[files]
Total=1

[cmd]
numSections=2
1=FILE_BASED VERB_FILE_COPY OBJ_FILE 1
Total=3
2=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 2
3=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 2

[1]
name=GoogleDriveFS.exe.bak
orig=%ProgramFiles%\Google\Drive File Stream\92.0.0.0\GoogleDriveFS.exe
DateA=2024/06/03 12:30:17
SD=O:BAG:SYD:AI(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)(A;ID;0x1200a9;;;AC)(A;ID;0x1200a9;;;S-1-15-2-2)
attrib=32
DateC=2024/06/03 12:30:16
DateM=2024/06/03 12:30:17
hash=02F1BE87

[reg]
Total=1

[2]
hive=HKU
type=REG_SZ
redir=0
empty=0
DateM=2024/06/03 12:30:24
SD=O:SYG:SYD:AI(A;CIID;KR;;;BU)(A;CIID;KA;;;BA)(A;CIID;KA;;;SY)(A;CIIOID;KA;;;CO)
key=S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run
param=GoogleDriveFS
data=\u0043\u003A\u005C\u0050\u0072\u006F\u0067\u0072\u0061\u006D\u0020\u0046\u0069\u006C\u0065\u0073\u005C\u0047\u006F\u006F\u0067\u006C\u0065\u005C\u0044\u0072\u0069\u0076\u0065\u0020\u0046\u0069\u006C\u0065\u0020\u0053\u0074\u0072\u0065\u0061\u006D\u005C\u0039\u0032\u002E\u0030\u002E\u0030\u002E\u0030\u005C\u0047\u006F\u006F\u0067\u006C\u0065\u0044\u0072\u0069\u0076\u0065\u0046\u0053\u002E\u0065\u0078\u0065\u0020\u002D\u002D\u0073\u0074\u0061\u0072\u0074\u0075\u0070\u005F\u006D\u006F\u0064\u0065
dataDecoded=C:\Program Files\Google\Drive File Stream\92.0.0.0\GoogleDriveFS.exe --startup_mode
hash=DD2F7930