16341600x80000000000000001Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:10.849C:\Users\grapltest\Documents\sysmonconfig.xml.txtSHA1=6F76031E03683B68245CFF51F7351D8377C046D9 434400x80000000000000002Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:10.942Started10.24.21 154100x80000000000000003Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:10.867{87E8D3BD-9A8E-5D38-0000-0010D7CA0800}3324C:\Windows\Sysmon.exe10.2System activity monitorSysinternals SysmonSysinternals - www.sysinternals.com?C:\Windows\Sysmon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=041199C6747E9764856E519BCB548B62,SHA256=981792616E29B07CA33749E4F3DA9769A850C61CED86F71716E0AF475BBD2DF1{87E8D3BD-998D-5D38-0000-001030400000}568C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x80000000000000004Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:10.910{87E8D3BD-9A8E-5D38-0000-001040CD0800}3724C:\Windows\System32\wbem\unsecapp.exe10.0.10240.16384 (th1.150709-1700)Sink to receive asynchronous callbacks for WMI client applicationMicrosoft® Windows® Operating SystemMicrosoft Corporationunsecapp.dllC:\Windows\system32\wbem\unsecapp.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=D955EA7DA223A2CABE44D80C01D7E8B3,SHA256=AB9A7F997DA81BD7202C49BF0F40AB06B89FCAFDA9F91F89A0B186291890E099{87E8D3BD-998D-5D38-0000-00100D560000}668C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 534500x80000000000000005Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:11.912{87E8D3BD-9A8E-5D38-0000-0010AD870800}4932C:\Users\GRAPLT~1\AppData\Local\Temp\Sysmon.exe 534500x80000000000000006Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:11.930{87E8D3BD-9A8E-5D38-0000-0010DB850800}3372C:\Users\grapltest\Downloads\Sysmon\Sysmon.exe 22542200x80000000000000007Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:25.944{87E8D3BD-9A9D-5D38-0000-00102A890900}2392static-spartan-wus-s-msn-com.akamaized.net0type: 5 a743.g2.akamai.net;::ffff:23.215.102.33;::ffff:23.215.102.8;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x80000000000000008Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:26.183{87E8D3BD-9A9D-5D38-0000-00102A890900}2392img-s-msn-com.akamaized.net0type: 5 a1834.dspg2.akamai.net;::ffff:23.215.102.8;::ffff:23.215.102.17;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x80000000000000009Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:26.216{87E8D3BD-9A9D-5D38-0000-00102A890900}2392img.s-msn.com0type: 5 wildcard.s-msn.com.edgekey.net;type: 5 e7341.g.akamaiedge.net;::ffff:96.16.173.87;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x800000000000000010Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:30.543{87E8D3BD-99EC-5D38-0000-00106D300500}3140clickserve.dartsearch.net0::ffff:172.217.5.110;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 22542200x800000000000000011Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:32.917{87E8D3BD-99EC-5D38-0000-001029460500}2832clickserve.dartsearch.net0::ffff:172.217.5.110;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x800000000000000012Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:33.280{87E8D3BD-99EC-5D38-0000-001029460500}2832www.google.com0::ffff:172.217.0.36;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x800000000000000013Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:33.799{87E8D3BD-99EC-5D38-0000-00106D300500}3140www.google.com0::ffff:172.217.0.36;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 22542200x800000000000000014Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:34.049{87E8D3BD-99EC-5D38-0000-001029460500}2832tools.google.com0type: 5 tools.l.google.com;::ffff:172.217.164.110;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x800000000000000015Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:41.787{87E8D3BD-998D-5D38-0000-001009E50000}1044wpad9003C:\Windows\System32\svchost.exe 11241100x800000000000000016Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:51:44.396{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEC:\Windows\System32\wbem\Performance\WmiApRpl_new.ini2019-07-24 17:51:44.396 13241300x800000000000000017Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1042SetValue2019-07-24 17:53:05.896{87E8D3BD-99C8-5D38-0000-0010583C0200}3064C:\Windows\Explorer.EXEHKU\S-1-5-21-475214889-3710252578-4288414562-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\exefileBinary Data 13241300x800000000000000018Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:09.833{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingWmiApRpl 13241300x800000000000000019Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:09.833{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last CounterDWORD (0x00001db6) 13241300x800000000000000020Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:09.833{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last HelpDWORD (0x00001db7) 12241200x800000000000000021Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashDeleteValue2019-07-24 17:54:09.833{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First Counter 12241200x800000000000000022Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashDeleteValue2019-07-24 17:54:09.833{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last Counter 12241200x800000000000000023Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashDeleteValue2019-07-24 17:54:09.833{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First Help 12241200x800000000000000024Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashDeleteValue2019-07-24 17:54:09.833{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last Help 12241200x800000000000000025Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashDeleteValue2019-07-24 17:54:09.833{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Object List 12241200x800000000000000026Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashDeleteValue2019-07-24 17:54:09.833{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Updating 13241300x800000000000000027Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:09.849{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\PerfIniFileWmiApRpl.ini 13241300x800000000000000028Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:09.849{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\UpdatingWmiApRpl 13241300x800000000000000029Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:09.880{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last CounterDWORD (0x00001e6a) 13241300x800000000000000030Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:09.880{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Last HelpDWORD (0x00001e6b) 13241300x800000000000000031Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:09.880{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last CounterDWORD (0x00001e6a) 13241300x800000000000000032Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:09.880{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Last HelpDWORD (0x00001e6b) 13241300x800000000000000033Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:09.880{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First CounterDWORD (0x00001db8) 13241300x800000000000000034Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:09.880{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\First HelpDWORD (0x00001db9) 13241300x800000000000000035Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:09.880{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\System\CurrentControlSet\Services\WmiApRpl\Performance\Object List7608 7614 7626 7636 7646 7666 7710 7720 7758 7764 7780 12241200x800000000000000036Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashDeleteValue2019-07-24 17:54:09.880{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\Updating 13241300x800000000000000037Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance\Performance DataBinary Data 12241200x800000000000000038Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashDeleteKey2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE 12241200x800000000000000039Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashCreateKey2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE 13241300x800000000000000040Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\advapi32.dll[MofResourceName]LowDateTime:-416503270,HighDateTime:30456516***Binary mof compiled successfully 13241300x800000000000000041Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\en-US\advapi32.dll.mui[MofResourceName]LowDateTime:293506637,HighDateTime:30456536***Binary mof compiled successfully 13241300x800000000000000042Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]LowDateTime:-673244000,HighDateTime:30456516***Binary mof compiled successfully 13241300x800000000000000043Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]LowDateTime:206928669,HighDateTime:30456536***Binary mof compiled successfully 13241300x800000000000000044Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\System32\drivers\mssmbios.sys[MofResource]LowDateTime:-679494534,HighDateTime:30456516***Binary mof compiled successfully 13241300x800000000000000045Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]LowDateTime:194741122,HighDateTime:30456536***Binary mof compiled successfully 13241300x800000000000000046Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]LowDateTime:-673244000,HighDateTime:30456516***Binary mof compiled successfully 13241300x800000000000000047Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]LowDateTime:206928669,HighDateTime:30456536***Binary mof compiled successfully 13241300x800000000000000048Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\SCSI\Disk&Ven_VBOX&Prod_HARDDISK\4&3554261f&0&000000_0-{05901221-D566-11d1-B2F0-00A0C9062910}LowDateTime:803713417,HighDateTime:0***Binary mof compiled successfully 13241300x800000000000000049Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\battc.sys[BATTCWMI]LowDateTime:-679494534,HighDateTime:30456516***Binary mof compiled successfully 13241300x800000000000000050Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\en-US\battc.sys.mui[BATTCWMI]LowDateTime:194741122,HighDateTime:30456536***Binary mof compiled successfully 13241300x800000000000000051Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\System32\drivers\HDAudBus.sys[HDAudioMofName]LowDateTime:-703246564,HighDateTime:30456516***Binary mof compiled successfully 13241300x800000000000000052Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\System32\drivers\en-US\HDAudBus.sys.mui[HDAudioMofName]LowDateTime:179705999,HighDateTime:30456536***Binary mof compiled successfully 13241300x800000000000000053Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\System32\Drivers\portcls.SYS[PortclsMof]LowDateTime:-700433823,HighDateTime:30456516***Binary mof compiled successfully 13241300x800000000000000054Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\System32\Drivers\en-US\portcls.SYS.mui[PortclsMof]LowDateTime:193491118,HighDateTime:30456536***Binary mof compiled successfully 13241300x800000000000000055Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\System32\drivers\monitor.sys[MonitorWMI]LowDateTime:-703715354,HighDateTime:30456516***Binary mof failed, see WMIPROV.LOG 13241300x800000000000000056Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance\Performance RefreshDWORD (0x00000000) 13241300x800000000000000057Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSuspicious,ImageBeginWithBackslashSetValue2019-07-24 17:54:58.318{87E8D3BD-9A7F-5D38-0000-001099690800}4740\\?\C:\Windows\system32\wbem\WMIADAP.EXEHKLM\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance\Performance RefreshedDWORD (0x00000001) 11241100x800000000000000058Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:01.004{87E8D3BD-99EC-5D38-0000-001029460500}2832C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\Users\grapltest\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HGWLQY3E\ChromeSetup[1].exe2019-07-24 17:57:01.004 11241100x800000000000000059Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileCreate-Downloads2019-07-24 17:57:01.317{87E8D3BD-99EC-5D38-0000-00103C3A0500}3460C:\Windows\system32\browser_broker.exeC:\Users\grapltest\Downloads\ChromeSetup.exe.hi3alp5.partial2019-07-24 17:57:01.317 11241100x800000000000000060Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileCreate-Downloads2019-07-24 17:57:01.739{87E8D3BD-99EC-5D38-0000-001029460500}2832C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\Users\grapltest\Downloads\ChromeSetup.exe.hi3alp5.partial2019-07-24 17:57:01.317 15241500x800000000000000061Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileStream-Downloads2019-07-24 17:57:02.223{87E8D3BD-99EC-5D38-0000-00103C3A0500}3460C:\Windows\system32\browser_broker.exeC:\Users\grapltest\Downloads\ChromeSetup.exe.hi3alp5.partial2019-07-24 17:57:01.317MD5=EB6A90426D5004ECABC515F2DA60019A,SHA256=958850CE9C18AB8BF03D73DE75B3A4C8F8D74F27C7C2CD2B8318731C1C757326 11241100x800000000000000062Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileCreate-Downloads2019-07-24 17:57:02.223{87E8D3BD-99EC-5D38-0000-00103C3A0500}3460C:\Windows\system32\browser_broker.exeC:\Users\grapltest\Downloads\ChromeSetup.exe.hi3alp5.partial:Zone.Identifier2019-07-24 17:57:01.317 15241500x800000000000000063Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileStream-Downloads2019-07-24 17:57:02.223{87E8D3BD-99EC-5D38-0000-00103C3A0500}3460C:\Windows\system32\browser_broker.exeC:\Users\grapltest\Downloads\ChromeSetup.exe.hi3alp5.partial:Zone.Identifier2019-07-24 17:57:01.317MD5=FBCCF14D504B7B2DBCB5A5BDA75BD93B,SHA256=EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 22542200x800000000000000064Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:00.932{87E8D3BD-99EC-5D38-0000-001029460500}2832dl.google.com0::ffff:172.217.0.46;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x800000000000000065Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:02.312{87E8D3BD-99EC-5D38-0000-00106D300500}3140ocsp.thawte.com0type: 5 ocsp-ds.ws.symantec.com.edgekey.net;type: 5 e8218.dscb1.akamaiedge.net;::ffff:23.65.11.27;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 22542200x800000000000000066Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:02.482{87E8D3BD-99EC-5D38-0000-00106D300500}3140th.symcd.com0type: 5 ocsp-ds.ws.symantec.com.edgekey.net;type: 5 e8218.dscb1.akamaiedge.net;::ffff:23.65.11.27;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 15241500x800000000000000067Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileStream-Downloads2019-07-24 17:57:04.630{87E8D3BD-99EC-5D38-0000-00103C3A0500}3460C:\Windows\system32\browser_broker.exeC:\Users\grapltest\Downloads\ChromeSetup.exe2019-07-24 17:57:01.317MD5=EB6A90426D5004ECABC515F2DA60019A,SHA256=958850CE9C18AB8BF03D73DE75B3A4C8F8D74F27C7C2CD2B8318731C1C757326 15241500x800000000000000068Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileStream-Downloads2019-07-24 17:57:04.645{87E8D3BD-99EC-5D38-0000-00103C3A0500}3460C:\Windows\system32\browser_broker.exeC:\Users\grapltest\Downloads\ChromeSetup.exe:Zone.Identifier2019-07-24 17:57:01.317MD5=FBCCF14D504B7B2DBCB5A5BDA75BD93B,SHA256=EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 154100x800000000000000069Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:04.660{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exe1.3.34.11Google Update SetupGoogle UpdateGoogle LLCGoogleUpdateSetup.exe"C:\Users\grapltest\Downloads\ChromeSetup.exe" C:\Windows\system32\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=EB6A90426D5004ECABC515F2DA60019A,SHA256=958850CE9C18AB8BF03D73DE75B3A4C8F8D74F27C7C2CD2B8318731C1C757326{87E8D3BD-99EC-5D38-0000-00103C3A0500}3460C:\Windows\System32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding 13241300x800000000000000070Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRInvDBSetValue2019-07-24 17:57:04.676{87E8D3BD-998D-5D38-0000-001039DC0000}300C:\Windows\system32\svchost.exeHKU\S-1-5-21-475214889-3710252578-4288414562-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\grapltest\Downloads\ChromeSetup.exeBinary Data 11241100x800000000000000071Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:04.802{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdate.exe2019-07-24 17:57:04.802 11241100x800000000000000072Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:04.833{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleCrashHandler.exe2019-07-24 17:57:04.833 11241100x800000000000000073Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:04.880{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdate.dll2019-07-24 17:57:04.880 11241100x800000000000000074Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:04.926{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\npGoogleUpdate3.dll2019-07-24 17:57:04.926 11241100x800000000000000075Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:04.973{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateBroker.exe2019-07-24 17:57:04.973 11241100x800000000000000076Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.004{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateOnDemand.exe2019-07-24 17:57:05.004 11241100x800000000000000077Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.036{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateComRegisterShell64.exe2019-07-24 17:57:05.036 11241100x800000000000000078Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.083{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateWebPlugin.exe2019-07-24 17:57:05.083 11241100x800000000000000079Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.114{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\psmachine.dll2019-07-24 17:57:05.114 11241100x800000000000000080Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.145{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\psmachine_64.dll2019-07-24 17:57:05.145 11241100x800000000000000081Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.161{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\psuser.dll2019-07-24 17:57:05.161 11241100x800000000000000082Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.208{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\psuser_64.dll2019-07-24 17:57:05.192 11241100x800000000000000083Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.223{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleCrashHandler64.exe2019-07-24 17:57:05.223 11241100x800000000000000084Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.270{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateCore.exe2019-07-24 17:57:05.255 11241100x800000000000000085Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.302{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_am.dll2019-07-24 17:57:05.302 11241100x800000000000000086Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.302{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_ar.dll2019-07-24 17:57:05.302 11241100x800000000000000087Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.317{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_bg.dll2019-07-24 17:57:05.317 11241100x800000000000000088Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.317{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_bn.dll2019-07-24 17:57:05.317 11241100x800000000000000089Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.332{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_ca.dll2019-07-24 17:57:05.332 11241100x800000000000000090Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.332{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_cs.dll2019-07-24 17:57:05.332 11241100x800000000000000091Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.348{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_da.dll2019-07-24 17:57:05.348 11241100x800000000000000092Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.348{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_de.dll2019-07-24 17:57:05.348 11241100x800000000000000093Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.364{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_el.dll2019-07-24 17:57:05.364 11241100x800000000000000094Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.364{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_en.dll2019-07-24 17:57:05.364 11241100x800000000000000095Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.364{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_en-GB.dll2019-07-24 17:57:05.364 11241100x800000000000000096Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.380{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_es.dll2019-07-24 17:57:05.380 11241100x800000000000000097Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.380{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_es-419.dll2019-07-24 17:57:05.380 11241100x800000000000000098Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.395{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_et.dll2019-07-24 17:57:05.395 11241100x800000000000000099Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.395{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_fa.dll2019-07-24 17:57:05.395 11241100x8000000000000000100Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.411{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_fi.dll2019-07-24 17:57:05.411 11241100x8000000000000000101Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.411{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_fil.dll2019-07-24 17:57:05.411 11241100x8000000000000000102Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.427{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_fr.dll2019-07-24 17:57:05.427 11241100x8000000000000000103Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.427{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_gu.dll2019-07-24 17:57:05.427 11241100x8000000000000000104Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.442{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_hi.dll2019-07-24 17:57:05.442 11241100x8000000000000000105Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.442{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_hr.dll2019-07-24 17:57:05.442 11241100x8000000000000000106Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.458{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_hu.dll2019-07-24 17:57:05.458 11241100x8000000000000000107Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.458{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_id.dll2019-07-24 17:57:05.458 11241100x8000000000000000108Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.474{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_is.dll2019-07-24 17:57:05.474 11241100x8000000000000000109Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.474{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_it.dll2019-07-24 17:57:05.474 11241100x8000000000000000110Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.489{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_iw.dll2019-07-24 17:57:05.489 11241100x8000000000000000111Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.489{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_ja.dll2019-07-24 17:57:05.489 11241100x8000000000000000112Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.489{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_kn.dll2019-07-24 17:57:05.489 11241100x8000000000000000113Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.504{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_ko.dll2019-07-24 17:57:05.504 11241100x8000000000000000114Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.504{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_lt.dll2019-07-24 17:57:05.504 11241100x8000000000000000115Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.520{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_lv.dll2019-07-24 17:57:05.520 11241100x8000000000000000116Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.520{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_ml.dll2019-07-24 17:57:05.520 11241100x8000000000000000117Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.536{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_mr.dll2019-07-24 17:57:05.536 11241100x8000000000000000118Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.536{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_ms.dll2019-07-24 17:57:05.536 11241100x8000000000000000119Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.536{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_nl.dll2019-07-24 17:57:05.536 11241100x8000000000000000120Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.551{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_no.dll2019-07-24 17:57:05.551 11241100x8000000000000000121Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.567{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_pl.dll2019-07-24 17:57:05.551 11241100x8000000000000000122Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.567{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_pt-BR.dll2019-07-24 17:57:05.567 11241100x8000000000000000123Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.567{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_pt-PT.dll2019-07-24 17:57:05.567 11241100x8000000000000000124Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.582{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_ro.dll2019-07-24 17:57:05.582 11241100x8000000000000000125Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.598{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_ru.dll2019-07-24 17:57:05.598 11241100x8000000000000000126Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.598{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_sk.dll2019-07-24 17:57:05.598 11241100x8000000000000000127Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.614{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_sl.dll2019-07-24 17:57:05.614 11241100x8000000000000000128Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.614{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_sr.dll2019-07-24 17:57:05.614 11241100x8000000000000000129Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.629{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_sv.dll2019-07-24 17:57:05.629 11241100x8000000000000000130Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.629{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_sw.dll2019-07-24 17:57:05.629 11241100x8000000000000000131Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.645{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_ta.dll2019-07-24 17:57:05.645 11241100x8000000000000000132Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.645{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_te.dll2019-07-24 17:57:05.645 11241100x8000000000000000133Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.645{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_th.dll2019-07-24 17:57:05.645 11241100x8000000000000000134Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.661{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_tr.dll2019-07-24 17:57:05.661 11241100x8000000000000000135Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.661{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_uk.dll2019-07-24 17:57:05.661 11241100x8000000000000000136Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.676{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_ur.dll2019-07-24 17:57:05.676 11241100x8000000000000000137Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.676{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_vi.dll2019-07-24 17:57:05.676 11241100x8000000000000000138Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.692{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_zh-CN.dll2019-07-24 17:57:05.692 11241100x8000000000000000139Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.707{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\goopdateres_zh-TW.dll2019-07-24 17:57:05.707 11241100x8000000000000000140Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.707{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exe2019-07-24 17:57:05.707 154100x8000000000000000141Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:05.730{87E8D3BD-9BF1-5D38-0000-0010159E0E00}4812C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F2782276-7085-9EC9-B82C-4B91DF227F8F}&lang=en&browser=5&usagestats=1&appname=Google%%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty"C:\Windows\system32\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exe"C:\Users\grapltest\Downloads\ChromeSetup.exe" 154100x8000000000000000142Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.142{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exe1.3.34.11Google Update SetupGoogle UpdateGoogle LLCGoogleUpdateSetup.exe"C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F2782276-7085-9EC9-B82C-4B91DF227F8F}&lang=en&browser=5&usagestats=1&appname=Google%%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty" /installelevated /nomitagC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002061140200}0x214611HighMD5=EB6A90426D5004ECABC515F2DA60019A,SHA256=958850CE9C18AB8BF03D73DE75B3A4C8F8D74F27C7C2CD2B8318731C1C757326{87E8D3BD-9BF1-5D38-0000-0010159E0E00}4812C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdate.exeC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F2782276-7085-9EC9-B82C-4B91DF227F8F}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty" 11241100x8000000000000000143Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.317{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exe2019-07-24 17:57:08.317 11241100x8000000000000000144Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.361{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\GoogleCrashHandler.exe2019-07-24 17:57:08.361 11241100x8000000000000000145Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.435{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdate.dll2019-07-24 17:57:08.435 11241100x8000000000000000146Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.509{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\npGoogleUpdate3.dll2019-07-24 17:57:08.505 11241100x8000000000000000147Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.583{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\GoogleUpdateBroker.exe2019-07-24 17:57:08.583 11241100x8000000000000000148Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.622{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\GoogleUpdateOnDemand.exe2019-07-24 17:57:08.622 11241100x8000000000000000149Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.654{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\GoogleUpdateComRegisterShell64.exe2019-07-24 17:57:08.654 11241100x8000000000000000150Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.722{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\GoogleUpdateWebPlugin.exe2019-07-24 17:57:08.722 11241100x8000000000000000151Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.770{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\psmachine.dll2019-07-24 17:57:08.770 11241100x8000000000000000152Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.803{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\psmachine_64.dll2019-07-24 17:57:08.803 11241100x8000000000000000153Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.848{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\psuser.dll2019-07-24 17:57:08.848 11241100x8000000000000000154Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.880{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\psuser_64.dll2019-07-24 17:57:08.880 11241100x8000000000000000155Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.911{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\GoogleCrashHandler64.exe2019-07-24 17:57:08.911 11241100x8000000000000000156Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:08.973{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\GoogleUpdateCore.exe2019-07-24 17:57:08.973 11241100x8000000000000000157Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.052{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_am.dll2019-07-24 17:57:09.052 11241100x8000000000000000158Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.067{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_ar.dll2019-07-24 17:57:09.067 11241100x8000000000000000159Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.067{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_bg.dll2019-07-24 17:57:09.067 11241100x8000000000000000160Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.082{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_bn.dll2019-07-24 17:57:09.082 11241100x8000000000000000161Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.082{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_ca.dll2019-07-24 17:57:09.082 11241100x8000000000000000162Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.082{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_cs.dll2019-07-24 17:57:09.082 11241100x8000000000000000163Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.098{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_da.dll2019-07-24 17:57:09.098 11241100x8000000000000000164Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.114{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_de.dll2019-07-24 17:57:09.114 11241100x8000000000000000165Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.114{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_el.dll2019-07-24 17:57:09.114 11241100x8000000000000000166Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.130{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_en.dll2019-07-24 17:57:09.130 11241100x8000000000000000167Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.145{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_en-GB.dll2019-07-24 17:57:09.145 11241100x8000000000000000168Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.145{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_es.dll2019-07-24 17:57:09.145 11241100x8000000000000000169Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.161{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_es-419.dll2019-07-24 17:57:09.161 11241100x8000000000000000170Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.177{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_et.dll2019-07-24 17:57:09.177 11241100x8000000000000000171Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.177{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_fa.dll2019-07-24 17:57:09.177 11241100x8000000000000000172Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.192{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_fi.dll2019-07-24 17:57:09.192 11241100x8000000000000000173Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.208{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_fil.dll2019-07-24 17:57:09.208 11241100x8000000000000000174Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.208{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_fr.dll2019-07-24 17:57:09.208 11241100x8000000000000000175Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.224{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_gu.dll2019-07-24 17:57:09.224 11241100x8000000000000000176Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.239{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_hi.dll2019-07-24 17:57:09.239 11241100x8000000000000000177Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.239{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_hr.dll2019-07-24 17:57:09.239 11241100x8000000000000000178Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.255{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_hu.dll2019-07-24 17:57:09.255 11241100x8000000000000000179Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.255{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_id.dll2019-07-24 17:57:09.255 11241100x8000000000000000180Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.271{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_is.dll2019-07-24 17:57:09.271 11241100x8000000000000000181Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.271{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_it.dll2019-07-24 17:57:09.271 11241100x8000000000000000182Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.286{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_iw.dll2019-07-24 17:57:09.286 11241100x8000000000000000183Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.286{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_ja.dll2019-07-24 17:57:09.286 11241100x8000000000000000184Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.301{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_kn.dll2019-07-24 17:57:09.301 11241100x8000000000000000185Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.301{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_ko.dll2019-07-24 17:57:09.301 11241100x8000000000000000186Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.317{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_lt.dll2019-07-24 17:57:09.317 11241100x8000000000000000187Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.317{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_lv.dll2019-07-24 17:57:09.317 11241100x8000000000000000188Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.333{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_ml.dll2019-07-24 17:57:09.333 11241100x8000000000000000189Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.333{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_mr.dll2019-07-24 17:57:09.333 11241100x8000000000000000190Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.348{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_ms.dll2019-07-24 17:57:09.348 11241100x8000000000000000191Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.348{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_nl.dll2019-07-24 17:57:09.348 11241100x8000000000000000192Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.364{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_no.dll2019-07-24 17:57:09.364 11241100x8000000000000000193Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.380{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_pl.dll2019-07-24 17:57:09.380 11241100x8000000000000000194Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.395{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_pt-BR.dll2019-07-24 17:57:09.395 11241100x8000000000000000195Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.395{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_pt-PT.dll2019-07-24 17:57:09.395 11241100x8000000000000000196Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.411{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_ro.dll2019-07-24 17:57:09.411 11241100x8000000000000000197Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.427{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_ru.dll2019-07-24 17:57:09.427 11241100x8000000000000000198Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.427{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_sk.dll2019-07-24 17:57:09.427 11241100x8000000000000000199Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.442{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_sl.dll2019-07-24 17:57:09.442 11241100x8000000000000000200Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.458{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_sr.dll2019-07-24 17:57:09.458 11241100x8000000000000000201Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.474{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_sv.dll2019-07-24 17:57:09.474 11241100x8000000000000000202Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.474{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_sw.dll2019-07-24 17:57:09.474 11241100x8000000000000000203Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.489{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_ta.dll2019-07-24 17:57:09.489 11241100x8000000000000000204Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.505{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_te.dll2019-07-24 17:57:09.505 11241100x8000000000000000205Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.505{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_th.dll2019-07-24 17:57:09.505 11241100x8000000000000000206Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.520{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_tr.dll2019-07-24 17:57:09.520 11241100x8000000000000000207Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.536{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_uk.dll2019-07-24 17:57:09.536 11241100x8000000000000000208Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.536{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_ur.dll2019-07-24 17:57:09.536 11241100x8000000000000000209Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.552{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_vi.dll2019-07-24 17:57:09.552 11241100x8000000000000000210Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.567{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_zh-CN.dll2019-07-24 17:57:09.567 11241100x8000000000000000211Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.583{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\goopdateres_zh-TW.dll2019-07-24 17:57:09.583 11241100x8000000000000000212Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.583{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exeC:\Program Files (x86)\GUM6D35.tmp\GoogleUpdateSetup.exe2019-07-24 17:57:09.583 154100x8000000000000000213Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.611{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F2782276-7085-9EC9-B82C-4B91DF227F8F}&lang=en&browser=5&usagestats=1&appname=Google%%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty" /installelevatedC:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002061140200}0x214611HighMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exe"C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F2782276-7085-9EC9-B82C-4B91DF227F8F}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty" /installelevated /nomitag 11241100x8000000000000000214Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.677{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdate.exe2019-07-24 17:57:09.677 11241100x8000000000000000215Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.739{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdate.dll2019-07-24 17:57:09.739 11241100x8000000000000000216Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.818{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateCore.exe2019-07-24 17:57:09.818 11241100x8000000000000000217Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.879{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe2019-07-24 17:57:09.879 11241100x8000000000000000218Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.927{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe2019-07-24 17:57:09.927 11241100x8000000000000000219Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:09.973{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exe2019-07-24 17:57:09.973 11241100x8000000000000000220Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.005{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_am.dll2019-07-24 17:57:10.005 11241100x8000000000000000221Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.020{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_ar.dll2019-07-24 17:57:10.020 11241100x8000000000000000222Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.020{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_bg.dll2019-07-24 17:57:10.020 11241100x8000000000000000223Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.035{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_bn.dll2019-07-24 17:57:10.035 11241100x8000000000000000224Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.052{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_ca.dll2019-07-24 17:57:10.035 11241100x8000000000000000225Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.052{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_cs.dll2019-07-24 17:57:10.052 11241100x8000000000000000226Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.067{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_da.dll2019-07-24 17:57:10.067 11241100x8000000000000000227Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.067{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_de.dll2019-07-24 17:57:10.067 11241100x8000000000000000228Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.083{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_el.dll2019-07-24 17:57:10.083 11241100x8000000000000000229Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.098{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_en.dll2019-07-24 17:57:10.098 11241100x8000000000000000230Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.098{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_en-GB.dll2019-07-24 17:57:10.098 11241100x8000000000000000231Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.114{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_es.dll2019-07-24 17:57:10.114 11241100x8000000000000000232Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.130{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_es-419.dll2019-07-24 17:57:10.130 11241100x8000000000000000233Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.146{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_et.dll2019-07-24 17:57:10.146 11241100x8000000000000000234Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.146{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_fa.dll2019-07-24 17:57:10.146 11241100x8000000000000000235Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.161{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_fi.dll2019-07-24 17:57:10.161 11241100x8000000000000000236Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.177{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_fil.dll2019-07-24 17:57:10.161 11241100x8000000000000000237Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.177{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_fr.dll2019-07-24 17:57:10.177 11241100x8000000000000000238Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.192{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_gu.dll2019-07-24 17:57:10.192 11241100x8000000000000000239Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.207{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_hi.dll2019-07-24 17:57:10.207 11241100x8000000000000000240Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.223{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_hr.dll2019-07-24 17:57:10.223 11241100x8000000000000000241Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.239{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_hu.dll2019-07-24 17:57:10.223 11241100x8000000000000000242Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.239{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_id.dll2019-07-24 17:57:10.239 11241100x8000000000000000243Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.255{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_is.dll2019-07-24 17:57:10.255 11241100x8000000000000000244Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.271{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_it.dll2019-07-24 17:57:10.271 11241100x8000000000000000245Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.271{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_iw.dll2019-07-24 17:57:10.271 11241100x8000000000000000246Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.286{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_ja.dll2019-07-24 17:57:10.286 11241100x8000000000000000247Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.301{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_kn.dll2019-07-24 17:57:10.301 11241100x8000000000000000248Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.301{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_ko.dll2019-07-24 17:57:10.301 11241100x8000000000000000249Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.317{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_lt.dll2019-07-24 17:57:10.317 11241100x8000000000000000250Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.333{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_lv.dll2019-07-24 17:57:10.333 11241100x8000000000000000251Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.349{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_ml.dll2019-07-24 17:57:10.349 11241100x8000000000000000252Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.364{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_mr.dll2019-07-24 17:57:10.364 11241100x8000000000000000253Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.364{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_ms.dll2019-07-24 17:57:10.364 11241100x8000000000000000254Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.395{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_nl.dll2019-07-24 17:57:10.379 11241100x8000000000000000255Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.411{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_no.dll2019-07-24 17:57:10.411 11241100x8000000000000000256Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.427{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_pl.dll2019-07-24 17:57:10.427 11241100x8000000000000000257Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.427{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_pt-BR.dll2019-07-24 17:57:10.427 11241100x8000000000000000258Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.442{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_pt-PT.dll2019-07-24 17:57:10.442 11241100x8000000000000000259Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.457{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_ro.dll2019-07-24 17:57:10.457 11241100x8000000000000000260Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.473{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_ru.dll2019-07-24 17:57:10.473 11241100x8000000000000000261Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.473{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_sk.dll2019-07-24 17:57:10.473 11241100x8000000000000000262Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.489{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_sl.dll2019-07-24 17:57:10.489 11241100x8000000000000000263Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.505{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_sr.dll2019-07-24 17:57:10.505 11241100x8000000000000000264Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.505{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_sv.dll2019-07-24 17:57:10.505 11241100x8000000000000000265Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.521{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_sw.dll2019-07-24 17:57:10.521 11241100x8000000000000000266Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.536{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_ta.dll2019-07-24 17:57:10.536 11241100x8000000000000000267Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.551{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_te.dll2019-07-24 17:57:10.551 11241100x8000000000000000268Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.551{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_th.dll2019-07-24 17:57:10.551 11241100x8000000000000000269Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.567{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_tr.dll2019-07-24 17:57:10.567 11241100x8000000000000000270Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.567{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_uk.dll2019-07-24 17:57:10.567 11241100x8000000000000000271Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.583{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_ur.dll2019-07-24 17:57:10.583 11241100x8000000000000000272Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.598{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_vi.dll2019-07-24 17:57:10.598 11241100x8000000000000000273Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.598{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_zh-CN.dll2019-07-24 17:57:10.598 11241100x8000000000000000274Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.614{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\goopdateres_zh-TW.dll2019-07-24 17:57:10.614 11241100x8000000000000000275Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.630{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\psuser.dll2019-07-24 17:57:10.630 11241100x8000000000000000276Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.677{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\psuser_64.dll2019-07-24 17:57:10.677 11241100x8000000000000000277Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.723{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\psmachine.dll2019-07-24 17:57:10.723 11241100x8000000000000000278Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.754{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\psmachine_64.dll2019-07-24 17:57:10.754 11241100x8000000000000000279Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:10.801{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exe2019-07-24 17:57:10.801 11241100x8000000000000000280Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:11.396{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateSetup.exe2019-07-24 17:57:11.396 11241100x8000000000000000281Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:11.977{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll2019-07-24 17:57:11.977 11241100x8000000000000000282Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:12.037{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateBroker.exe2019-07-24 17:57:12.037 11241100x8000000000000000283Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:12.098{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateOnDemand.exe2019-07-24 17:57:12.098 11241100x8000000000000000284Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:12.145{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateWebPlugin.exe2019-07-24 17:57:12.145 12241200x8000000000000000285Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1183,IFEOCreateKey2019-07-24 17:57:12.193{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe 13241300x8000000000000000286Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1183,IFEOSetValue2019-07-24 17:57:12.193{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe\DisableExceptionChainValidationDWORD (0x00000000) 154100x8000000000000000287Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:12.204{87E8D3BD-9BF8-5D38-0000-001073110F00}3316C:\Program Files (x86)\Google\Update\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regsvcC:\Program Files (x86)\GUM6D35.tmp\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002061140200}0x214611HighMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exe"C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F2782276-7085-9EC9-B82C-4B91DF227F8F}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty" /installelevated 13241300x8000000000000000288Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1031,T1050SetValue2019-07-24 17:57:12.239{87E8D3BD-998D-5D38-0000-001030400000}568C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\gupdate\StartDWORD (0x00000002) 13241300x8000000000000000289Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1031,T1050SetValue2019-07-24 17:57:12.239{87E8D3BD-998D-5D38-0000-001030400000}568C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\gupdate\ImagePath"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc 13241300x8000000000000000290Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1031,T1050SetValue2019-07-24 17:57:12.239{87E8D3BD-998D-5D38-0000-001030400000}568C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\gupdatem\StartDWORD (0x00000003) 13241300x8000000000000000291Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1031,T1050SetValue2019-07-24 17:57:12.239{87E8D3BD-998D-5D38-0000-001030400000}568C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\gupdatem\ImagePath"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc 11241100x8000000000000000292Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10532019-07-24 17:57:12.271{87E8D3BD-998D-5D38-0000-0010EEBF0000}916C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2019-07-24 17:57:12.271 11241100x8000000000000000293Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10532019-07-24 17:57:12.301{87E8D3BD-998D-5D38-0000-0010EEBF0000}916C:\Windows\system32\svchost.exeC:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2019-07-24 17:57:12.301 154100x8000000000000000294Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:12.314{87E8D3BD-9BF8-5D38-0000-001067180F00}652C:\Program Files (x86)\Google\Update\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserverC:\Program Files (x86)\GUM6D35.tmp\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002061140200}0x214611HighMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exe"C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F2782276-7085-9EC9-B82C-4B91DF227F8F}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty" /installelevated 154100x8000000000000000295Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:12.348{87E8D3BD-9BF8-5D38-0000-00101B1B0F00}1052C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exe?????"C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exe" C:\Program Files (x86)\Google\Update\1.3.34.11\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002061140200}0x214611HighMD5=396BA164448844FCD0C72DD802AC7DB6,SHA256=F3ADA0BB7459836BA250314EA6D417694C974445F0F7218EA8A48B60C557BB89{87E8D3BD-9BF8-5D38-0000-001067180F00}652C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver 13241300x8000000000000000296Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.364{87E8D3BD-9BF8-5D38-0000-00101B1B0F00}1052C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exeHKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\psmachine_64.dll 13241300x8000000000000000297Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.364{87E8D3BD-9BF8-5D38-0000-00101B1B0F00}1052C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exeHKCR\CLSID\{600FDFA3-1EA7-4792-9436-ABB5154A9EB2}\InProcServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\psmachine_64.dll 13241300x8000000000000000298Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.380{87E8D3BD-9BF8-5D38-0000-001067180F00}652C:\Program Files (x86)\Google\Update\GoogleUpdate.exeHKCR\Wow6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\psmachine.dll 13241300x8000000000000000299Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.380{87E8D3BD-9BF8-5D38-0000-001067180F00}652C:\Program Files (x86)\Google\Update\GoogleUpdate.exeHKCR\Wow6432Node\CLSID\{600FDFA3-1EA7-4792-9436-ABB5154A9EB2}\InProcServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\psmachine.dll 154100x8000000000000000300Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:12.410{87E8D3BD-9BF8-5D38-0000-001060210F00}2356C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exe?????"C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exe" C:\Program Files (x86)\Google\Update\1.3.34.11\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002061140200}0x214611HighMD5=396BA164448844FCD0C72DD802AC7DB6,SHA256=F3ADA0BB7459836BA250314EA6D417694C974445F0F7218EA8A48B60C557BB89{87E8D3BD-9BF8-5D38-0000-001067180F00}652C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver 13241300x8000000000000000301Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.411{87E8D3BD-9BF8-5D38-0000-001060210F00}2356C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exeHKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\psmachine_64.dll 13241300x8000000000000000302Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.411{87E8D3BD-9BF8-5D38-0000-001060210F00}2356C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exeHKCR\CLSID\{600FDFA3-1EA7-4792-9436-ABB5154A9EB2}\InProcServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\psmachine_64.dll 13241300x8000000000000000303Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.426{87E8D3BD-9BF8-5D38-0000-001067180F00}652C:\Program Files (x86)\Google\Update\GoogleUpdate.exeHKCR\Wow6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\psmachine.dll 13241300x8000000000000000304Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.426{87E8D3BD-9BF8-5D38-0000-001067180F00}652C:\Program Files (x86)\Google\Update\GoogleUpdate.exeHKCR\Wow6432Node\CLSID\{600FDFA3-1EA7-4792-9436-ABB5154A9EB2}\InProcServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\psmachine.dll 154100x8000000000000000305Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:12.441{87E8D3BD-9BF8-5D38-0000-0010F8270F00}2656C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exe?????"C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exe" C:\Program Files (x86)\Google\Update\1.3.34.11\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002061140200}0x214611HighMD5=396BA164448844FCD0C72DD802AC7DB6,SHA256=F3ADA0BB7459836BA250314EA6D417694C974445F0F7218EA8A48B60C557BB89{87E8D3BD-9BF8-5D38-0000-001067180F00}652C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /regserver 13241300x8000000000000000306Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.463{87E8D3BD-9BF8-5D38-0000-0010F8270F00}2656C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exeHKCR\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\psmachine_64.dll 13241300x8000000000000000307Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.463{87E8D3BD-9BF8-5D38-0000-0010F8270F00}2656C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateComRegisterShell64.exeHKCR\CLSID\{600FDFA3-1EA7-4792-9436-ABB5154A9EB2}\InProcServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\psmachine_64.dll 13241300x8000000000000000308Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.475{87E8D3BD-9BF8-5D38-0000-001067180F00}652C:\Program Files (x86)\Google\Update\GoogleUpdate.exeHKCR\Wow6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\psmachine.dll 13241300x8000000000000000309Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.475{87E8D3BD-9BF8-5D38-0000-001067180F00}652C:\Program Files (x86)\Google\Update\GoogleUpdate.exeHKCR\Wow6432Node\CLSID\{600FDFA3-1EA7-4792-9436-ABB5154A9EB2}\InProcServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\psmachine.dll 13241300x8000000000000000310Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.505{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeHKCR\Wow6432Node\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll 13241300x8000000000000000311Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:12.505{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exeHKCR\Wow6432Node\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32\(Default)C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll 154100x8000000000000000312Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:12.536{87E8D3BD-9BF8-5D38-0000-001092340F00}2628C:\Program Files (x86)\Google\Update\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNC4xMSIgc2hlbGxfdmVyc2lvbj0iMS4zLjM0LjExIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0ie0FENkI2REFGLUNGNjItNEQ2OC1CQkZELTk0N0JDRUM2NDM0MH0iIHVzZXJpZD0iezg4OUZFMkM2LUE3ODYtNDk5QS1BMDNELTNEQjUyMjA0OURDRX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9Ins2MTY1RkU2Ri0yOTUyLTQyQTctQjMyNy05MUIwMzM1N0Y2Mzd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjQiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTAyNDAuMTYzODQiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins0MzBGRDREMC1CNzI5LTRGNjEtQUEzNC05MTUyNjQ4MTc5OUR9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxLjMuMzQuMTEiIGxhbmc9ImVuIiBicmFuZD0iQ0hCRiIgY2xpZW50PSIiIGlpZD0ie0YyNzgyMjc2LTcwODUtOUVDOS1CODJDLTRCOTFERjIyN0Y4Rn0iPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMjg2MCIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files (x86)\GUM6D35.tmp\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002061140200}0x214611HighMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exe"C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F2782276-7085-9EC9-B82C-4B91DF227F8F}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty" /installelevated 154100x8000000000000000313Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:12.549{87E8D3BD-9BF8-5D38-0000-001007360F00}2320C:\Program Files (x86)\Google\Update\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F2782276-7085-9EC9-B82C-4B91DF227F8F}&lang=en&browser=5&usagestats=1&appname=Google%%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty" /installsource taggedmi /sessionid "{AD6B6DAF-CF62-4D68-BBFD-947BCEC64340}"C:\Program Files (x86)\GUM6D35.tmp\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002061140200}0x214611HighMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-9BF5-5D38-0000-0010D8ED0E00}588C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exe"C:\Program Files (x86)\GUM6D35.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={F2782276-7085-9EC9-B82C-4B91DF227F8F}&lang=en&browser=5&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty" /installelevated 154100x8000000000000000314Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:12.608{87E8D3BD-9BF8-5D38-0000-0010173C0F00}4820C:\Program Files (x86)\Google\Update\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svcC:\Windows\system32\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-998D-5D38-0000-001030400000}568C:\Windows\System32\services.exeC:\Windows\system32\services.exe 11241100x8000000000000000315Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:21.020{87E8D3BD-9BF8-5D38-0000-0010173C0F00}4820C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\75.0.3770.142\75.0.3770.142_chrome_installer.exe2019-07-24 17:57:21.020 11241100x8000000000000000316Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:21.989{87E8D3BD-9BF8-5D38-0000-0010173C0F00}4820C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\Install\{6FC06909-417E-47A7-B1EA-7F3A1A4F88E4}\75.0.3770.142_chrome_installer.exe2019-07-24 17:57:21.989 154100x8000000000000000317Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:22.211{87E8D3BD-9C02-5D38-0000-0010F3A80F00}4712C:\Program Files (x86)\Google\Update\Install\{6FC06909-417E-47A7-B1EA-7F3A1A4F88E4}\75.0.3770.142_chrome_installer.exe75.0.3770.142Google Chrome InstallerGoogle Chrome InstallerGoogle LLC?"C:\Program Files (x86)\Google\Update\Install\{6FC06909-417E-47A7-B1EA-7F3A1A4F88E4}\75.0.3770.142_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Windows\TEMP\guiA339.tmp"C:\Program Files (x86)\Google\Update\1.3.34.11\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002061140200}0x214611HighMD5=5C4486AA9E64717543EF48452F714BF1,SHA256=331E919FAA4AAFA68ACDE93C296734B6C2F590B07DDDAA2944B2AD7469A44BAA{87E8D3BD-9BF8-5D38-0000-0010173C0F00}4820C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc 11241100x8000000000000000318Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:22.785{87E8D3BD-9C02-5D38-0000-0010F3A80F00}4712C:\Program Files (x86)\Google\Update\Install\{6FC06909-417E-47A7-B1EA-7F3A1A4F88E4}\75.0.3770.142_chrome_installer.exeC:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exe2019-07-24 17:57:22.785 244200x8000000000000000319Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 17:57:22.801{87E8D3BD-9C02-5D38-0000-0010F3A80F00}4712C:\Program Files (x86)\Google\Update\Install\{6FC06909-417E-47A7-B1EA-7F3A1A4F88E4}\75.0.3770.142_chrome_installer.exeC:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exe2019-07-12 23:11:34.0002019-07-24 17:57:22.785 154100x8000000000000000320Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:22.863{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exe75.0.3770.142Google Chrome InstallerGoogle Chrome InstallerGoogle LLC?"C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exe" --install-archive="C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Windows\TEMP\guiA339.tmp"C:\Program Files (x86)\Google\Update\1.3.34.11\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002061140200}0x214611HighMD5=02A4273B6188E1D66715912CC7B37650,SHA256=0060A4CD5CDE611F08A7A32DE9DB8E7DE00B1114B06D9A778FADBD23905F5A4D{87E8D3BD-9C02-5D38-0000-0010F3A80F00}4712C:\Program Files (x86)\Google\Update\Install\{6FC06909-417E-47A7-B1EA-7F3A1A4F88E4}\75.0.3770.142_chrome_installer.exe"C:\Program Files (x86)\Google\Update\Install\{6FC06909-417E-47A7-B1EA-7F3A1A4F88E4}\75.0.3770.142_chrome_installer.exe" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Windows\TEMP\guiA339.tmp" 154100x8000000000000000321Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:22.906{87E8D3BD-9C02-5D38-0000-0010CDAE0F00}2820C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exe75.0.3770.142Google Chrome InstallerGoogle Chrome InstallerGoogle LLC?C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=75.0.3770.142 --initial-client-data=0x1d8,0x1dc,0x1e0,0x1d4,0x1e4,0x7ff74de54b80,0x7ff74de54b90,0x7ff74de54ba0C:\Program Files (x86)\Google\Update\1.3.34.11\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002061140200}0x214611HighMD5=02A4273B6188E1D66715912CC7B37650,SHA256=0060A4CD5CDE611F08A7A32DE9DB8E7DE00B1114B06D9A778FADBD23905F5A4D{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exe"C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exe" --install-archive="C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\CHROME.PACKED.7Z" --verbose-logging --do-not-launch-chrome --system-level /installerdata="C:\Windows\TEMP\guiA339.tmp" 11241100x8000000000000000322Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:28.676{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\d3dcompiler_47.dll2019-07-24 17:57:28.676 11241100x8000000000000000323Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT11762019-07-24 17:57:28.786{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\default_apps\docs.crx2019-07-24 17:57:28.786 11241100x8000000000000000324Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT11762019-07-24 17:57:28.801{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\default_apps\drive.crx2019-07-24 17:57:28.801 11241100x8000000000000000325Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT11762019-07-24 17:57:28.864{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\default_apps\gmail.crx2019-07-24 17:57:28.864 11241100x8000000000000000326Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT11762019-07-24 17:57:28.911{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\default_apps\youtube.crx2019-07-24 17:57:28.911 11241100x8000000000000000327Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:29.270{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll2019-07-24 17:57:29.270 11241100x8000000000000000328Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:29.317{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\chrome.exe2019-07-24 17:57:29.317 11241100x8000000000000000329Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:29.364{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\chrome_proxy.exe2019-07-24 17:57:29.364 11241100x8000000000000000330Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:29.474{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\chrome.dll2019-07-24 17:57:29.474 11241100x8000000000000000331Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:30.082{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\chrome_child.dll2019-07-24 17:57:30.082 11241100x8000000000000000332Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:30.739{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\chrome_elf.dll2019-07-24 17:57:30.739 11241100x8000000000000000333Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:30.802{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\chrome_watcher.dll2019-07-24 17:57:30.802 11241100x8000000000000000334Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:30.864{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\elevation_service.exe2019-07-24 17:57:30.864 11241100x8000000000000000335Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.004{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\eventlog_provider.dll2019-07-24 17:57:31.004 11241100x8000000000000000336Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.020{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\libegl.dll2019-07-24 17:57:31.020 11241100x8000000000000000337Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.051{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\libglesv2.dll2019-07-24 17:57:31.051 11241100x8000000000000000338Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.349{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\notification_helper.exe2019-07-24 17:57:31.349 11241100x8000000000000000339Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.395{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\swiftshader\libegl.dll2019-07-24 17:57:31.395 11241100x8000000000000000340Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.442{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Temp\source3720_15323\Chrome-bin\75.0.3770.142\swiftshader\libglesv2.dll2019-07-24 17:57:31.442 11241100x8000000000000000341Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.521{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exe2019-07-24 17:57:31.521 11241100x8000000000000000342Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.521{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\setup.exe2019-07-24 17:57:31.521 11241100x8000000000000000343Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.536{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe2019-07-24 17:57:31.536 13241300x8000000000000000344Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRInvDB-PubSetValue2019-07-24 17:57:31.551{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\PublisherGoogle LLC 13241300x8000000000000000345Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1031,T1050SetValue2019-07-24 17:57:31.583{87E8D3BD-998D-5D38-0000-001030400000}568C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\GoogleChromeElevationService\StartDWORD (0x00000003) 13241300x8000000000000000346Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1031,T1050SetValue2019-07-24 17:57:31.583{87E8D3BD-998D-5D38-0000-001030400000}568C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\GoogleChromeElevationService\ImagePath"C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe" 11241100x8000000000000000347Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.583{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe2019-07-24 17:57:31.583 11241100x8000000000000000348Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10232019-07-24 17:57:31.661{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2019-07-24 17:57:31.661 13241300x8000000000000000349Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1031,T1050SetValue2019-07-24 17:57:31.661{87E8D3BD-998D-5D38-0000-001098B80000}896C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Control\WMI\AutoLogger\EventLog-Application\StartDWORD (0x00000001) 13241300x8000000000000000350Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1042SetValue2019-07-24 17:57:31.661{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeHKCR\ChromeHTML\shell\open\command\(Default)"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%%1" 12241200x8000000000000000351Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRCreateKey2019-07-24 17:57:31.661{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe 13241300x8000000000000000352Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:31.661{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\(Default)C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 12241200x8000000000000000353Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRCreateKey2019-07-24 17:57:31.661{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe 13241300x8000000000000000354Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:31.661{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\PathC:\Program Files (x86)\Google\Chrome\Application 13241300x8000000000000000355Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1042SetValue2019-07-24 17:57:31.661{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exeHKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\(Default)"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 13241300x8000000000000000356Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1031,T1050SetValue2019-07-24 17:57:31.692{87E8D3BD-998D-5D38-0000-001098B80000}896C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Control\WMI\AutoLogger\EventLog-Security\StartDWORD (0x00000001) 13241300x8000000000000000357Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1031,T1050SetValue2019-07-24 17:57:31.692{87E8D3BD-998D-5D38-0000-001098B80000}896C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Control\WMI\AutoLogger\EventLog-System\StartDWORD (0x00000001) 13241300x8000000000000000358Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1031,T1050SetValue2019-07-24 17:57:31.707{87E8D3BD-998D-5D38-0000-001098B80000}896C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Control\WMI\AutoLogger\EventLog-Application\StartDWORD (0x00000001) 13241300x8000000000000000359Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1031,T1050SetValue2019-07-24 17:57:31.723{87E8D3BD-998D-5D38-0000-001098B80000}896C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Control\WMI\AutoLogger\EventLog-Security\StartDWORD (0x00000001) 13241300x8000000000000000360Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1031,T1050SetValue2019-07-24 17:57:31.739{87E8D3BD-998D-5D38-0000-001098B80000}896C:\Windows\System32\svchost.exeHKLM\System\CurrentControlSet\Control\WMI\AutoLogger\EventLog-System\StartDWORD (0x00000001) 534500x8000000000000000361Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.739{87E8D3BD-9C02-5D38-0000-001072AC0F00}3720C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exe 534500x8000000000000000362Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.754{87E8D3BD-9C02-5D38-0000-0010CDAE0F00}2820C:\Users\GRAPLT~1\AppData\Local\Temp\CR_9D6CA.tmp\setup.exe 154100x8000000000000000363Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.761{87E8D3BD-9C0B-5D38-0000-0010FEFF0F00}1104C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe1.3.34.11Google Crash HandlerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe"C:\Program Files (x86)\Google\Update\1.3.34.11\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=A2D8BEF0CCA959E4BEB16DE982E3771C,SHA256=AFF4F2D3049B10893265524F4F1EEB297A60A9414F80EA3695BF1C58DE2BC43D{87E8D3BD-9BF8-5D38-0000-0010173C0F00}4820C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc 154100x8000000000000000364Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.775{87E8D3BD-9C0B-5D38-0000-0010CB001000}4208C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe1.3.34.11Google Crash HandlerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe"C:\Program Files (x86)\Google\Update\1.3.34.11\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=30C7CBCED8E3689E30299CABAD4B9AC7,SHA256=296F1BC3A9E0210ADA077895DEAFB9969AA8073189F1F3EB0736E9E87D17BB05{87E8D3BD-9BF8-5D38-0000-0010173C0F00}4820C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc 154100x8000000000000000365Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.828{87E8D3BD-9C0B-5D38-0000-001062071000}2996C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateOnDemand.exe1.3.34.11Google UpdateGoogle UpdateGoogle LLCgoopdate.dll"C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateOnDemand.exe" -EmbeddingC:\Windows\system32\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=597CB67524C8E93909696845D60A1647,SHA256=68F5E571FA04F07B33B82C2F7E4354DEC80F037CCF419722C26FE091F649AD39{87E8D3BD-998D-5D38-0000-00100D560000}668C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 154100x8000000000000000366Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.845{87E8D3BD-9C0B-5D38-0000-0010630B1000}3596C:\Program Files (x86)\Google\Update\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand C:\Windows\system32\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-9C0B-5D38-0000-001062071000}2996C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateOnDemand.exe"C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleUpdateOnDemand.exe" -Embedding 154100x8000000000000000367Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.853{87E8D3BD-9C0B-5D38-0000-0010730D1000}1672C:\Program Files (x86)\Google\Update\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNC4xMSIgc2hlbGxfdmVyc2lvbj0iMS4zLjM0LjExIiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0ie0FENkI2REFGLUNGNjItNEQ2OC1CQkZELTk0N0JDRUM2NDM0MH0iIHVzZXJpZD0iezg4OUZFMkM2LUE3ODYtNDk5QS1BMDNELTNEQjUyMjA0OURDRX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9IntCMTc1OEJGNC1CNEQyLTQ0N0EtOTI4Qi1GQzRBRDYxRDA3OTd9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjQiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTAyNDAuMTYzODQiIHNwPSIiIGFyY2g9Ing2NCIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M0MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSI3NS4wLjM3NzAuMTQyIiBhcD0ieDY0LXN0YWJsZS1zdGF0c2RlZl8xIiBsYW5nPSJlbiIgYnJhbmQ9IkNIQkYiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIiBpaWQ9IntGMjc4MjI3Ni03MDg1LTlFQzktQjgyQy00QjkxREYyMjdGOEZ9IiBjb2hvcnQ9IjE6Z3UvaTE5OiIgY29ob3J0bmFtZT0iU3RhYmxlIEluc3RhbGxzIE9ubHkiPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vcmVkaXJlY3Rvci5ndnQxLmNvbS9lZGdlZGwvcmVsZWFzZTIvY2hyb21lL0FKNmlXV0ljeWg5WV83NS4wLjM3NzAuMTQyLzc1LjAuMzc3MC4xNDJfY2hyb21lX2luc3RhbGxlci5leGUiIGRvd25sb2FkZWQ9IjU2OTg5NDQwIiB0b3RhbD0iNTY5ODk0NDAiIGRvd25sb2FkX3RpbWVfbXM9Ijc4NzUiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSIyNDkiIGRvd25sb2FkX3RpbWVfbXM9Ijg0MDYiIGRvd25sb2FkZWQ9IjU2OTg5NDQwIiB0b3RhbD0iNTY5ODk0NDAiIGluc3RhbGxfdGltZV9tcz0iOTczMyIvPjxkYXRhIG5hbWU9Imluc3RhbGwiIGluZGV4PSJlbXB0eSIvPjwvYXBwPjwvcmVxdWVzdD4C:\Program Files (x86)\Google\Update\1.3.34.11\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-9BF8-5D38-0000-0010173C0F00}4820C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc 154100x8000000000000000368Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.889{87E8D3BD-9C0B-5D38-0000-00101E161000}4760C:\Program Files (x86)\Google\Chrome\Application\chrome.exe75.0.3770.142Google ChromeGoogle ChromeGoogle LLCchrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Update\1.3.34.11\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=3208EA1BB78CA077A8F9BFF22FE89614,SHA256=2AD6823E4ED4920385A098F4510975B28C24DF80F1A22F677A6067D84657A5F1{87E8D3BD-9C0B-5D38-0000-0010630B1000}3596C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ondemand 534500x8000000000000000369Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.989{87E8D3BD-9BF4-5D38-0000-0010BFC30E00}4532C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdateSetup.exe 534500x8000000000000000370Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:31.989{87E8D3BD-9BF1-5D38-0000-0010159E0E00}4812C:\Users\GRAPLT~1\AppData\Local\Temp\GUM5F89.tmp\GoogleUpdate.exe 534500x8000000000000000371Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:32.067{87E8D3BD-9BF0-5D38-0000-0010C48E0E00}3696C:\Users\grapltest\Downloads\ChromeSetup.exe 12241200x8000000000000000372Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRCreateKey2019-07-24 17:57:32.333{87E8D3BD-99C8-5D38-0000-0010583C0200}3064C:\Windows\Explorer.EXEHKU\S-1-5-21-475214889-3710252578-4288414562-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached 13241300x8000000000000000373Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 17:57:32.333{87E8D3BD-99C8-5D38-0000-0010583C0200}3064C:\Windows\Explorer.EXEHKU\S-1-5-21-475214889-3710252578-4288414562-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E44E9428-BDBC-4987-A099-40DC8FD255E7} {6A283FE2-ECFA-4599-91C4-E80957137B26} 0xFFFFBinary Data 154100x8000000000000000374Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:32.381{87E8D3BD-9C0C-5D38-0000-001002531000}2824C:\Windows\System32\OpenWith.exe10.0.10240.16384 (th1.150709-1700)Pick an appMicrosoft® Windows® Operating SystemMicrosoft CorporationOpenWith.exeC:\Windows\system32\OpenWith.exe -EmbeddingC:\Windows\system32\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=48B55F1A04D3B299B384FB8296C6DEF8,SHA256=7BB18DFE888E8D509EA005A5B3F11997F970DA035A40D3F2A73D54E5C03F5E68{87E8D3BD-998D-5D38-0000-00100D560000}668C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 13241300x8000000000000000375Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRInvDBSetValue2019-07-24 17:57:34.072{87E8D3BD-998D-5D38-0000-001039DC0000}300C:\Windows\system32\svchost.exeHKU\S-1-5-21-475214889-3710252578-4288414562-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\grapltest\Downloads\ChromeSetup.exeBinary Data 22542200x8000000000000000376Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:34.356{87E8D3BD-9C0C-5D38-0000-0010DC601000}2184accounts.google.com0172.217.0.45;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 154100x8000000000000000377Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:35.404{87E8D3BD-9C0F-5D38-0000-0010FFF61000}5128C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe75.0.3770.142Google Chrome InstallerGoogle Chrome InstallerGoogle LLC?"C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settingsC:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=02A4273B6188E1D66715912CC7B37650,SHA256=0060A4CD5CDE611F08A7A32DE9DB8E7DE00B1114B06D9A778FADBD23905F5A4D{87E8D3BD-9C0B-5D38-0000-00101E161000}4760C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 154100x8000000000000000378Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:35.442{87E8D3BD-9C0F-5D38-0000-0010DAFA1000}5148C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe75.0.3770.142Google Chrome InstallerGoogle Chrome InstallerGoogle LLC?"C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\grapltest\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=75.0.3770.142 --initial-client-data=0x1d4,0x1e8,0x1ec,0x1e4,0x1f0,0x7ff7d21c4b80,0x7ff7d21c4b90,0x7ff7d21c4ba0C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=02A4273B6188E1D66715912CC7B37650,SHA256=0060A4CD5CDE611F08A7A32DE9DB8E7DE00B1114B06D9A778FADBD23905F5A4D{87E8D3BD-9C0F-5D38-0000-0010FFF61000}5128C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe"C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --force-configure-user-settings 22542200x8000000000000000379Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:34.786{87E8D3BD-9C0C-5D38-0000-0010DC601000}2184clients2.googleusercontent.com0type: 5 googlehosted.l.googleusercontent.com;216.58.194.193;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000380Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:35.661{87E8D3BD-9C0C-5D38-0000-0010DC601000}2184wpad9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000381Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:35.816{87E8D3BD-9C0C-5D38-0000-0010DC601000}2184www.googleapis.com0type: 5 googleapis.l.google.com;216.58.194.202;172.217.0.42;172.217.6.74;172.217.164.106;216.58.194.170;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000382Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:37.547{87E8D3BD-9C0C-5D38-0000-0010DC601000}2184docs.google.com0216.58.194.206;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000383Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:41.787{87E8D3BD-9C0C-5D38-0000-0010DC601000}2184vfzeumyrhlrgtpj9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000384Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:41.787{87E8D3BD-9C0C-5D38-0000-0010DC601000}2184oksroiomjduzmk9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000385Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:57:41.787{87E8D3BD-9C0C-5D38-0000-0010DC601000}2184lvyqdvcbrlav9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000386Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:59:51.460{87E8D3BD-99C8-5D38-0000-0010583C0200}3064ocsp.thawte.com0type: 5 ocsp-ds.ws.symantec.com.edgekey.net;type: 5 e8218.dscb1.akamaiedge.net;::ffff:23.35.171.27;C:\Windows\explorer.exe 22542200x8000000000000000387Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 17:59:51.585{87E8D3BD-99C8-5D38-0000-0010583C0200}3064th.symcd.com0type: 5 ocsp-ds.ws.symantec.com.edgekey.net;type: 5 e8218.dscb1.akamaiedge.net;::ffff:23.35.171.27;C:\Windows\explorer.exe 11241100x8000000000000000388Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:00:05.379{87E8D3BD-99C8-5D38-0000-0010583C0200}3064C:\Windows\Explorer.EXEC:\$Recycle.Bin\S-1-5-21-475214889-3710252578-4288414562-1001\$I4H853V.exe2019-07-24 18:00:05.379 154100x8000000000000000389Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:02:39.363{87E8D3BD-9D3F-5D38-0000-0010E5551700}5460C:\Program Files (x86)\Google\Update\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /crC:\Program Files (x86)\Google\Update\1.3.34.11\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-9D3F-5D38-0000-00101B521700}6008C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c 154100x8000000000000000390Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:02:39.365{87E8D3BD-9D3F-5D38-0000-00103C561700}3328C:\Program Files (x86)\Google\Update\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource schedulerC:\Windows\system32\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-9D3F-5D38-0000-001066521700}5468C:\Windows\System32\taskeng.exetaskeng.exe {128FF785-1A68-47E7-9D65-2006961D09D5} S-1-5-18:NT AUTHORITY\System:Service: 154100x8000000000000000391Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:02:39.369{87E8D3BD-9D3F-5D38-0000-00100A571700}3040C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe1.3.34.11Google Crash HandlerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe"C:\Program Files (x86)\Google\Update\1.3.34.11\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=A2D8BEF0CCA959E4BEB16DE982E3771C,SHA256=AFF4F2D3049B10893265524F4F1EEB297A60A9414F80EA3695BF1C58DE2BC43D{87E8D3BD-9D3F-5D38-0000-00101B521700}6008C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c 154100x8000000000000000392Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:02:39.370{87E8D3BD-9D3F-5D38-0000-001088571700}4684C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe1.3.34.11Google Crash HandlerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe"C:\Program Files (x86)\Google\Update\1.3.34.11\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=30C7CBCED8E3689E30299CABAD4B9AC7,SHA256=296F1BC3A9E0210ADA077895DEAFB9969AA8073189F1F3EB0736E9E87D17BB05{87E8D3BD-9D3F-5D38-0000-00101B521700}6008C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c 154100x8000000000000000393Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:02:39.384{87E8D3BD-9D3F-5D38-0000-0010165C1700}4224C:\Program Files (x86)\Google\Update\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource coreC:\Program Files (x86)\Google\Update\1.3.34.11\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-9D3F-5D38-0000-00101B521700}6008C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c 154100x8000000000000000394Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:02:39.406{87E8D3BD-9D3F-5D38-0000-00109A641700}4164C:\Program Files (x86)\Google\Update\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /registermsihelperC:\Program Files (x86)\Google\Update\1.3.34.11\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-9D3F-5D38-0000-00103C561700}3328C:\Program Files (x86)\Google\Update\GoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler 154100x8000000000000000395Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:02:39.544{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\System32\msiexec.exe5.0.10240.16384 (th1.150709-1700)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exeC:\Windows\system32\msiexec.exe /VC:\Windows\system32\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=83467A4436B2CE632DFDF60C29608BE5,SHA256=4FF1CA00B8791F207CD8C19A5B0ABA3D286C3FAEB6EC921CBED21E4290ADF2A5{87E8D3BD-998D-5D38-0000-001030400000}568C:\Windows\System32\services.exeC:\Windows\system32\services.exe 13241300x8000000000000000396Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 18:02:39.932{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC\InstallProperties\InstallSourceC:\Program Files (x86)\Google\Update\1.3.34.11\ 13241300x8000000000000000397Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRInvDB-PubSetValue2019-07-24 18:02:39.932{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC\InstallProperties\PublisherGoogle LLC 13241300x8000000000000000398Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 18:02:39.932{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC\InstallProperties\URLUpdateInfo(Empty) 13241300x8000000000000000399Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 18:02:39.932{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\InstallSourceC:\Program Files (x86)\Google\Update\1.3.34.11\ 13241300x8000000000000000400Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRInvDB-PubSetValue2019-07-24 18:02:39.932{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\PublisherGoogle LLC 13241300x8000000000000000401Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 18:02:39.932{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\URLUpdateInfo(Empty) 154100x8000000000000000402Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:09.054{87E8D3BD-9D5D-5D38-0000-0010D10E1800}1312C:\Program Files (x86)\Google\Update\GoogleUpdate.exe1.3.34.11Google InstallerGoogle UpdateGoogle LLCGoogleUpdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svcC:\Windows\system32\NT AUTHORITY\SYSTEM{87E8D3BD-998D-5D38-0000-0020E7030000}0x3e70SystemMD5=82F657B0AEE67A6A560321CF0927F9F7,SHA256=794CF7644115198DB451431BCA7C89FF9A97550482B1E3F7F13EB7ACA6120A11{87E8D3BD-998D-5D38-0000-001030400000}568C:\Windows\System32\services.exeC:\Windows\system32\services.exe 154100x8000000000000000403Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:20.087{87E8D3BD-9D68-5D38-0000-00100B6C1800}5176C:\Program Files (x86)\Google\Chrome\Application\chrome.exe75.0.3770.142Google ChromeGoogle ChromeGoogle LLCchrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" C:\Program Files (x86)\Google\Chrome\Application\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=3208EA1BB78CA077A8F9BFF22FE89614,SHA256=2AD6823E4ED4920385A098F4510975B28C24DF80F1A22F677A6067D84657A5F1{87E8D3BD-99C8-5D38-0000-0010583C0200}3064C:\Windows\explorer.exeC:\Windows\Explorer.EXE 13241300x8000000000000000404Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRInvDBSetValue2019-07-24 18:03:20.089{87E8D3BD-998D-5D38-0000-001039DC0000}300C:\Windows\system32\svchost.exeHKU\S-1-5-21-475214889-3710252578-4288414562-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files (x86)\Google\Chrome\Application\chrome.exeBinary Data 22542200x8000000000000000405Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:01.390{87E8D3BD-9D68-5D38-0000-001022791800}4900accounts.google.com0216.58.194.173;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000406Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:01.552{87E8D3BD-9D68-5D38-0000-001022791800}4900clients2.googleusercontent.com0type: 5 googlehosted.l.googleusercontent.com;172.217.5.97;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000407Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:02.751{87E8D3BD-9D68-5D38-0000-001022791800}4900wpad9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000408Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:02.751{87E8D3BD-9D68-5D38-0000-001022791800}4900wpad9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000409Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:02.758{87E8D3BD-9D68-5D38-0000-001022791800}4900wpad9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000410Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:02.823{87E8D3BD-9D68-5D38-0000-001022791800}4900docs.google.com0172.217.164.110;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000411Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:09.518{87E8D3BD-9D68-5D38-0000-001022791800}4900streahqvzkbclrz9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000412Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:09.518{87E8D3BD-9D68-5D38-0000-001022791800}4900dadoibuugr9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000413Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:09.518{87E8D3BD-9D68-5D38-0000-001022791800}4900livlwrgdlus9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000414Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:11.631{87E8D3BD-9D68-5D38-0000-001022791800}4900wpad9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000415Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:11.631{87E8D3BD-9D68-5D38-0000-001022791800}4900wpad9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000416Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:11.758{87E8D3BD-9D68-5D38-0000-001022791800}4900wpad9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 11241100x8000000000000000417Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileCreate-Downloads2019-07-24 18:03:38.484{87E8D3BD-9D68-5D38-0000-00100B6C1800}5176C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\grapltest\Downloads\676423d0-5270-46e9-b164-4c158b7c06da.tmp2019-07-24 18:03:38.484 22542200x8000000000000000418Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:28.953{87E8D3BD-9D68-5D38-0000-001022791800}4900grapl-demo-test-binaries-74e3db4bdc5a.s3.amazonaws.com0type: 5 s3-directional-w.amazonaws.com;type: 5 s3-1-w.amazonaws.com;52.217.36.148;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000419Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:30.790{87E8D3BD-9D68-5D38-0000-001022791800}4900sb-ssl.google.com0type: 5 sb-ssl.l.google.com;172.217.5.110;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 15241500x8000000000000000420Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileStream-Downloads2019-07-24 18:03:43.887{87E8D3BD-9D68-5D38-0000-00100B6C1800}5176C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\grapltest\Downloads\dropper.exe2019-07-24 18:03:38.484MD5=C7658F72E61A42B837097A5470D82195,SHA256=D99973C424E069636EABB5647E3A7DE2B2C45CBDCD87D5C8DCA5DF289D69AA12 11241100x8000000000000000421Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileCreate-Downloads2019-07-24 18:03:43.936{87E8D3BD-9D68-5D38-0000-00100B6C1800}5176C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\grapltest\Downloads\dropper.exe:Zone.Identifier2019-07-24 18:03:38.484 15241500x8000000000000000422Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileStream-Downloads2019-07-24 18:03:43.936{87E8D3BD-9D68-5D38-0000-00100B6C1800}5176C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\grapltest\Downloads\dropper.exe:Zone.Identifier2019-07-24 18:03:38.484MD5=FBCCF14D504B7B2DBCB5A5BDA75BD93B,SHA256=EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 22542200x8000000000000000423Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:36.901{87E8D3BD-9D68-5D38-0000-001022791800}4900safebrowsing.google.com0type: 5 sb.l.google.com;172.217.0.46;C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 154100x8000000000000000424Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:48.309{87E8D3BD-9D84-5D38-0000-00104B0C1A00}4404C:\Users\grapltest\Downloads\dropper.exe?????"C:\Users\grapltest\Downloads\dropper.exe" C:\Users\grapltest\Downloads\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=C7658F72E61A42B837097A5470D82195,SHA256=D99973C424E069636EABB5647E3A7DE2B2C45CBDCD87D5C8DCA5DF289D69AA12{87E8D3BD-9D68-5D38-0000-00100B6C1800}5176C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 154100x8000000000000000425Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:56.740{87E8D3BD-9D8C-5D38-0000-0010EC5D1A00}1584C:\Windows\System32\browser_broker.exe11.00.10240.16384 (th1.150709-1700)Browser_BrokerMicrosoft® Windows® Operating SystemMicrosoft Corporationbrowser_broker.EXEC:\Windows\system32\browser_broker.exe -EmbeddingC:\Windows\system32\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=B16C0A292884D94FF1BB05FDE98E8DC6,SHA256=5E5B6B811AE95CA05079EB60369218286AADCA573717A57FA2DFD0A5AC9DB942{87E8D3BD-998D-5D38-0000-00100D560000}668C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 22542200x8000000000000000426Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:53.839{87E8D3BD-9D8C-5D38-0000-0010BB701A00}5380img-s-msn-com.akamaized.net0type: 5 a1834.dspg2.akamai.net;::ffff:184.28.221.43;::ffff:184.28.221.41;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe 22542200x8000000000000000427Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:53.839{87E8D3BD-9D8C-5D38-0000-0010BB701A00}5380static-spartan-wus-s-msn-com.akamaized.net0type: 5 a743.g2.akamai.net;::ffff:184.28.221.49;::ffff:184.28.221.42;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe 22542200x8000000000000000428Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:53.891{87E8D3BD-9D8C-5D38-0000-0010BB701A00}5380pr-bh.ybp.yahoo.com0type: 5 ds-pr-bh.ybp.gysm.yahoodns.net;::ffff:74.6.34.27;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe 22542200x8000000000000000429Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:03:54.449{87E8D3BD-9D8C-5D38-0000-0010BB701A00}5380img.s-msn.com0type: 5 wildcard.s-msn.com.edgekey.net;type: 5 e7341.g.akamaiedge.net;::ffff:184.27.37.51;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe 22542200x8000000000000000430Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:02.478{87E8D3BD-9D68-5D38-0000-001022791800}4900wpad9003C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 22542200x8000000000000000431Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:05.628{87E8D3BD-9D8C-5D38-0000-0010EE6D1A00}5528answersstaticfilecdn.azureedge.net0type: 5 answersstaticfilecdn.akstd.azureedge.net;type: 5 azureedge.mdc.akamaized.net;type: 5 a1879.dscw14.akamai.net;::ffff:23.223.57.161;::ffff:23.223.57.144;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x8000000000000000432Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:05.736{87E8D3BD-9D8C-5D38-0000-0010EE6D1A00}5528az725175.vo.msecnd.net0type: 5 cs22.wpc.v0cdn.net;::ffff:152.199.4.33;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x8000000000000000433Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:05.779{87E8D3BD-9D8C-5D38-0000-0010EE6D1A00}5528mem.gfx.ms0type: 5 cdn.account.microsoft.com.akadns.net;type: 5 mem.gfx.ms.edgekey.net;type: 5 e55.dspb.akamaiedge.net;::ffff:172.231.38.81;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x8000000000000000434Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:06.418{87E8D3BD-9D8C-5D38-0000-0010EE6D1A00}5528cdnssl.clicktale.net0type: 5 cdn.clicktale.net.edgekey.net;type: 5 e11696.dscg.akamaiedge.net;::ffff:104.81.189.191;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x8000000000000000435Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:06.759{87E8D3BD-9D8C-5D38-0000-0010EE6D1A00}5528conductor.clicktale.net0type: 5 nv-p2-elb-ext-spray-01-308118214.us-east-1.elb.amazonaws.com;::ffff:52.206.98.166;::ffff:52.206.206.119;::ffff:52.0.205.25;::ffff:52.200.89.180;::ffff:52.200.215.239;::ffff:52.201.33.187;::ffff:52.204.99.153;::ffff:52.205.85.60;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x8000000000000000436Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:11.163{87E8D3BD-9D8C-5D38-0000-0010EE6D1A00}5528assets.onestore.ms0type: 5 assets.onestore.ms.akadns.net;type: 5 assets.onestore.ms.edgekey.net;type: 5 e10583.dspg.akamaiedge.net;type: 5 user-att-99-0-80-0.e10583.dspg.akamaiedge.net;::ffff:23.64.184.128;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x8000000000000000437Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:11.167{87E8D3BD-9D8C-5D38-0000-0010EE6D1A00}5528statics-marketingsites-eus-ms-com.akamaized.net0type: 5 a1945.g2.akamai.net;type: 5 user-att-99-0-80-0.a1945.g2.akamai.net;::ffff:23.215.102.10;::ffff:23.215.102.25;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 22542200x8000000000000000438Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:11.170{87E8D3BD-9D8C-5D38-0000-0010EE6D1A00}5528img-prod-cms-rt-microsoft-com.akamaized.net0type: 5 a1449.dscg2.akamai.net;type: 5 user-att-99-0-80-0.a1449.dscg2.akamai.net;::ffff:23.215.102.24;::ffff:23.215.102.41;C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 534500x8000000000000000439Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:16.541{87E8D3BD-9D84-5D38-0000-00104B0C1A00}4404C:\Users\grapltest\Downloads\dropper.exe 11241100x8000000000000000440Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:31.892{87E8D3BD-9D8C-5D38-0000-0010EE6D1A00}5528C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exeC:\Users\grapltest\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5JZMQ4NA\vc_redist.x64[1].exe2019-07-24 18:04:31.892 11241100x8000000000000000441Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileCreate-Downloads2019-07-24 18:04:32.297{87E8D3BD-9D8C-5D38-0000-0010EC5D1A00}1584C:\Windows\system32\browser_broker.exeC:\Users\grapltest\Downloads\vc_redist.x64.exe.ke8qixz.partial2019-07-24 18:04:32.297 15241500x8000000000000000442Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileStream-Downloads2019-07-24 18:04:34.540{87E8D3BD-9D8C-5D38-0000-0010EC5D1A00}1584C:\Windows\system32\browser_broker.exeC:\Users\grapltest\Downloads\vc_redist.x64.exe.ke8qixz.partial2019-07-24 18:04:32.297MD5=528538419A5A6F889650B2721813F228,SHA256=DD479820F34498C706BD61C4E7BDAFC18A739E397762D7E16D7AD0B9A4CBD79F 11241100x8000000000000000443Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileCreate-Downloads2019-07-24 18:04:34.678{87E8D3BD-9D8C-5D38-0000-0010EC5D1A00}1584C:\Windows\system32\browser_broker.exeC:\Users\grapltest\Downloads\vc_redist.x64.exe.ke8qixz.partial:Zone.Identifier2019-07-24 18:04:32.297 15241500x8000000000000000444Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileStream-Downloads2019-07-24 18:04:34.678{87E8D3BD-9D8C-5D38-0000-0010EC5D1A00}1584C:\Windows\system32\browser_broker.exeC:\Users\grapltest\Downloads\vc_redist.x64.exe.ke8qixz.partial:Zone.Identifier2019-07-24 18:04:32.297MD5=FBCCF14D504B7B2DBCB5A5BDA75BD93B,SHA256=EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 15241500x8000000000000000445Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileStream-Downloads2019-07-24 18:04:39.163{87E8D3BD-9D8C-5D38-0000-0010EC5D1A00}1584C:\Windows\system32\browser_broker.exeC:\Users\grapltest\Downloads\vc_redist.x64.exe2019-07-24 18:04:32.297MD5=528538419A5A6F889650B2721813F228,SHA256=DD479820F34498C706BD61C4E7BDAFC18A739E397762D7E16D7AD0B9A4CBD79F 15241500x8000000000000000446Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileStream-Downloads2019-07-24 18:04:39.311{87E8D3BD-9D8C-5D38-0000-0010EC5D1A00}1584C:\Windows\system32\browser_broker.exeC:\Users\grapltest\Downloads\vc_redist.x64.exe:Zone.Identifier2019-07-24 18:04:32.297MD5=FBCCF14D504B7B2DBCB5A5BDA75BD93B,SHA256=EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 154100x8000000000000000447Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.321{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exe14.0.24123.0Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123Microsoft CorporationVC_redist.x64.exe"C:\Users\grapltest\Downloads\vc_redist.x64.exe" C:\Windows\system32\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=528538419A5A6F889650B2721813F228,SHA256=DD479820F34498C706BD61C4E7BDAFC18A739E397762D7E16D7AD0B9A4CBD79F{87E8D3BD-9D8C-5D38-0000-0010EC5D1A00}1584C:\Windows\System32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding 13241300x8000000000000000448Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRInvDBSetValue2019-07-24 18:04:39.481{87E8D3BD-998D-5D38-0000-001039DC0000}300C:\Windows\system32\svchost.exeHKU\S-1-5-21-475214889-3710252578-4288414562-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\grapltest\Downloads\vc_redist.x64.exeBinary Data 11241100x8000000000000000449Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.510{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\wixstdba.dll2019-07-24 18:04:39.510 244200x8000000000000000450Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.511{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\wixstdba.dll2014-11-17 18:38:12.0002019-07-24 18:04:39.510 11241100x8000000000000000451Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.531{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1028\license.rtf2019-07-24 18:04:39.531 244200x8000000000000000452Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.531{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1028\license.rtf2016-04-27 20:28:06.0002019-07-24 18:04:39.531 11241100x8000000000000000453Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.540{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1029\license.rtf2019-07-24 18:04:39.540 244200x8000000000000000454Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.541{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1029\license.rtf2016-04-27 20:28:06.0002019-07-24 18:04:39.540 11241100x8000000000000000455Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.552{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1031\license.rtf2019-07-24 18:04:39.552 244200x8000000000000000456Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.552{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1031\license.rtf2016-04-27 20:28:06.0002019-07-24 18:04:39.552 11241100x8000000000000000457Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.562{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1036\license.rtf2019-07-24 18:04:39.562 244200x8000000000000000458Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.563{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1036\license.rtf2016-04-27 20:28:06.0002019-07-24 18:04:39.562 11241100x8000000000000000459Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.573{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1040\license.rtf2019-07-24 18:04:39.573 244200x8000000000000000460Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.573{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1040\license.rtf2016-04-27 20:28:06.0002019-07-24 18:04:39.573 11241100x8000000000000000461Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.583{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1041\license.rtf2019-07-24 18:04:39.582 244200x8000000000000000462Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.583{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1041\license.rtf2016-04-27 20:28:06.0002019-07-24 18:04:39.582 11241100x8000000000000000463Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.601{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1042\license.rtf2019-07-24 18:04:39.601 244200x8000000000000000464Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.602{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1042\license.rtf2016-04-27 20:28:06.0002019-07-24 18:04:39.601 11241100x8000000000000000465Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.614{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1045\license.rtf2019-07-24 18:04:39.614 244200x8000000000000000466Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.615{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1045\license.rtf2016-04-27 20:28:06.0002019-07-24 18:04:39.614 11241100x8000000000000000467Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.628{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1046\license.rtf2019-07-24 18:04:39.628 244200x8000000000000000468Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.628{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1046\license.rtf2016-04-27 20:28:06.0002019-07-24 18:04:39.628 11241100x8000000000000000469Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.642{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1049\license.rtf2019-07-24 18:04:39.641 244200x8000000000000000470Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.642{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1049\license.rtf2016-05-04 04:25:04.0002019-07-24 18:04:39.641 11241100x8000000000000000471Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.658{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1055\license.rtf2019-07-24 18:04:39.658 244200x8000000000000000472Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.658{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1055\license.rtf2016-04-27 20:28:06.0002019-07-24 18:04:39.658 11241100x8000000000000000473Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.672{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\2052\license.rtf2019-07-24 18:04:39.671 244200x8000000000000000474Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.672{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\2052\license.rtf2016-04-27 20:28:06.0002019-07-24 18:04:39.671 11241100x8000000000000000475Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.683{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\3082\license.rtf2019-07-24 18:04:39.683 244200x8000000000000000476Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.684{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\3082\license.rtf2016-04-27 20:28:06.0002019-07-24 18:04:39.683 244200x8000000000000000477Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.698{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\thm.xml2014-04-09 00:42:38.0002019-07-24 18:04:39.697 244200x8000000000000000478Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.704{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.703 244200x8000000000000000479Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.710{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\logo.png2016-04-27 20:39:14.0002019-07-24 18:04:39.710 11241100x8000000000000000480Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:39.712{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\license.rtf2019-07-24 18:04:39.711 244200x8000000000000000481Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.712{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\license.rtf2016-04-27 20:28:06.0002019-07-24 18:04:39.711 244200x8000000000000000482Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.723{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1028\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.723 244200x8000000000000000483Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.728{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1029\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.728 244200x8000000000000000484Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.731{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1031\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.731 244200x8000000000000000485Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.736{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1036\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.735 244200x8000000000000000486Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.738{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1040\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.737 244200x8000000000000000487Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.741{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1041\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.739 244200x8000000000000000488Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.743{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1042\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.743 244200x8000000000000000489Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.748{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1045\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.747 244200x8000000000000000490Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.750{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1046\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.750 244200x8000000000000000491Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.753{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1049\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.753 244200x8000000000000000492Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.756{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\1055\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.755 244200x8000000000000000493Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.759{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\2052\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.758 244200x8000000000000000494Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.761{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\3082\thm.wxl2016-04-27 20:39:20.0002019-07-24 18:04:39.761 244200x8000000000000000495Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:39.763{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.ba1\BootstrapperApplicationData.xml2016-05-23 06:35:42.0002019-07-24 18:04:39.763 11241100x8000000000000000496Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:45.048{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.be\VC_redist.x64.exe2019-07-24 18:04:45.048 154100x8000000000000000497Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:47.529{87E8D3BD-9DBF-5D38-0000-0010BACB1C00}464C:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.be\VC_redist.x64.exe14.0.24123.0Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123Microsoft CorporationVC_redist.x64.exe"C:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{4D83FEDB-E6B2-4169-8B67-D97C4E080377} {E4FF28A4-2F19-4EEA-AC44-3206FB74C4CC} 3968C:\Windows\SysWOW64\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002061140200}0x214611HighMD5=55A358491757F7BEB50474955BF65560,SHA256=5AD585F795AD22A4A9CBD3A6492BEFEBEF6F96D8FC60D154FCFB75421AFDF976{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exe"C:\Users\grapltest\Downloads\vc_redist.x64.exe" 11241100x8000000000000000498Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:47.924{87E8D3BD-9DBF-5D38-0000-0010BACB1C00}464C:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.be\VC_redist.x64.exeC:\ProgramData\Package Cache\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\VC_redist.x64.exe2019-07-24 18:04:47.923 13241300x8000000000000000499Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRInvDB-PubSetValue2019-07-24 18:04:47.927{87E8D3BD-9DBF-5D38-0000-0010BACB1C00}464C:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.be\VC_redist.x64.exeHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\PublisherMicrosoft Corporation 12241200x8000000000000000500Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1060,RunKeyCreateKey2019-07-24 18:04:47.927{87E8D3BD-9DBF-5D38-0000-0010BACB1C00}464C:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.be\VC_redist.x64.exeHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce 13241300x8000000000000000501Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1060,RunKeySetValue2019-07-24 18:04:47.927{87E8D3BD-9DBF-5D38-0000-0010BACB1C00}464C:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.be\VC_redist.x64.exeHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}"C:\ProgramData\Package Cache\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\VC_redist.x64.exe" /burn.runonce 244200x8000000000000000502Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:47.936{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\vcRuntimeMinimum_x642016-05-23 06:34:26.0002019-07-24 18:04:47.935 244200x8000000000000000503Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:47.942{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\vcRuntimeAdditional_x642016-05-23 06:34:56.0002019-07-24 18:04:47.940 244200x8000000000000000504Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:47.964{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\cab5046A8AB272BF37297BB7928664C95032016-05-23 06:33:16.0002019-07-24 18:04:47.946 244200x8000000000000000505Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT10992019-07-24 18:04:47.990{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exeC:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\cab2C04DDC374BD96EB5C8EB8208F2C7C922016-05-23 06:33:46.0002019-07-24 18:04:47.968 11241100x8000000000000000506Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:48.611{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\concrt140.dll2019-07-24 18:04:48.611 11241100x8000000000000000507Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:48.636{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\msvcp140.dll2019-07-24 18:04:48.636 11241100x8000000000000000508Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:48.658{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\vcamp140.dll2019-07-24 18:04:48.658 11241100x8000000000000000509Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:48.692{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\vccorlib140.dll2019-07-24 18:04:48.691 11241100x8000000000000000510Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:48.714{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\vcomp140.dll2019-07-24 18:04:48.714 11241100x8000000000000000511Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:48.738{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\vcruntime140.dll2019-07-24 18:04:48.738 13241300x8000000000000000512Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 18:04:48.804{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BD9EBDF19A782A32BE707E57FFCEA75\InstallProperties\InstallSourceC:\ProgramData\Package Cache\{FDBE9DB4-7A91-3A28-B27E-705EF7CFAE57}v14.0.24123\packages\vcRuntimeMinimum_amd64\ 13241300x8000000000000000513Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRInvDB-PubSetValue2019-07-24 18:04:48.804{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BD9EBDF19A782A32BE707E57FFCEA75\InstallProperties\PublisherMicrosoft Corporation 13241300x8000000000000000514Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 18:04:48.804{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BD9EBDF19A782A32BE707E57FFCEA75\InstallProperties\URLUpdateInfo(Empty) 13241300x8000000000000000515Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 18:04:48.805{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDBE9DB4-7A91-3A28-B27E-705EF7CFAE57}\InstallSourceC:\ProgramData\Package Cache\{FDBE9DB4-7A91-3A28-B27E-705EF7CFAE57}v14.0.24123\packages\vcRuntimeMinimum_amd64\ 13241300x8000000000000000516Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRInvDB-PubSetValue2019-07-24 18:04:48.805{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDBE9DB4-7A91-3A28-B27E-705EF7CFAE57}\PublisherMicrosoft Corporation 13241300x8000000000000000517Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 18:04:48.806{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FDBE9DB4-7A91-3A28-B27E-705EF7CFAE57}\URLUpdateInfo(Empty) 11241100x8000000000000000518Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.373{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfc140.dll2019-07-24 18:04:49.373 11241100x8000000000000000519Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.451{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfc140chs.dll2019-07-24 18:04:49.451 11241100x8000000000000000520Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.464{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfc140cht.dll2019-07-24 18:04:49.463 11241100x8000000000000000521Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.475{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfc140deu.dll2019-07-24 18:04:49.473 11241100x8000000000000000522Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.484{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfc140enu.dll2019-07-24 18:04:49.484 11241100x8000000000000000523Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.497{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfc140esn.dll2019-07-24 18:04:49.495 11241100x8000000000000000524Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.504{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfc140fra.dll2019-07-24 18:04:49.504 11241100x8000000000000000525Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.516{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfc140ita.dll2019-07-24 18:04:49.516 11241100x8000000000000000526Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.527{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfc140jpn.dll2019-07-24 18:04:49.526 11241100x8000000000000000527Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.538{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfc140kor.dll2019-07-24 18:04:49.538 11241100x8000000000000000528Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.548{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfc140rus.dll2019-07-24 18:04:49.548 11241100x8000000000000000529Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.557{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfc140u.dll2019-07-24 18:04:49.557 11241100x8000000000000000530Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.627{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfcm140.dll2019-07-24 18:04:49.627 11241100x8000000000000000531Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:49.650{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeC:\Windows\System32\mfcm140u.dll2019-07-24 18:04:49.650 13241300x8000000000000000532Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 18:04:49.697{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9804311295B98C43EB1129D962DA2570\InstallProperties\InstallSourceC:\ProgramData\Package Cache\{21134089-9B59-34C8-BE11-929D26AD5207}v14.0.24123\packages\vcRuntimeAdditional_amd64\ 13241300x8000000000000000533Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRInvDB-PubSetValue2019-07-24 18:04:49.697{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9804311295B98C43EB1129D962DA2570\InstallProperties\PublisherMicrosoft Corporation 13241300x8000000000000000534Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 18:04:49.698{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9804311295B98C43EB1129D962DA2570\InstallProperties\URLUpdateInfo(Empty) 13241300x8000000000000000535Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 18:04:49.698{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21134089-9B59-34C8-BE11-929D26AD5207}\InstallSourceC:\ProgramData\Package Cache\{21134089-9B59-34C8-BE11-929D26AD5207}v14.0.24123\packages\vcRuntimeAdditional_amd64\ 13241300x8000000000000000536Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRInvDB-PubSetValue2019-07-24 18:04:49.700{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21134089-9B59-34C8-BE11-929D26AD5207}\PublisherMicrosoft Corporation 13241300x8000000000000000537Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRSetValue2019-07-24 18:04:49.700{87E8D3BD-9D3F-5D38-0000-00101A711700}2824C:\Windows\system32\msiexec.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21134089-9B59-34C8-BE11-929D26AD5207}\URLUpdateInfo(Empty) 12241200x8000000000000000538Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRT1060,RunKeyDeleteValue2019-07-24 18:04:49.876{87E8D3BD-9DBF-5D38-0000-0010BACB1C00}464C:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.be\VC_redist.x64.exeHKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4} 534500x8000000000000000539Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:56.912{87E8D3BD-9DBF-5D38-0000-0010BACB1C00}464C:\Users\GRAPLT~1\AppData\Local\Temp\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}\.be\VC_redist.x64.exe 534500x8000000000000000540Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:56.946{87E8D3BD-9DB7-5D38-0000-001005841C00}3968C:\Users\grapltest\Downloads\vc_redist.x64.exe 13241300x8000000000000000541Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRInvDBSetValue2019-07-24 18:04:59.953{87E8D3BD-998D-5D38-0000-001039DC0000}300C:\Windows\system32\svchost.exeHKU\S-1-5-21-475214889-3710252578-4288414562-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Users\grapltest\Downloads\vc_redist.x64.exeBinary Data 154100x8000000000000000542Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:05:11.591{87E8D3BD-9DD7-5D38-0000-00107E781D00}4164C:\Users\grapltest\Downloads\dropper.exe?????"C:\Users\grapltest\Downloads\dropper.exe" C:\Users\grapltest\Downloads\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=C7658F72E61A42B837097A5470D82195,SHA256=D99973C424E069636EABB5647E3A7DE2B2C45CBDCD87D5C8DCA5DF289D69AA12{87E8D3BD-9D68-5D38-0000-00100B6C1800}5176C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 11241100x8000000000000000543Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABRFileCreate-Downloads2019-07-24 18:05:12.673{87E8D3BD-9DD7-5D38-0000-00107E781D00}4164C:\Users\grapltest\Downloads\dropper.exeC:\Users\grapltest\Downloads\svchost.exe2019-07-24 18:05:12.673 154100x8000000000000000544Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:05:12.686{87E8D3BD-9DD8-5D38-0000-0010C7861D00}5824C:\Windows\System32\cmd.exe10.0.10240.16384 (th1.150709-1700)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd" /C .\svchost.exeC:\Users\grapltest\Downloads\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=A6177D080759CF4A03EF837A38F62401,SHA256=79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35{87E8D3BD-9DD7-5D38-0000-00107E781D00}4164C:\Users\grapltest\Downloads\dropper.exe"C:\Users\grapltest\Downloads\dropper.exe" 154100x8000000000000000545Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:05:12.699{87E8D3BD-9DD8-5D38-0000-00109F871D00}6132C:\Users\grapltest\Downloads\svchost.exe?????.\svchost.exeC:\Users\grapltest\Downloads\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=0401ACBF896AB7216829DBDB94796234,SHA256=DA0273B21866E3CD1226F33F0558723B3D08375F343BE6026C2E661F4C86B396{87E8D3BD-9DD8-5D38-0000-0010C7861D00}5824C:\Windows\System32\cmd.exe"cmd" /C .\svchost.exe 154100x8000000000000000546Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:05:12.711{87E8D3BD-9DD8-5D38-0000-00109D881D00}5344C:\Windows\System32\cmd.exe10.0.10240.16384 (th1.150709-1700)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd" /C "rpcping -s 127.0.0.1 -e 1234 -a privacy -u NTLM"C:\Users\grapltest\Downloads\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=A6177D080759CF4A03EF837A38F62401,SHA256=79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35{87E8D3BD-9DD8-5D38-0000-00109F871D00}6132C:\Users\grapltest\Downloads\svchost.exe.\svchost.exe 154100x8000000000000000547Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:05:12.771{87E8D3BD-9DD8-5D38-0000-00106D891D00}4544C:\Windows\System32\RpcPing.exe10.0.10240.16384 (th1.150709-1700)RPC Ping UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationRpcPing.exerpcping -s 127.0.0.1 -e 1234 -a privacy -u NTLMC:\Users\grapltest\Downloads\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=386EC38DE1AF1DAB8664F2BE15739F52,SHA256=F58C0C151EF0C4D71A5CB2B39281F731B7A713343769C856C6A4A826A7347BFE{87E8D3BD-9DD8-5D38-0000-00109D881D00}5344C:\Windows\System32\cmd.exe"cmd" /C "rpcping -s 127.0.0.1 -e 1234 -a privacy -u NTLM" 154100x8000000000000000548Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:05:14.352{87E8D3BD-9DDA-5D38-0000-001067921D00}4172C:\Windows\System32\cmd.exe10.0.10240.16384 (th1.150709-1700)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd" /C whoamiC:\Users\grapltest\Downloads\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=A6177D080759CF4A03EF837A38F62401,SHA256=79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35{87E8D3BD-9DD8-5D38-0000-00109F871D00}6132C:\Users\grapltest\Downloads\svchost.exe.\svchost.exe 154100x8000000000000000549Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:05:14.372{87E8D3BD-9DDA-5D38-0000-001044931D00}4660C:\Windows\System32\whoami.exe10.0.10240.16384 (th1.150709-1700)whoami - displays logged on user informationMicrosoft® Windows® Operating SystemMicrosoft Corporationwhoami.exewhoamiC:\Users\grapltest\Downloads\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=427214108818B31F0281D439FA554D01,SHA256=8FBDC065F9081172475779D739424B399948B506771B9B84AFE75C1B4768048C{87E8D3BD-9DDA-5D38-0000-001067921D00}4172C:\Windows\System32\cmd.exe"cmd" /C whoami 154100x8000000000000000550Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:05:14.399{87E8D3BD-9DDA-5D38-0000-0010A3941D00}5752C:\Windows\System32\cmd.exe10.0.10240.16384 (th1.150709-1700)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd" /C "msiexec /quiet /i cmd.msi"C:\Users\grapltest\Downloads\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=A6177D080759CF4A03EF837A38F62401,SHA256=79D1FFABDD7841D9043D4DDF1F93721BCD35D823614411FD4EAB5D2C16A86F35{87E8D3BD-9DD8-5D38-0000-00109F871D00}6132C:\Users\grapltest\Downloads\svchost.exe.\svchost.exe 154100x8000000000000000551Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:05:14.408{87E8D3BD-9DDA-5D38-0000-00107A951D00}5868C:\Windows\System32\msiexec.exe5.0.10240.16384 (th1.150709-1700)Windows® installerWindows Installer - UnicodeMicrosoft Corporationmsiexec.exemsiexec /quiet /i cmd.msiC:\Users\grapltest\Downloads\DESKTOP-FVSHABR\grapltest{87E8D3BD-99C8-5D38-0000-002088140200}0x214881MediumMD5=83467A4436B2CE632DFDF60C29608BE5,SHA256=4FF1CA00B8791F207CD8C19A5B0ABA3D286C3FAEB6EC921CBED21E4290ADF2A5{87E8D3BD-9DDA-5D38-0000-0010A3941D00}5752C:\Windows\System32\cmd.exe"cmd" /C "msiexec /quiet /i cmd.msi" 534500x8000000000000000552Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:05:14.463{87E8D3BD-9DD8-5D38-0000-00109F871D00}6132C:\Users\grapltest\Downloads\svchost.exe 534500x8000000000000000553Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:05:14.474{87E8D3BD-9DD7-5D38-0000-00107E781D00}4164C:\Users\grapltest\Downloads\dropper.exe 22542200x8000000000000000554Microsoft-Windows-Sysmon/OperationalDESKTOP-FVSHABR2019-07-24 18:04:56.035{00000000-0000-0000-0000-000000000000}4164s3.amazonaws.com0type: 5 s3-1.amazonaws.com;::ffff:52.216.134.245;<unknown process>