[files]
Total=1

[cmd]
numSections=2
1=FILE_BASED VERB_FILE_COPY OBJ_FILE 1
Total=3
2=REGISTRY_BASED VERB_RESTORE_REG_VALUE OBJ_REG_VALUE 2
3=REGISTRY_BASED VERB_RESTORE_REG_KEY OBJ_REG_METADATA 2

[1]
name=GoogleDriveFS.exe.bak
orig=%ProgramFiles%\Google\Drive File Stream\92.0.0.0\GoogleDriveFS.exe
DateA=2024/06/03 12:30:17
SD=O:BAG:BAD:PAI(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;BU)(A;;FA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;FA;;;AC)S:PAINO_ACCESS_CONTROL
attrib=32
DateC=2024/06/03 12:30:16
DateM=2024/06/03 12:30:17
hash=02F1BE87

[reg]
Total=1

[2]
hive=HKU
type=REG_SZ
redir=0
empty=0
DateM=2024/06/03 12:30:24
SD=O:BAG:S-1-5-21-3339660976-4175652973-1130352044-513D:(A;OICI;KA;;;LS)(A;OICI;KA;;;SY)(A;OICI;KA;;;BA)(A;OICI;KR;;;RC)
key=S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run
param=GoogleDriveFS
data=\u0043\u003A\u005C\u0050\u0072\u006F\u0067\u0072\u0061\u006D\u0020\u0046\u0069\u006C\u0065\u0073\u005C\u0047\u006F\u006F\u0067\u006C\u0065\u005C\u0044\u0072\u0069\u0076\u0065\u0020\u0046\u0069\u006C\u0065\u0020\u0053\u0074\u0072\u0065\u0061\u006D\u005C\u0039\u0032\u002E\u0030\u002E\u0030\u002E\u0030\u005C\u0047\u006F\u006F\u0067\u006C\u0065\u0044\u0072\u0069\u0076\u0065\u0046\u0053\u002E\u0065\u0078\u0065\u0020\u002D\u002D\u0073\u0074\u0061\u0072\u0074\u0075\u0070\u005F\u006D\u006F\u0064\u0065
dataDecoded=C:\Program Files\Google\Drive File Stream\92.0.0.0\GoogleDriveFS.exe --startup_mode
hash=DD2F7930