                                                                          SHA1:4B4E01E223B3FD6208937471CA034C13E412DF67
                                                                                                                                                                                                                          SHA-256:49D8836991438F030965C691F78C7B86CA28090A72B22998ADF54571E484F751
                                                                                                                                                                                                                          SHA-512:F87E28B49744F0320F32D4B1A88DB4AA75627CE9FC9FBB1F49F1A300D73D1A1BC52DF7219B6FC18E9B6CC0F44CA4115A27CF31D1CF00746DE70CA59156A8A257
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........|......h........ ......................................R.....@.............................I....0..(....@..0s...............)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...0s...@...t..................@..@.reloc.. ...........................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_zh-CN.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):38168
                                                                                                                                                                                                                          Entropy (8bit):4.78057562926328
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:z435s9AoByKIYi6yFsPxh8E9VF0NyxZtO:0QAoBuYi6y+PxWEP+
                                                                                                                                                                                                                          MD5:27262CE0670BB0404BCF0EDD46F6A8B9
                                                                                                                                                                                                                          SHA1:5E213D9740317BBB8FED04EAA538C342567770F3
                                                                                                                                                                                                                          SHA-256:87A3956E1E71F3A71BDF65472F7D4DB3871B5AAE16BBEE89766EB1B05F8D6F0C
                                                                                                                                                                                                                          SHA-512:9D77DA34F5D1BF0475AA08E04A9C65162A0909F160D652F9964CDF02E82D326021C6323886F959114ED289C0D985D29B7CCC9A0B13CF17E969223D62D3E22233
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........f......h........ ............................................@.............................L....0..(....@...\...........l...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc....\...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\goopdateres_zh-TW.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):38168
                                                                                                                                                                                                                          Entropy (8bit):4.7941068085405
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:4e5dd29GxrIYi6y+0UATPxh8E9VF0Nyxe/:42ddxUYi6yvdPxWEPm
                                                                                                                                                                                                                          MD5:84788884CD1EB1CF6B8A54F2321D8263
                                                                                                                                                                                                                          SHA1:A4DBAD8AC6A407010A460F9E597BA8F7A811D9E4
                                                                                                                                                                                                                          SHA-256:B070B63F0CDD17E974DC1408C74178A93A4E7A6F68CF2B1DCFA5643699D8BE12
                                                                                                                                                                                                                          SHA-512:EC57AF66941C31C50A214403B40FFC578C55214E764D91B7D5A5B2CE1CB4EBFD25DCB9F673DA97279A63CD45000FCD57E440EE44AF935E76CF19688DC7B53DF7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Q..|?..|?..|?.m.;..|?...>..|?..|>..|?...6..|?...?..|?......|?...=..|?.Rich.|?.........PE..L.....d...........!.........f......h........ ......................................*.....@.............................L....0..(....@..0]...........l...)...... .......T...........................h...@............0...............................text............................... ..`.data...$.... ......................@....idata..f....0......................@..@.rsrc...0]...@...^..................@..@.reloc.. ............j..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\psmachine.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):278808
                                                                                                                                                                                                                          Entropy (8bit):6.535825539703751
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:CpIyzjJAe5mgGbjcJ6oKUf6dPpmAOQVguMxtwQ7H0X/mwHtaC:CpnXJAe5mpjcJ69nPpm6VguM7wRv/taC
                                                                                                                                                                                                                          MD5:BA80FA8244AB66BAFAB7DAD90DEED0A2
                                                                                                                                                                                                                          SHA1:07FB59CF24AD8E764321AE25E792EE22AD9152CC
                                                                                                                                                                                                                          SHA-256:BFD3CD97BB461F81847A3F1869BFDF14CA290EC1A89476FC25215809EEEE0A25
                                                                                                                                                                                                                          SHA-512:9ACCCFA2432B1614915F245FBC6B017D664297BDDD950407923D7E40ED56A18EEC10C645CBC488F375B74B1E7D3884989E4C4C80E0B82B27B754659FFEBDD13E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F..O..............................#...............9.........................v...1...v.......v.........i.....v.......Rich............PE..L.....d...........!.....*...................P...............................p...........@..........................r.......r...........h...............)...@...-...b..T............................b..@............P..h............................text....'.......(.................. ..`.orpc...c....@.......,.............. ..`.rdata...6...P...6..................@..@.data...85...........d..............@....rsrc....h.......j..................@..@.reloc...-...@......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\psmachine_64.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):355608
                                                                                                                                                                                                                          Entropy (8bit):6.162510247878532
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:36tZH+wSATioVOG31+aOEyxTE+d9woh9bL8HKRwCV0X/mw8s:qPBSATioVR31+2yvDwoz8Uwrvks
                                                                                                                                                                                                                          MD5:1E54DB6716CA3151FAB88FC59488A48A
                                                                                                                                                                                                                          SHA1:A4731B2CFB3ED43924E024EC54D697330B0501CF
                                                                                                                                                                                                                          SHA-256:68419E93A522212E5452F853FC9AFBF77181B3CF572E541F956D26209954A47D
                                                                                                                                                                                                                          SHA-512:30204C2472880EAE5FE0D52C415201935E2B23192FECA809C42A1CA1A2130455B3BFD4D7BCEE4B04C37F47D5F17AE2C68CAD52F5EF8C76EA8C8BC3E7BACF8684
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3z.?w..lw..lw..l.i.m...l.i.m{..l.q.mW..l.q.m~..l.q.mK..l.i.m`..l.i.ml..lw..l...l.p.mD..l.p.mv..l.p8lv..lw.Plv..l.p.mv..lRichw..l........................PE..d.....d.........." .................9..............................................x.....`......................................... ^.......^.......P...h.......$...D...)......$....8..T............................9...............................................text............................... ..`.orpc...$........................... ..`.rdata..V...........................@..@.data...|P.......*...X..............@....pdata...$.......&..................@..@_RDATA..............................@..@.gxfg...0.... ......................@..@.gehcont.....@......................@..@.rsrc....h...P...j..................@..@.reloc..$............,..............@..B........................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\psuser.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):278808
                                                                                                                                                                                                                          Entropy (8bit):6.535609072667348
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:CPIyzjJAe5mgGbjcJ6oKUf6dPpmAOXYglXtwQ7H0X/mwHtay:CPnXJAe5mpjcJ69nPpmNYgldwRv/tay
                                                                                                                                                                                                                          MD5:C5973AE258AD5CFE60817E0BBFACCB06
                                                                                                                                                                                                                          SHA1:B644D01D635F5AA2ACAC85D2C2912533A9DD866B
                                                                                                                                                                                                                          SHA-256:AA49DEAC49A1C8392D56631ABC2960BAB264C8BD541155C51FF3FDDD09879AB8
                                                                                                                                                                                                                          SHA-512:4625B8A8937F63062427A624DCE9211C348995739254487E533EB845FACAE53D956F851E3B7573EC69265294B0F1AFC2E20E440D574A10174FA85A1BC6482F9E
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F..O..............................#...............9.........................v...1...v.......v.........i.....v.......Rich............PE..L.....d...........!.....*...................P...............................p......].....@..........................r.......r...........h...............)...@...-...b..T............................b..@............P..h............................text....'.......(.................. ..`.orpc...c....@.......,.............. ..`.rdata...6...P...6..................@..@.data...85...........d..............@....rsrc....h.......j..................@..@.reloc...-...@......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUM72CD.tmp\psuser_64.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):355608
                                                                                                                                                                                                                          Entropy (8bit):6.162165353226854
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:3UtZ3uwSATioVOG31+aOEyxTE+d9Eoh0b+8hwRwCns0X/mws:E/RSATioVR31+2yvDEoT8gwSJvk
                                                                                                                                                                                                                          MD5:018A1568E6B953427D393159A39C3778
                                                                                                                                                                                                                          SHA1:6FB6731DD730895762A8DB5F7C4AE01BDC280A68
                                                                                                                                                                                                                          SHA-256:F8CE6AE6C271B808DF14612F47A9A7EAE6F9B4A699E835ADFC2182FD197B3A97
                                                                                                                                                                                                                          SHA-512:606E532CF1443C9C9A685E83F62B205164C36F451A10D50BE9D0E083CFC36FC764CEDB51FA7AADD85B8696C963C525C840412BC64F3EA92F948ED80DA9663261
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......3z.?w..lw..lw..l.i.m...l.i.m{..l.q.mW..l.q.m~..l.q.mK..l.i.m`..l.i.ml..lw..l...l.p.mD..l.p.mv..l.p8lv..lw.Plv..l.p.mv..lRichw..l........................PE..d.....d.........." .................9..............................................k.....`..........................................^.......^.......P...h.......$...D...)......$....8..T............................9...............................................text............................... ..`.orpc...$........................... ..`.rdata..F...........................@..@.data...|P.......*...X..............@....pdata...$.......&..................@..@_RDATA..............................@..@.gxfg...0.... ......................@..@.gehcont.....@......................@..@.rsrc....h...P...j..................@..@.reloc..$............,..............@..B........................................................

                                                                                                                                                                                                                          C:\Windows\SystemTemp\GUT72CE.tmp

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          File Type:POSIX tar archive (GNU)
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):7270400
                                                                                                                                                                                                                          Entropy (8bit):6.34842792092482
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:98304:dKklDfgFc03si+k9UKFlAX3mRgb9o3pn/J6VprjGv+Pn/J6VpBjG8RocqxmRMC:rQc++k9SGEeUj81jLzCC
                                                                                                                                                                                                                          MD5:86649FB061CFA1952CFABAFAC364ABCF
                                                                                                                                                                                                                          SHA1:0B89CEC279C289E08A40A72EF92367CCE6626DA6
                                                                                                                                                                                                                          SHA-256:EC2F937D82AC3B926DFF90EC28B9AE957D3CBB589DC640CCC21F9916F853D0BA
                                                                                                                                                                                                                          SHA-512:9D24E17D4D04B872D05707C182AB9DE92301B7C0A99E157CF3E49C0F6BC0B13AB8896A41E52170C42811271CC36852B362B7CFE4DAD83C32FFBEB6E6CC163F57
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:GoogleUpdate.exe....................................................................................0000777.0000000.0000000.00000474430.14455371072.012321. 0....................................................................................................ustar .................................................................0000000.0000000........................................................................................................................................................................MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\..U....U.....U..W..U.Rich..U.........PE..L...9.d.................D..........Ru.......`....@.......................................@.................................P...x....... ............P...)..........p[..T............................[..@...............L...........

                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Entropy (8bit):7.554794082012679
                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 98.10%
                                                                                                                                                                                                                          • FAR TC.Packer PlugIn (80032/5) 0.78%
                                                                                                                                                                                                                          • Total Commander Content plugin (63002/1) 0.62%
                                                                                                                                                                                                                          • Total Commander File system extension (plugin) (45002/1) 0.44%
                                                                                                                                                                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                          File name:ChromeSetup.exe
                                                                                                                                                                                                                          File size:4'105'360 bytes
                                                                                                                                                                                                                          MD5:e12d23b0fa3fd2aed82724816801c318
                                                                                                                                                                                                                          SHA1:f5ce6a49b8ca36a01dcb75ff0283e9efb2b08cc4
                                                                                                                                                                                                                          SHA256:5e2a29bd0301b9ca2aeb7df5eddd8f06a841ba5089179ce22d42bb9338c77e87
                                                                                                                                                                                                                          SHA512:29e58b8de2a7bddc73101a10246ac082f86630f5049e122bf759e27f5ace7c3418b8086cf7cc1abf0f332d44cbdde8768dcb3a65004f8b95235cd744ea263198
                                                                                                                                                                                                                          SSDEEP:49152:dsvQpN/DLvkApnVpSXOa+TBeZy5ZQoNeJGl0IjL3uHQ82g0B2RVGLwT3a1U+4X1:dsveLvJoy5Z1NMLy+wXgD+LwTl3F
                                                                                                                                                                                                                          TLSH:1816CF13B385547BC06A0A3D5D37D294983F77292AE69E477FF04C4C8E26182BA3F646
                                                                                                                                                                                                                          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                          Icon Hash:90cececece8e8eb0

                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Entrypoint:0x59de78
                                                                                                                                                                                                                          Entrypoint Section:.itext
                                                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                          DLL Characteristics:
                                                                                                                                                                                                                          Time Stamp:0x4F263F2C [Mon Jan 30 06:56:44 2012 UTC]
                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                          Import Hash:ca494b2a3b050bda80495a1e9294696e

                                                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                                                          Signature Valid:false
                                                                                                                                                                                                                          Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                                                          Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                                                          Error Number:-2146869232
                                                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                                                          • 14/10/2021 20:45:14 13/10/2022 20:45:14
                                                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                                                          • CN=.NET, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                                                                                          Version:3
                                                                                                                                                                                                                          Thumbprint MD5:1DE46BB0371D8175F9E3FB7D789119A0
                                                                                                                                                                                                                          Thumbprint SHA-1:921263EA40B2C7592E8CC1C1A4EF66E64D511674
                                                                                                                                                                                                                          Thumbprint SHA-256:0017277A17B7385B5BC6B70125CA32272AE79B963C42342A6B42461CD2679146
                                                                                                                                                                                                                          Serial:330000028D7E47C3827E051A2A00000000028D

                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                          add esp, FFFFFFF0h
                                                                                                                                                                                                                          mov eax, 0059455Ch
                                                                                                                                                                                                                          call 00007F4CC91FB029h
                                                                                                                                                                                                                          mov eax, dword ptr [005A1E08h]
                                                                                                                                                                                                                          mov eax, dword ptr [eax]
                                                                                                                                                                                                                          call 00007F4CC93481E5h
                                                                                                                                                                                                                          mov eax, dword ptr [005A1E08h]
                                                                                                                                                                                                                          mov eax, dword ptr [eax]
                                                                                                                                                                                                                          xor edx, edx
                                                                                                                                                                                                                          call 00007F4CC9349DD3h
                                                                                                                                                                                                                          mov eax, dword ptr [005A1E08h]
                                                                                                                                                                                                                          mov eax, dword ptr [eax]
                                                                                                                                                                                                                          mov byte ptr [eax+5Fh], 00000000h
                                                                                                                                                                                                                          call 00007F4CC938355Fh
                                                                                                                                                                                                                          test al, al
                                                                                                                                                                                                                          je 00007F4CC938D7FCh
                                                                                                                                                                                                                          mov ecx, dword ptr [005A1F08h]
                                                                                                                                                                                                                          mov eax, dword ptr [005A1E08h]
                                                                                                                                                                                                                          mov eax, dword ptr [eax]
                                                                                                                                                                                                                          mov edx, dword ptr [00594374h]
                                                                                                                                                                                                                          call 00007F4CC93481C3h
                                                                                                                                                                                                                          jmp 00007F4CC938D7FAh
                                                                                                                                                                                                                          mov ecx, dword ptr [005A1E00h]
                                                                                                                                                                                                                          mov eax, dword ptr [005A1E08h]
                                                                                                                                                                                                                          mov eax, dword ptr [eax]
                                                                                                                                                                                                                          mov edx, dword ptr [00594198h]
                                                                                                                                                                                                                          call 00007F4CC93481A9h
                                                                                                                                                                                                                          mov eax, dword ptr [005A1E08h]
                                                                                                                                                                                                                          mov eax, dword ptr [eax]
                                                                                                                                                                                                                          call 00007F4CC9348301h
                                                                                                                                                                                                                          call 00007F4CC91F6DCCh
                                                                                                                                                                                                                          lea eax, dword ptr [eax+00h]
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                          add byte ptr [eax], al

                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1a90000x3f16.idata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1d70000x21ac6e.rsrc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x3e7c000x2890.rsrc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1b00000x26d08.reloc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x1af0000x18.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x1a9bcc0x988.idata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x1ad0000x92a.didata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                          .text0x10000x19ad140x19ae00bdab3f0335e6e30f132b7bdaa9a12d88False0.38407813926072404data6.418457718495592IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .itext0x19c0000x1efc0x20006376a477a7ec81067d6d3503292d90f7False0.512451171875data6.023828753331759IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .data0x19e0000x40780x4200fd8b77cb5bf0219b1a33d55299a4719eFalse0.39098011363636365data4.56728939870693IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .bss0x1a30000x575c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .idata0x1a90000x3f160x40001036b324d39d1fde763b17bd245637adFalse0.3045654296875data5.219259315037432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .didata0x1ad0000x92a0xa0028d09d44680172f53a9fb57f7c725bbbFalse0.33828125data4.034543531328089IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .tls0x1ae0000x7c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                          .rdata0x1af0000x180x2006fd510ffdb2d2551c3cb3960845f7af4False0.79296875data5.784334709237282IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .reloc0x1b00000x26d080x26e00e644b863868047ebb128cd6b077ef0c7False0.5472078476688103data6.696843205352435IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .rsrc0x1d70000x21ac6e0x21ae00e046fb6f5fb393b556dfc5c0e04dc2c0unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                          RRP0x1d79400x20d3ddPNG image data, 884 x 884, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9862232208251953
                                                                                                                                                                                                                          TYPELIB0x3e4d200x7d64data0.33130841121495325
                                                                                                                                                                                                                          RT_CURSOR0x3eca840x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                                                                                          RT_CURSOR0x3ecbb80x134dataEnglishUnited States0.4642857142857143
                                                                                                                                                                                                                          RT_CURSOR0x3eccec0x134dataEnglishUnited States0.4805194805194805
                                                                                                                                                                                                                          RT_CURSOR0x3ece200x134dataEnglishUnited States0.38311688311688313
                                                                                                                                                                                                                          RT_CURSOR0x3ecf540x134dataEnglishUnited States0.36038961038961037
                                                                                                                                                                                                                          RT_CURSOR0x3ed0880x134dataEnglishUnited States0.4090909090909091
                                                                                                                                                                                                                          RT_CURSOR0x3ed1bc0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                                                                                                                          RT_STRING0x3ed2f00x2b0data0.40843023255813954
                                                                                                                                                                                                                          RT_STRING0x3ed5a00x440data0.35202205882352944
                                                                                                                                                                                                                          RT_STRING0x3ed9e00x3bcStarOffice Gallery theme l, 1845522176 objects, 1st M0.4320083682008368
                                                                                                                                                                                                                          RT_STRING0x3edd9c0xa0data0.7125
                                                                                                                                                                                                                          RT_STRING0x3ede3c0xe4data0.6359649122807017
                                                                                                                                                                                                                          RT_STRING0x3edf200x330data0.4411764705882353
                                                                                                                                                                                                                          RT_STRING0x3ee2500x408data0.3817829457364341
                                                                                                                                                                                                                          RT_STRING0x3ee6580x480data0.3177083333333333
                                                                                                                                                                                                                          RT_STRING0x3eead80x328data0.3849009900990099
                                                                                                                                                                                                                          RT_STRING0x3eee000x3bcdata0.399581589958159
                                                                                                                                                                                                                          RT_STRING0x3ef1bc0x3bcdata0.38389121338912136
                                                                                                                                                                                                                          RT_STRING0x3ef5780x3b4data0.35443037974683544
                                                                                                                                                                                                                          RT_STRING0x3ef92c0x3e4data0.3795180722891566
                                                                                                                                                                                                                          RT_STRING0x3efd100xf4data0.5491803278688525
                                                                                                                                                                                                                          RT_STRING0x3efe040xc4data0.6275510204081632
                                                                                                                                                                                                                          RT_STRING0x3efec80x260data0.5016447368421053
                                                                                                                                                                                                                          RT_STRING0x3f01280x3c8data0.3181818181818182
                                                                                                                                                                                                                          RT_STRING0x3f04f00x338data0.42961165048543687
                                                                                                                                                                                                                          RT_STRING0x3f08280x2d0data0.4236111111111111
                                                                                                                                                                                                                          RT_RCDATA0x3f0af80x10data1.5
                                                                                                                                                                                                                          RT_RCDATA0x3f0b080x8f0data0.5034965034965035
                                                                                                                                                                                                                          RT_RCDATA0x3f13f80x2dataEnglishUnited States5.0
                                                                                                                                                                                                                          RT_RCDATA0x3f13fc0xedDelphi compiled form 'TC4ShellHost'0.8143459915611815
                                                                                                                                                                                                                          RT_RCDATA0x3f14ec0xe9Delphi compiled form 'TTOTAL_CMD'0.8283261802575107
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3f15d80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3f15ec0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3f16000x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3f16140x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3f16280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3f163c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                          RT_GROUP_CURSOR0x3f16500x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                          RT_VERSION0x3f16640x340dataEnglishUnited States0.44711538461538464
                                                                                                                                                                                                                          RT_MANIFEST0x3f19a40x2caXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5028011204481793

                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                          oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                                                                                                          advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                                                                                                                                                                                                          user32.dllMessageBoxA, CharNextW, LoadStringW
                                                                                                                                                                                                                          kernel32.dllSleep, VirtualFree, VirtualAlloc, lstrlenW, lstrcpynW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, GetStdHandle, CloseHandle
                                                                                                                                                                                                                          kernel32.dllGetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
                                                                                                                                                                                                                          user32.dllSetClassLongW, GetClassLongW, SetWindowLongW, GetWindowLongW, CreateWindowExW, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetCapture, SetActiveWindow, SendMessageTimeoutW, SendMessageA, SendMessageW, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PtInRect, PostThreadMessageW, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, OffsetRect, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsClipboardFormatAvailable, IsChild, IsCharUpperW, IsCharLowerW, IsCharAlphaNumericW, IsCharAlphaW, InvalidateRect, InsertMenuItemW, InsertMenuW, InflateRect, HideCaret, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EndMenu, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, CopyImage, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BringWindowToTop, BeginPaint, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                                                                                                          gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExcludeClipRect, EnumFontFamiliesExW, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, Chord, BitBlt, ArcTo, Arc, AngleArc
                                                                                                                                                                                                                          version.dllVerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
                                                                                                                                                                                                                          kernel32.dllWriteProcessMemory, WriteFile, WriteConsoleInputA, WriteConsoleInputW, WriteConsoleA, WriteConsoleW, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SystemTimeToFileTime, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetStdHandle, SetLastError, SetFilePointer, SetFileAttributesW, SetEvent, SetErrorMode, SetEndOfFile, SetConsoleWindowInfo, SetConsoleTitleA, SetConsoleTitleW, SetConsoleScreenBufferSize, SetConsoleOutputCP, SetConsoleMode, SetConsoleCursorPosition, SetConsoleCtrlHandler, SetConsoleCP, ScrollConsoleScreenBufferA, ScrollConsoleScreenBufferW, ResumeThread, ResetEvent, RemoveDirectoryW, ReadFile, ReadConsoleInputA, ReadConsoleInputW, ReadConsoleA, ReadConsoleW, PeekConsoleInputA, PeekConsoleInputW, MulDiv, MoveFileExW, LockResource, LocalFree, LoadResource, LoadLibraryExW, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetTickCount, GetThreadPriority, GetThreadLocale, GetTempPathW, GetSystemInfo, GetStdHandle, GetShortPathNameW, GetProcAddress, GetNumberOfConsoleInputEvents, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetLargestConsoleWindowSize, GetFullPathNameW, GetFileInformationByHandle, GetFileAttributesW, GetExitCodeThread, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetConsoleTitleA, GetConsoleTitleW, GetConsoleScreenBufferInfo, GetConsoleOutputCP, GetConsoleMode, GetConsoleCursorInfo, GetConsoleCP, GetComputerNameW, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FlushInstructionCache, FlushConsoleInputBuffer, FindResourceW, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, ExpandEnvironmentStringsW, EnumSystemLocalesW, EnumCalendarInfoW, EnterCriticalSection, DeviceIoControl, DeleteFileW, DeleteCriticalSection, CreateThread, CreateFileA, CreateFileW, CreateEventW, CreateDirectoryW, CompareStringA, CompareStringW, CloseHandle
                                                                                                                                                                                                                          advapi32.dllRegSetValueExW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegCloseKey, LookupAccountSidW, IsValidSid, GetSecurityDescriptorOwner, GetFileSecurityW
                                                                                                                                                                                                                          kernel32.dllSleep
                                                                                                                                                                                                                          ole32.dllCoCreateGuid
                                                                                                                                                                                                                          oleaut32.dllSafeArrayPtrOfIndex, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                                                                                                                                                                                                          oleaut32.dllCreateErrorInfo, GetErrorInfo, SetErrorInfo, GetActiveObject, RevokeActiveObject, RegisterActiveObject, DispGetIDsOfNames, RegisterTypeLib, LoadTypeLibEx, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayDestroy, SafeArrayCreateVector, SysFreeString
                                                                                                                                                                                                                          ole32.dllReleaseStgMedium, OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateGuid, ProgIDFromCLSID, StringFromCLSID, CoCreateInstance, CoLockObjectExternal, CoDisconnectObject, CoRevokeClassObject, CoRegisterClassObject, CoUninitialize, CoInitialize, IsEqualGUID
                                                                                                                                                                                                                          comctl32.dllInitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                                                                                                                          user32.dllEnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromWindow
                                                                                                                                                                                                                          shell32.dllShell_NotifyIconW, DragQueryFileW
                                                                                                                                                                                                                          shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHGetDesktopFolder
                                                                                                                                                                                                                          ntdll.dllRtlGetVersion
                                                                                                                                                                                                                          kernel32.dllGetFileSizeEx
                                                                                                                                                                                                                          ntdll.dllRtlGetVersion
                                                                                                                                                                                                                          ntdll.dllRtlGetVersion
                                                                                                                                                                                                                          ntdll.dllRtlGetVersion
                                                                                                                                                                                                                          ntdll.dllRtlGetVersion
                                                                                                                                                                                                                          Advapi32.dllConvertSidToStringSidW
                                                                                                                                                                                                                          shlwapi.dllStrCmpNIW, StrCmpIW
                                                                                                                                                                                                                          kernel32.dllGetConsoleWindow

                                                                                                                                                                                                                          Version Infos

                                                                                                                                                                                                                          DescriptionData
                                                                                                                                                                                                                          CompanyNameDec Software
                                                                                                                                                                                                                          FileDescriptionTC4Shell 32 bit host
                                                                                                                                                                                                                          FileVersion1.2.0.0
                                                                                                                                                                                                                          InternalNameTC4ShellHost.32.exe
                                                                                                                                                                                                                          LegalCopyrightCopyright (c) 2014-2018 Dec Software
                                                                                                                                                                                                                          LegalTrademarksTC4Shell
                                                                                                                                                                                                                          OriginalFilenameTC4ShellHost.32.exe
                                                                                                                                                                                                                          ProductNameTC4Shell
                                                                                                                                                                                                                          ProductVersion1.2
                                                                                                                                                                                                                          Translation0x0409 0x04e4

                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                          2025-04-15T19:22:57.817870+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.164969576.76.21.21443TCP
                                                                                                                                                                                                                          2025-04-15T19:22:58.469216+02002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.164969676.76.21.21443TCP

                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.542027950 CEST49695443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.542069912 CEST4434969576.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.542196035 CEST49695443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.544142008 CEST49695443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.544154882 CEST4434969576.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.817708015 CEST4434969576.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.817869902 CEST49695443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.823692083 CEST49695443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.823704958 CEST4434969576.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.824007034 CEST4434969576.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.864837885 CEST49695443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.883861065 CEST49695443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.928277016 CEST4434969576.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.079770088 CEST4434969576.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.079933882 CEST4434969576.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.080010891 CEST49695443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.081079006 CEST49695443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.081099033 CEST4434969576.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.217490911 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.217531919 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.217612028 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.218080044 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.218094110 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.469130993 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.469216108 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.470588923 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.470594883 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.470916033 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.473517895 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.520265102 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.776611090 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.776750088 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.776838064 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.776849985 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.776866913 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.776887894 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.776902914 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.776935101 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.776940107 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.776952028 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.776988983 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.776993990 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.777015924 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.777031898 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.777036905 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.777065992 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.777076960 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.777095079 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.777100086 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.777122974 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.830961943 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883331060 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883407116 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883462906 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883522987 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883528948 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883548021 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883567095 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883569002 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883600950 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883610964 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883632898 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883639097 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883661032 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883692980 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883723974 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883765936 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883796930 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883804083 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883831024 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883918047 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883944035 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883984089 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.883990049 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.884011030 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.884308100 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.930315971 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.930397987 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990125895 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990168095 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990272999 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990303993 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990333080 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990345955 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990349054 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990364075 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990389109 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990405083 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990439892 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990446091 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990494967 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990603924 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990624905 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990669012 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990673065 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990712881 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990725040 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990947962 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.990967989 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991003990 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991008043 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991039038 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991056919 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991202116 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991224051 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991275072 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991278887 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991311073 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991328955 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991492033 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991513014 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991544008 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991548061 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991575003 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991591930 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991775990 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991795063 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991826057 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991832018 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991861105 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.991875887 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.992095947 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.992142916 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.992176056 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.992180109 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.992203951 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.992222071 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.994092941 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098009109 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098041058 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098195076 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098195076 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098213911 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098262072 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098434925 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098453999 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098490000 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098495007 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098521948 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098541021 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098685026 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098711967 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098740101 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098745108 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098773003 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098824978 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098967075 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.098988056 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099019051 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099023104 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099047899 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099056005 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099072933 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099078894 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099092960 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099106073 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099154949 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099157095 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099167109 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099204063 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099208117 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099236012 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099241018 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099266052 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099282980 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099395037 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099416018 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099447012 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099451065 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099474907 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099484921 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099490881 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099494934 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099525928 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099545002 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099551916 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099565983 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099587917 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099666119 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099688053 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099720001 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099724054 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099745989 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099760056 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099796057 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099816084 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099845886 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099850893 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099875927 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.099895000 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100012064 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100347996 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100370884 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100414038 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100419044 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100445032 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100455046 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100456953 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100467920 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100492954 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100509882 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100513935 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100541115 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100554943 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100555897 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100574970 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100593090 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100600004 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100624084 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100627899 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100652933 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100660086 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100673914 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100692987 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100697041 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100718975 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100732088 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100744009 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100749016 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100761890 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100768089 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100812912 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100816965 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100837946 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100863934 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100877047 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100883007 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100908041 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100930929 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.100969076 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.102612972 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.114001036 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.114012003 CEST4434969676.76.21.21192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.114037991 CEST49696443192.168.2.1676.76.21.21
                                                                                                                                                                                                                          Apr 15, 2025 19:22:59.114042997 CEST4434969676.76.21.21192.168.2.16

                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.426570892 CEST5497253192.168.2.161.1.1.1
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.535082102 CEST53549721.1.1.1192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.082693100 CEST6423753192.168.2.161.1.1.1
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.216224909 CEST53642371.1.1.1192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:23:22.251543045 CEST5753153192.168.2.161.1.1.1
                                                                                                                                                                                                                          Apr 15, 2025 19:23:22.375969887 CEST53575311.1.1.1192.168.2.16
                                                                                                                                                                                                                          Apr 15, 2025 19:23:22.429022074 CEST6415153192.168.2.161.1.1.1
                                                                                                                                                                                                                          Apr 15, 2025 19:23:22.551109076 CEST53641511.1.1.1192.168.2.16

                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.426570892 CEST192.168.2.161.1.1.10x4404Standard query (0)metmuseum.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.082693100 CEST192.168.2.161.1.1.10xf1ebStandard query (0)www.metmuseum.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 15, 2025 19:23:22.251543045 CEST192.168.2.161.1.1.10xa63cStandard query (0)clausegerfild.funA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 15, 2025 19:23:22.429022074 CEST192.168.2.161.1.1.10x47d4Standard query (0)superyupp.funA (IP address)IN (0x0001)false

                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                          Apr 15, 2025 19:22:57.535082102 CEST1.1.1.1192.168.2.160x4404No error (0)metmuseum.org76.76.21.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 15, 2025 19:22:58.216224909 CEST1.1.1.1192.168.2.160xf1ebNo error (0)www.metmuseum.org76.76.21.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 15, 2025 19:23:22.375969887 CEST1.1.1.1192.168.2.160xa63cName error (3)clausegerfild.funnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                          Apr 15, 2025 19:23:22.551109076 CEST1.1.1.1192.168.2.160x47d4Name error (3)superyupp.funnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                          • metmuseum.org
                                                                                                                                                                                                                          • www.metmuseum.org

                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          0192.168.2.164969576.76.21.214436104C:\Users\user\Desktop\ChromeSetup.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-04-15 17:22:57 UTC63OUTGET / HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Host: metmuseum.org
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC391INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                                          Cache-Control: public, max-age=0, must-revalidate
                                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                                          Date: Tue, 15 Apr 2025 17:22:58 GMT
                                                                                                                                                                                                                          Location: https://www.metmuseum.org/
                                                                                                                                                                                                                          Refresh: 0;url=https://www.metmuseum.org/
                                                                                                                                                                                                                          Server: Vercel
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=63072000
                                                                                                                                                                                                                          X-Vercel-Id: iad1::5vfjx-1744737778010-52a029f72f38
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC20INData Raw: 66 0d 0a 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: fRedirecting...
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                          1192.168.2.164969676.76.21.214436104C:\Users\user\Desktop\ChromeSetup.exe
                                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC67OUTGET / HTTP/1.1
                                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                                          Host: www.metmuseum.org
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC916INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Age: 13
                                                                                                                                                                                                                          Cache-Control: public, max-age=0, must-revalidate
                                                                                                                                                                                                                          Content-Length: 487197
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Date: Tue, 15 Apr 2025 17:22:44 GMT
                                                                                                                                                                                                                          Etag: "13stqsyt9claful"
                                                                                                                                                                                                                          Link: <https://www.metmuseum.org/>; rel="alternate"; hreflang="en", <https://www.metmuseum.org/es>; rel="alternate"; hreflang="es", <https://www.metmuseum.org/pt>; rel="alternate"; hreflang="pt", <https://www.metmuseum.org/fr>; rel="alternate"; hreflang="fr", <https://www.metmuseum.org/it>; rel="alternate"; hreflang="it", <https://www.metmuseum.org/de>; rel="alternate"; hreflang="de", <https://www.metmuseum.org/ja>; rel="alternate"; hreflang="ja", <https://www.metmuseum.org/ko>; rel="alternate"; hreflang="ko", <https://www.metmuseum.org/zh>; rel="alternate"; hreflang="zh", <https://www.metmuseum.org/ru>; rel="alternate"; hreflang="ru", <https://www.metmuseum.org/>; rel="alternate"; hreflang="x-default"
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC717INData Raw: 50 65 72 6d 69 73 73 69 6f 6e 73 2d 50 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 73 65 6c 66 29 2c 20 63 61 6d 65 72 61 3d 28 29 2c 20 66 75 6c 6c 73 63 72 65 65 6e 3d 28 73 65 6c 66 20 22 68 74 74 70 73 3a 2f 2f 70 6c 61 79 65 72 2e 63 6e 65 76 69 64 73 2e 63 6f 6d 22 20 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 22 29 2c 20 67 65 6f 6c 6f 63 61 74 69 6f 6e 3d 28 29 2c 20 67 79 72 6f 73 63 6f 70 65 3d 28 29 2c 20 69 6e 74 65 72 65 73 74 2d 63 6f 68 6f 72 74 3d 28 29 2c 20 6d 61 67 6e 65 74 6f 6d 65 74 65 72 3d 28 29 2c 20 6d 69 63 72 6f 70 68 6f 6e 65 3d 28 29 2c 20 70 61 79 6d 65 6e 74 3d 28 29 2c 20 73 79 6e 63 2d 78 68 72 3d 28 73 65 6c 66 20 22 68 74 74 70 73
                                                                                                                                                                                                                          Data Ascii: Permissions-Policy: accelerometer=(), autoplay=(self), camera=(), fullscreen=(self "https://player.cnevids.com" "https://www.youtube.com"), geolocation=(), gyroscope=(), interest-cohort=(), magnetometer=(), microphone=(), payment=(), sync-xhr=(self "https
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC3558INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 63 6c 61 73 73 3d 22 0a 09 09 09 09 5f 5f 76 61 72 69 61 62 6c 65 5f 33 36 32 64 39 64 0a 09 09 09 09 5f 5f 76 61 72 69 61 62 6c 65 5f 62 66 65 64 36 65 0a 09 09 09 09 5f 5f 76 61 72 69 61 62 6c 65 5f 35 36 64 31 30 61 0a 09 09 09 09 5f 5f 76 61 72 69 61 62 6c 65 5f 31 34 31 31 65 31 0a 09 09 09 09 5f 5f 76 61 72 69 61 62 6c 65 5f 66 37 35 63 38 62 0a 09 09 09 09 5f 5f 76 61 72 69 61 62 6c 65 5f 37 35 64 35 37 66 22 20 64 61 74 61 2d 73 65 6e 74 72 79 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 52 6f 6f 74 4c 61 79 6f 75 74 22 20 64 61 74 61 2d 73 65 6e 74 72 79 2d 73 6f 75 72 63 65 2d 66 69 6c 65 3d 22 6c 61 79 6f 75 74 2e 74 73 78 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61
                                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html lang="en" class="__variable_362d9d__variable_bfed6e__variable_56d10a__variable_1411e1__variable_f75c8b__variable_75d57f" data-sentry-component="RootLayout" data-sentry-source-file="layout.tsx"><head><meta
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC4744INData Raw: 75 6e 6b 73 2f 37 33 30 33 2d 30 39 63 61 38 62 35 33 62 62 33 35 31 30 62 66 2e 6a 73 22 20 61 73 79 6e 63 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 61 70 70 2f 25 35 42 6c 6f 63 61 6c 65 25 35 44 2f 28 6e 61 76 69 67 61 74 69 6f 6e 29 2f 70 61 67 65 2d 66 36 32 36 34 37 37 63 31 37 37 36 31 32 31 63 2e 6a 73 22 20 61 73 79 6e 63 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 61 70 70 2f 25 35 42 6c 6f 63 61 6c 65 25 35 44 2f 65 72 72 6f 72 2d 62 39 37 33 65 32 36 39 33 63 36 61 36 63 36 38 2e 6a 73 22 20 61 73 79 6e 63 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c
                                                                                                                                                                                                                          Data Ascii: unks/7303-09ca8b53bb3510bf.js" async=""></script><script src="/_next/static/chunks/app/%5Blocale%5D/(navigation)/page-f626477c1776121c.js" async=""></script><script src="/_next/static/chunks/app/%5Blocale%5D/error-b973e2693c6a6c68.js" async=""></script><l
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC5930INData Raw: 30 20 30 20 30 2d 32 2e 32 31 2d 2e 34 68 2d 31 2e 33 36 56 33 30 68 31 2e 32 34 61 34 20 34 20 30 20 30 20 30 20 2e 35 37 2d 2e 31 33 33 20 32 2e 38 33 20 32 2e 38 33 20 30 20 30 20 30 20 31 2e 32 32 2d 2e 37 38 38 20 33 2e 32 20 33 2e 32 20 30 20 30 20 30 20 2e 36 38 2d 31 2e 33 33 39 20 37 2e 36 20 37 2e 36 20 30 20 30 20 30 20 2e 32 31 2d 31 2e 39 30 39 68 2e 32 39 4c 32 34 20 33 34 2e 39 34 37 68 2d 2e 32 39 61 35 2e 38 33 20 35 2e 38 33 20 30 20 30 20 30 2d 31 2e 36 32 2d 33 2e 32 32 38 41 33 2e 38 20 33 2e 38 20 30 20 30 20 30 20 32 30 2e 38 34 20 33 31 68 2d 32 2e 31 32 76 38 2e 34 33 68 32 2e 31 39 61 35 2e 31 35 20 35 2e 31 35 20 30 20 30 20 30 20 32 2e 31 37 2d 2e 34 35 36 20 36 2e 35 20 36 2e 35 20 30 20 30 20 30 20 31 2e 37 39 2d 31 2e 32 31
                                                                                                                                                                                                                          Data Ascii: 0 0 0-2.21-.4h-1.36V30h1.24a4 4 0 0 0 .57-.133 2.83 2.83 0 0 0 1.22-.788 3.2 3.2 0 0 0 .68-1.339 7.6 7.6 0 0 0 .21-1.909h.29L24 34.947h-.29a5.83 5.83 0 0 0-1.62-3.228A3.8 3.8 0 0 0 20.84 31h-2.12v8.43h2.19a5.15 5.15 0 0 0 2.17-.456 6.5 6.5 0 0 0 1.79-1.21
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC7116INData Raw: 69 6e 6b 2d 73 75 62 22 20 64 61 74 61 2d 73 65 6e 74 72 79 2d 65 6c 65 6d 65 6e 74 3d 22 4c 69 6e 6b 22 20 64 61 74 61 2d 73 65 6e 74 72 79 2d 73 6f 75 72 63 65 2d 66 69 6c 65 3d 22 69 6e 64 65 78 2e 6a 73 78 22 20 68 72 65 66 3d 22 2f 70 6c 61 6e 2d 79 6f 75 72 2d 76 69 73 69 74 2f 67 72 6f 75 70 2d 76 69 73 69 74 73 22 3e 47 72 6f 75 70 20 56 69 73 69 74 73 3c 2f 61 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 2f 64 69 76 3e 3c 2f 6c 69 3e 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6d 61 69 6e 5f 5f 70 72 69 6d 61 72 79 2d 69 74 65 6d 20 22 20 64 61 74 61 2d 73 65 6e 74 72 79 2d 63 6f 6d 70 6f 6e 65 6e 74 3d 22 4e 61 76 49 74 65 6d 22 20 64 61 74 61 2d 73 65 6e 74 72 79 2d 73 6f 75 72 63 65 2d 66 69 6c 65 3d 22 69 6e 64 65 78 2e 6a 73 78 22 3e 3c 61 20 68 72
                                                                                                                                                                                                                          Data Ascii: ink-sub" data-sentry-element="Link" data-sentry-source-file="index.jsx" href="/plan-your-visit/group-visits">Group Visits</a></li></ul></div></li><li class="nav-main__primary-item " data-sentry-component="NavItem" data-sentry-source-file="index.jsx"><a hr
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC8302INData Raw: 31 30 31 31 2c 31 30 37 34 26 61 6d 70 3b 77 3d 37 35 30 26 61 6d 70 3b 71 3d 37 35 26 61 6d 70 3b 61 75 74 6f 3d 66 6f 72 6d 61 74 20 37 35 30 77 2c 20 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 73 61 6e 69 74 79 2e 69 6f 2f 69 6d 61 67 65 73 2f 63 63 74 64 34 6b 65 72 2f 70 72 6f 64 75 63 74 69 6f 6e 2f 63 34 37 64 36 38 66 62 65 62 32 61 63 31 64 66 31 63 39 37 30 36 35 66 63 34 63 39 35 37 36 33 31 34 31 31 34 61 63 32 2d 32 31 30 30 78 31 31 35 30 2e 6a 70 67 3f 72 65 63 74 3d 35 33 39 2c 33 36 2c 31 30 31 31 2c 31 30 37 34 26 61 6d 70 3b 77 3d 38 32 38 26 61 6d 70 3b 71 3d 37 35 26 61 6d 70 3b 61 75 74 6f 3d 66 6f 72 6d 61 74 20 38 32 38 77 2c 20 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 73 61 6e 69 74 79 2e 69 6f 2f 69 6d 61 67 65 73 2f 63 63 74 64 34 6b 65 72
                                                                                                                                                                                                                          Data Ascii: 1011,1074&amp;w=750&amp;q=75&amp;auto=format 750w, https://cdn.sanity.io/images/cctd4ker/production/c47d68fbeb2ac1df1c97065fc4c9576314114ac2-2100x1150.jpg?rect=539,36,1011,1074&amp;w=828&amp;q=75&amp;auto=format 828w, https://cdn.sanity.io/images/cctd4ker
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC3118INData Raw: 61 67 65 73 2f 63 63 74 64 34 6b 65 72 2f 70 72 6f 64 75 63 74 69 6f 6e 2f 31 30 33 32 30 30 38 65 61 33 35 34 62 37 30 33 63 30 31 61 64 61 32 35 37 34 35 66 37 62 36 32 33 66 34 32 31 33 32 39 2d 35 31 32 30 78 32 38 38 30 2e 6a 70 67 3f 77 3d 32 30 34 38 26 61 6d 70 3b 71 3d 37 35 26 61 6d 70 3b 66 69 74 3d 63 6c 69 70 26 61 6d 70 3b 61 75 74 6f 3d 66 6f 72 6d 61 74 20 32 30 34 38 77 2c 20 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 73 61 6e 69 74 79 2e 69 6f 2f 69 6d 61 67 65 73 2f 63 63 74 64 34 6b 65 72 2f 70 72 6f 64 75 63 74 69 6f 6e 2f 31 30 33 32 30 30 38 65 61 33 35 34 62 37 30 33 63 30 31 61 64 61 32 35 37 34 35 66 37 62 36 32 33 66 34 32 31 33 32 39 2d 35 31 32 30 78 32 38 38 30 2e 6a 70 67 3f 77 3d 33 38 34 30 26 61 6d 70 3b 71 3d 37 35 26 61 6d 70
                                                                                                                                                                                                                          Data Ascii: ages/cctd4ker/production/1032008ea354b703c01ada25745f7b623f421329-5120x2880.jpg?w=2048&amp;q=75&amp;fit=clip&amp;auto=format 2048w, https://cdn.sanity.io/images/cctd4ker/production/1032008ea354b703c01ada25745f7b623f421329-5120x2880.jpg?w=3840&amp;q=75&amp
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC10674INData Raw: 32 38 62 65 66 30 31 30 39 39 39 64 66 63 30 66 37 36 61 31 35 30 63 2d 35 31 32 30 78 32 38 38 30 2e 6a 70 67 3f 77 3d 33 38 34 30 26 61 6d 70 3b 71 3d 37 35 26 61 6d 70 3b 66 69 74 3d 63 6c 69 70 26 61 6d 70 3b 61 75 74 6f 3d 66 6f 72 6d 61 74 22 2f 3e 3c 2f 66 69 67 75 72 65 3e 3c 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 78 68 69 62 69 74 69 6f 6e 2d 63 61 72 64 5f 74 69 74 6c 65 5f 5f 63 5a 76 6d 4d 22 20 72 6f 6c 65 3d 22 68 65 61 64 69 6e 67 22 20 61 72 69 61 2d 6c 65 76 65 6c 3d 22 32 22 3e 3c 61 20 68 72 65 66 3d 22 2f 65 78 68 69 62 69 74 69 6f 6e 73 2f 6d 6f 6e 73 74 72 6f 75 73 2d 62 65 61 75 74 79 2d 61 2d 66 65 6d 69 6e 69 73 74 2d 72 65 76 69 73 69 6f 6e 2d 6f 66 2d 63 68 69 6e 6f 69 73 65 72 69 65 22 3e 3c 73 70 61 6e 20 64 61 74
                                                                                                                                                                                                                          Data Ascii: 28bef010999dfc0f76a150c-5120x2880.jpg?w=3840&amp;q=75&amp;fit=clip&amp;auto=format"/></figure><div><div class="exhibition-card_title__cZvmM" role="heading" aria-level="2"><a href="/exhibitions/monstrous-beauty-a-feminist-revision-of-chinoiserie"><span dat
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC11860INData Raw: 3f 77 3d 31 30 38 30 26 61 6d 70 3b 71 3d 37 35 26 61 6d 70 3b 66 69 74 3d 63 6c 69 70 26 61 6d 70 3b 61 75 74 6f 3d 66 6f 72 6d 61 74 20 31 30 38 30 77 2c 20 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 73 61 6e 69 74 79 2e 69 6f 2f 69 6d 61 67 65 73 2f 63 63 74 64 34 6b 65 72 2f 70 72 6f 64 75 63 74 69 6f 6e 2f 34 65 38 34 38 31 65 31 38 35 38 38 39 30 35 39 32 31 39 35 31 34 33 30 38 65 33 31 37 34 31 37 32 30 65 64 33 38 30 36 2d 35 31 32 30 78 32 38 38 30 2e 6a 70 67 3f 77 3d 31 32 30 30 26 61 6d 70 3b 71 3d 37 35 26 61 6d 70 3b 66 69 74 3d 63 6c 69 70 26 61 6d 70 3b 61 75 74 6f 3d 66 6f 72 6d 61 74 20 31 32 30 30 77 2c 20 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 73 61 6e 69 74 79 2e 69 6f 2f 69 6d 61 67 65 73 2f 63 63 74 64 34 6b 65 72 2f 70 72 6f 64 75 63 74 69
                                                                                                                                                                                                                          Data Ascii: ?w=1080&amp;q=75&amp;fit=clip&amp;auto=format 1080w, https://cdn.sanity.io/images/cctd4ker/production/4e8481e185889059219514308e31741720ed3806-5120x2880.jpg?w=1200&amp;q=75&amp;fit=clip&amp;auto=format 1200w, https://cdn.sanity.io/images/cctd4ker/producti
                                                                                                                                                                                                                          2025-04-15 17:22:58 UTC10234INData Raw: 63 63 74 64 34 6b 65 72 2f 70 72 6f 64 75 63 74 69 6f 6e 2f 64 38 61 63 36 65 35 30 63 64 34 36 66 34 32 35 37 63 35 31 35 61 37 30 66 39 39 35 36 32 64 61 39 31 37 34 39 62 62 64 2d 35 31 32 30 78 32 38 38 30 2e 70 6e 67 3f 77 3d 31 39 32 30 26 61 6d 70 3b 71 3d 37 35 26 61 6d 70 3b 66 69 74 3d 63 6c 69 70 26 61 6d 70 3b 61 75 74 6f 3d 66 6f 72 6d 61 74 20 31 39 32 30 77 2c 20 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 73 61 6e 69 74 79 2e 69 6f 2f 69 6d 61 67 65 73 2f 63 63 74 64 34 6b 65 72 2f 70 72 6f 64 75 63 74 69 6f 6e 2f 64 38 61 63 36 65 35 30 63 64 34 36 66 34 32 35 37 63 35 31 35 61 37 30 66 39 39 35 36 32 64 61 39 31 37 34 39 62 62 64 2d 35 31 32 30 78 32 38 38 30 2e 70 6e 67 3f 77 3d 32 30 34 38 26 61 6d 70 3b 71 3d 37 35 26 61 6d 70 3b 66 69 74 3d
                                                                                                                                                                                                                          Data Ascii: cctd4ker/production/d8ac6e50cd46f4257c515a70f99562da91749bbd-5120x2880.png?w=1920&amp;q=75&amp;fit=clip&amp;auto=format 1920w, https://cdn.sanity.io/images/cctd4ker/production/d8ac6e50cd46f4257c515a70f99562da91749bbd-5120x2880.png?w=2048&amp;q=75&amp;fit=


                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                          Start time:13:22:56
                                                                                                                                                                                                                          Start date:15/04/2025
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\ChromeSetup.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\ChromeSetup.exe"
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          File size:4'105'360 bytes
                                                                                                                                                                                                                          MD5 hash:E12D23B0FA3FD2AED82724816801C318
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.1094091585.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000002.1122058157.000000000351E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                          Start time:13:22:58
                                                                                                                                                                                                                          Start date:15/04/2025
                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Roaming\wscinterop\VMFHNEGFWPKUHWHRD\ChromeSetup.exe
                                                                                                                                                                                                                          Imagebase:0x120000
                                                                                                                                                                                                                          File size:1'372'712 bytes
                                                                                                                                                                                                                          MD5 hash:5F0299E8AA87A9C4AC70ED9F7DC8BB69
                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                          Start time:13:22:58
                                                                                                                                                                                                                          Start date:15/04/2025
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                          Imagebase:0xdf0000
                                                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                          • Rule: JoeSecurity_LummaCStealer, Description: Yara detected LummaC Stealer, Source: 00000002.00000002.1308002183.0000000000A70000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                          Start time:13:22:58
                                                                                                                                                                                                                          Start date:15/04/2025
                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                          Imagebase:0x7ff6aa7d0000
                                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                          Start time:13:23:00
                                                                                                                                                                                                                          Start date:15/04/2025
                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={0DB1F154-AF62-7BF8-09B7-0F97CFA8FE66}&lang=en&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
                                                                                                                                                                                                                          Imagebase:0xf80000
                                                                                                                                                                                                                          File size:162'072 bytes
                                                                                                                                                                                                                          MD5 hash:047FDBAE45C6D08B606BF3E8CEEFB4C5
                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                          Start time:13:23:01
                                                                                                                                                                                                                          Start date:15/04/2025
                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\GUM6678.tmp\GoogleUpdateSetup.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={0DB1F154-AF62-7BF8-09B7-0F97CFA8FE66}&lang=en&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installelevated /nomitag
                                                                                                                                                                                                                          Imagebase:0x3f0000
                                                                                                                                                                                                                          File size:1'372'712 bytes
                                                                                                                                                                                                                          MD5 hash:5F0299E8AA87A9C4AC70ED9F7DC8BB69
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                                                          Start time:13:23:02
                                                                                                                                                                                                                          Start date:15/04/2025
                                                                                                                                                                                                                          Path:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:C:\Windows\SystemTemp\GUM72CD.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={0DB1F154-AF62-7BF8-09B7-0F97CFA8FE66}&lang=en&browser=4&usagestats=0&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" /installelevated
                                                                                                                                                                                                                          Imagebase:0xc0000
                                                                                                                                                                                                                          File size:162'072 bytes
                                                                                                                                                                                                                          MD5 hash:047FDBAE45C6D08B606BF3E8CEEFB4C5
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                          Start time:13:23:12
                                                                                                                                                                                                                          Start date:15/04/2025
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                          Imagebase:0x5a0000
                                                                                                                                                                                                                          File size:4'514'184 bytes
                                                                                                                                                                                                                          MD5 hash:DD6597597673F72E10C9DE7901FBA0A8
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                                          Start time:13:23:14
                                                                                                                                                                                                                          Start date:15/04/2025
                                                                                                                                                                                                                          Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                          Imagebase:0x7ff7b7350000
                                                                                                                                                                                                                          File size:71'680 bytes
                                                                                                                                                                                                                          MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                          Reset < >