Windows Analysis Report
connector_installer.exe

Overview

General Information

Sample name: connector_installer.exe
Analysis ID: 1540398
MD5: e6c6e9f4f0597bdfba49a8725945c5ce
SHA1: 3d0dda58389100c76d3446ee3486d85316faecf4
SHA256: 861416f2bdf4cd9c1cd2c8c227e38156fdd3d12cbadf678e954d8336450e505f
Infos:

Detection

Score: 19
Range: 0 - 100
Whitelisted: false
Confidence: 40%

Compliance

Score: 47
Range: 0 - 100

Signatures

Drops executables to the windows directory (C:\Windows) and starts them
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Compliance

barindex
Source: connector_installer.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: connector_installer.exe Static PE information: certificate valid
Source: connector_installer.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: UpdaterSetup.exe.pdb source: connector_installer.exe
Source: Binary string: updater.exe.pdb source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32 Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD} Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32 Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler Jump to behavior
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://.css
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://.jpg
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: updater.exe.1.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://html4/loose.dtd
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://ocsp.digicert.com0
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://ocsp.digicert.com0A
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://support.google.com/installer/
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://support.google.com/installer/%s?product=%s&error=%d
Source: updater.exe, 00000001.00000002.2944271030.0000000058634000.00000004.00001000.00020000.00000000.sdmp, updater.exe, 00000001.00000002.2942617071.0000000004F9D000.00000004.00000010.00020000.00000000.sdmp String found in binary or memory: http://support.google.com/installer/?product=&error=75035
Source: updater.exe, 00000001.00000002.2944271030.0000000058634000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: http://support.google.com/installer/?product=&error=75035kXXcG
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: http://www.digicert.com/CPS0
Source: updater.exe, 00000002.00000003.1703346041.0000000041CDC000.00000004.00001000.00020000.00000000.sdmp, connector_installer.exe, updater.7z.0.dr, updater.log.2.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: https://clients2.google.com/cr/report
Source: updater.exe, 00000002.00000002.2943631405.0000000041C88000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report(
Source: updater.exe, 00000002.00000002.2943224766.0000000041C04000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report--annotation=prod=Update4--annotation=ver=131.0.6776.0--attachm
Source: updater.exe, 00000002.00000002.2943389427.0000000041C38000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/report--database=C:
Source: updater.exe, 00000002.00000002.2943445827.0000000041C50000.00000004.00001000.00020000.00000000.sdmp String found in binary or memory: https://clients2.google.com/cr/reportcc(LOCALAPPDATA=C:
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: https://crashpad.chromium.org/
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: https://crashpad.chromium.org/bug/new
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: https://dl.google.com/update2/installers/icons/
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: https://update.googleapis.com/service/update2/json
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr String found in binary or memory: https://update.googleapis.com/service/update2/jsonhttps://clients2.google.com/cr/reporthttps://m.goo
Source: C:\Users\user\Desktop\connector_installer.exe File created: C:\Windows\SystemTemp\Google7316_551467776 Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe File created: C:\Windows\SystemTemp\Google7316_551467776\UPDATER.PACKED.7Z Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe File created: C:\Windows\SystemTemp\Google7316_61980551 Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe File created: C:\Windows\SystemTemp\Google7316_61980551\updater.7z Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe File created: C:\Windows\SystemTemp\Google7316_61980551\bin Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe File created: C:\Windows\SystemTemp\Google7316_61980551\bin\uninstall.cmd Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe File created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe File deleted: C:\Windows\SystemTemp\Google7316_61980551\updater.7z Jump to behavior
Source: connector_installer.exe Static PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: connector_installer.exe Static PE information: Resource name: RT_STRING type: CLIPPER COFF executable (VAX #) not stripped - version 71
Source: updater.exe.0.dr Static PE information: Resource name: RT_STRING type: CLIPPER COFF executable (VAX #) not stripped - version 71
Source: updater.exe.1.dr Static PE information: Resource name: RT_STRING type: CLIPPER COFF executable (VAX #) not stripped - version 71
Source: connector_installer.exe, 00000000.00000000.1692304674.0000000000D43000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameupdater.exe> vs connector_installer.exe
Source: connector_installer.exe, 00000000.00000000.1692304674.0000000000D43000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameUpdaterSetup.exeB vs connector_installer.exe
Source: connector_installer.exe Binary or memory string: OriginalFilenameupdater.exe> vs connector_installer.exe
Source: connector_installer.exe Binary or memory string: OriginalFilenameUpdaterSetup.exeB vs connector_installer.exe
Source: connector_installer.exe Static PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engine Classification label: clean19.evad.winEXE@5/9@0/0
Source: C:\Users\user\Desktop\connector_installer.exe File created: C:\Program Files (x86)\Google\GoogleUpdater Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\G{A5732CF5-E5AD-47A5-8131-DC4CCA530B02}.131.0.6776.0
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\G{D8E4A6FE-EA7A-4D20-A8C8-B4628776A101}
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe File created: C:\Users\user\AppData\Local\Temp\updater-backup Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: connector_installer.exe String found in binary or memory: windows-installer
Source: connector_installer.exe String found in binary or memory: binprefers-userexpect-elevated..\..\chrome\updater\win\installer\installer.ccHandleRunElevatedUnexpected elevation loop! : cannot show an elevation prompt with `/silent`: expect-de-elevatedHandleRunDeElevatedUnexpected de-elevation loop! --updater.7z=\bin\updater.exeSetup file can leak on file system: Metainstaller WMain returned: , Windows error: windows-installer
Source: connector_installer.exe String found in binary or memory: https://dl.google.com/update2/installers/icons/
Source: connector_installer.exe String found in binary or memory: Fhttps://update.googleapis.com/service/update2/jsonhttps://clients2.google.com/cr/reporthttps://m.google.com/devicemanagement/data/apihttps://dl.google.com/update2/installers/icons/enterprise_companion.mojom.EnterpriseCompanionReceive mojo replyReceive mojo message
Source: connector_installer.exe String found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>
Source: connector_installer.exe String found in binary or memory: http://support.google.com/installer/
Source: connector_installer.exe String found in binary or memory: ..\..\chrome\updater\app\app_install_win.ccUpdate success.No updates.Updater error: http://support.google.com/installer/%s?product=%s&error=%d installation completed: error category[], error_code[], extra_code1[], completion_message[], post_install_launch_command_line[]oemSetOemInstallState failedStoreRunTimeEnrollmentToken failed
Source: connector_installer.exe String found in binary or memory: Try '%ls --help' for more information.
Source: connector_installer.exe String found in binary or memory: Try '%ls --help' for more information.
Source: connector_installer.exe String found in binary or memory: --help display this help and exit
Source: connector_installer.exe String found in binary or memory: --help display this help and exit
Source: connector_installer.exe String found in binary or memory: partition_alloc/address_space
Source: connector_installer.exe String found in binary or memory: asennuksen: $1oError sa pag-install: Nag-apply ang administrator ng network mo ng Group Policy na pumipigil sa pag-install: $1
Source: connector_installer.exe String found in binary or memory: Tapos na ang pag-install.
Source: connector_installer.exe String found in binary or memory: Kanselahin ang Pag-install
Source: connector_installer.exe String found in binary or memory: Error sa pag-install: $1
Source: connector_installer.exe String found in binary or memory: isvaatimuksia.fHindi na-install dahil hindi natutugunan ng iyong computer ang mga minimum na requirement sa hardware.mL'installation a
Source: connector_installer.exe String found in binary or memory: Inihinto ang Pag-install.
Source: connector_installer.exe String found in binary or memory: $1-installeerder
Source: connector_installer.exe String found in binary or memory: $1-Installationsprogramm
Source: connector_installer.exe String found in binary or memory: $1-installatieprogramma
Source: connector_installer.exe String found in binary or memory: $1-installasjonsprogram
Source: connector_installer.exe String found in binary or memory: .:Asennusvirhe: Asennusprosessin aloittaminen ei onnistunut.?Error sa pag-install: Hindi nagsimula ang proseso ng installer.GErreur d'installation
Source: connector_installer.exe String found in binary or memory: .LAsennusvirhe: Asennusohjelmaa ei suoritettu loppuun. Asennus on keskeytetty.LError sa pag-install: Hindi natapos ang installer. Na-abort ang pag-install.tErreur d'installation
Source: connector_installer.exe String found in binary or memory: Ini-install...
Source: connector_installer.exe String found in binary or memory: 3Asennus ei ole valmis. Haluatko varmasti perua sen?IHindi nakumpleto ang pag-install. Sigurado ka bang gusto mong kanselahin?9Installation non termin
Source: connector_installer.exe String found in binary or memory: uudelleen.#Hindi na-install. Pakisubukan ulit.,
Source: connector_installer.exe String found in binary or memory: isen virheen takia.FHindi na-install dahil sa isang internal na error sa server ng update.Q
Source: connector_installer.exe String found in binary or memory: ei tueta.OError sa pag-install: Invalid o hindi sinusuportahan ang filename ng installer.fErreur d'installation
Source: connector_installer.exe String found in binary or memory: ivityspalvelimella ei ole tiivistedataa sovelluksesta.\Hindi na-install dahil walang anumang data ng hash para sa application ang server ng update.p
Source: connector_installer.exe String found in binary or memory: n versiota ei tueta.QHindi na-install dahil hindi sinusuportahan ang bersyong ito ng operating system.ZL'installation a
Source: connector_installer.exe String found in binary or memory: maassa.AHindi na-install dahil pinaghihigpitan ang access sa bansang ito.=L'installation a
Source: connector_installer.exe String found in binary or memory: Ituloy ang Pag-install
Source: connector_installer.exe String found in binary or memory: Nakansela ang pag-install.
Source: connector_installer.exe String found in binary or memory: n.\Salamat sa pag-install. Dapat mong i-restart ang lahat ng iyong browser bago gamitin ang $1.eMerci d'avoir install
Source: connector_installer.exe String found in binary or memory: n.SSalamat sa pag-install. Dapat mong i-restart ang iyong browser bago gamitin ang $1.aMerci d'avoir install
Source: connector_installer.exe String found in binary or memory: n.TSalamat sa pag-install. Dapat mong i-restart ang iyong computer bago gamitin ang $1.aMerci d'avoir install
Source: connector_installer.exe String found in binary or memory: .4Asennus ei onnistu, palvelin ei tunnista sovellusta.9Hindi na-install, hindi kilala ng server ang application.=Installation impossible. Le serveur ne reconna
Source: connector_installer.exe String found in binary or memory: onnistui, koska protokollaa ei tueta.BHindi na-install dahil sa error na hindi sinusuportahang protocol.K
Source: connector_installer.exe String found in binary or memory: si Windows-versiota ei tueta.IHindi na-install dahil hindi sinusuportahan ang iyong bersyon ng Windows.V
Source: connector_installer.exe String found in binary or memory: Naghihintay sa pag-install...
Source: connector_installer.exe String found in binary or memory: Inihinto ang Pag-install.PA
Source: connector_installer.exe String found in binary or memory: isen virheen takia.FHindi na-install dahil sa isang internal na error sa server ng update.PAQ
Source: unknown Process created: C:\Users\user\Desktop\connector_installer.exe "C:\Users\user\Desktop\connector_installer.exe"
Source: C:\Users\user\Desktop\connector_installer.exe Process created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe "C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe" --install=appguid={79CA0169-DEE3-4588-AB99-0FFBD277EEE0}&iid={A7BF5C8D-E83D-89A6-5A3B-0F5DCC3906D6}&lang=en&browser=4&usagestats=0&appname=Google%20Cloud%20Certificate%20Connector&needsadmin=true --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Process created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=131.0.6776.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8
Source: C:\Users\user\Desktop\connector_installer.exe Process created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe "C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe" --install=appguid={79CA0169-DEE3-4588-AB99-0FFBD277EEE0}&iid={A7BF5C8D-E83D-89A6-5A3B-0F5DCC3906D6}&lang=en&browser=4&usagestats=0&appname=Google%20Cloud%20Certificate%20Connector&needsadmin=true --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2 Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Process created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=131.0.6776.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8 Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: taskschd.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: msimg32.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: secur32.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32 Jump to behavior
Source: connector_installer.exe Static PE information: certificate valid
Source: connector_installer.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: connector_installer.exe Static file information: File size 10219392 > 1048576
Source: connector_installer.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x334200
Source: connector_installer.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x5d0000
Source: connector_installer.exe Static PE information: More than 200 imports for KERNEL32.dll
Source: connector_installer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: connector_installer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: connector_installer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: connector_installer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: connector_installer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: connector_installer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: connector_installer.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: connector_installer.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: UpdaterSetup.exe.pdb source: connector_installer.exe
Source: Binary string: updater.exe.pdb source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr
Source: connector_installer.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: connector_installer.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: connector_installer.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: connector_installer.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: connector_installer.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: connector_installer.exe Static PE information: real checksum: 0x9c7a2a should be: 0x9ce932
Source: connector_installer.exe Static PE information: section name: CPADinfo
Source: connector_installer.exe Static PE information: section name: malloc_h
Source: updater.exe.0.dr Static PE information: section name: CPADinfo
Source: updater.exe.0.dr Static PE information: section name: malloc_h
Source: updater.exe.1.dr Static PE information: section name: CPADinfo
Source: updater.exe.1.dr Static PE information: section name: malloc_h

Persistence and Installation Behavior

barindex
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Executable created and started: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe File created: C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\updater.exe Jump to dropped file
Source: C:\Users\user\Desktop\connector_installer.exe File created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Jump to dropped file
Source: C:\Users\user\Desktop\connector_installer.exe File created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Jump to dropped file
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Process information queried: ProcessInformation Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Process created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=131.0.6776.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8 Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exe Process created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe "c:\windows\systemtemp\google7316_61980551\bin\updater.exe" --install=appguid={79ca0169-dee3-4588-ab99-0ffbd277eee0}&iid={a7bf5c8d-e83d-89a6-5a3b-0f5dcc3906d6}&lang=en&browser=4&usagestats=0&appname=google%20cloud%20certificate%20connector&needsadmin=true --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Process created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe c:\windows\systemtemp\google7316_61980551\bin\updater.exe --crash-handler --system "--database=c:\program files (x86)\google\googleupdater\131.0.6776.0\crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=update4 --annotation=ver=131.0.6776.0 "--attachment=c:\program files (x86)\google\googleupdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8
Source: C:\Users\user\Desktop\connector_installer.exe Process created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe "c:\windows\systemtemp\google7316_61980551\bin\updater.exe" --install=appguid={79ca0169-dee3-4588-ab99-0ffbd277eee0}&iid={a7bf5c8d-e83d-89a6-5a3b-0f5dcc3906d6}&lang=en&browser=4&usagestats=0&appname=google%20cloud%20certificate%20connector&needsadmin=true --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2 Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe Process created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe c:\windows\systemtemp\google7316_61980551\bin\updater.exe --crash-handler --system "--database=c:\program files (x86)\google\googleupdater\131.0.6776.0\crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=update4 --annotation=ver=131.0.6776.0 "--attachment=c:\program files (x86)\google\googleupdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8 Jump to behavior
No contacted IP infos