Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
connector_installer.exe

Overview

General Information

Sample name:connector_installer.exe
Analysis ID:1540398
MD5:e6c6e9f4f0597bdfba49a8725945c5ce
SHA1:3d0dda58389100c76d3446ee3486d85316faecf4
SHA256:861416f2bdf4cd9c1cd2c8c227e38156fdd3d12cbadf678e954d8336450e505f
Infos:

Detection

Score:19
Range:0 - 100
Whitelisted:false
Confidence:40%

Compliance

Score:47
Range:0 - 100

Signatures

Drops executables to the windows directory (C:\Windows) and starts them
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • connector_installer.exe (PID: 7316 cmdline: "C:\Users\user\Desktop\connector_installer.exe" MD5: E6C6E9F4F0597BDFBA49A8725945C5CE)
    • updater.exe (PID: 7352 cmdline: "C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe" --install=appguid={79CA0169-DEE3-4588-AB99-0FFBD277EEE0}&iid={A7BF5C8D-E83D-89A6-5A3B-0F5DCC3906D6}&lang=en&browser=4&usagestats=0&appname=Google%20Cloud%20Certificate%20Connector&needsadmin=true --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2 MD5: E2937E33C2554EECC37C804A7F99F8B7)
      • updater.exe (PID: 7372 cmdline: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=131.0.6776.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8 MD5: E2937E33C2554EECC37C804A7F99F8B7)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Source: connector_installer.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: connector_installer.exeStatic PE information: certificate valid
Source: connector_installer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: UpdaterSetup.exe.pdb source: connector_installer.exe
Source: Binary string: updater.exe.pdb source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://.css
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://.jpg
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: updater.exe.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://html4/loose.dtd
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://ocsp.digicert.com0
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://ocsp.digicert.com0A
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://ocsp.digicert.com0C
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://ocsp.digicert.com0X
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://support.google.com/installer/
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://support.google.com/installer/%s?product=%s&error=%d
Source: updater.exe, 00000001.00000002.2944271030.0000000058634000.00000004.00001000.00020000.00000000.sdmp, updater.exe, 00000001.00000002.2942617071.0000000004F9D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://support.google.com/installer/?product=&error=75035
Source: updater.exe, 00000001.00000002.2944271030.0000000058634000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://support.google.com/installer/?product=&error=75035kXXcG
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: http://www.digicert.com/CPS0
Source: updater.exe, 00000002.00000003.1703346041.0000000041CDC000.00000004.00001000.00020000.00000000.sdmp, connector_installer.exe, updater.7z.0.dr, updater.log.2.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: https://clients2.google.com/cr/report
Source: updater.exe, 00000002.00000002.2943631405.0000000041C88000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report(
Source: updater.exe, 00000002.00000002.2943224766.0000000041C04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report--annotation=prod=Update4--annotation=ver=131.0.6776.0--attachm
Source: updater.exe, 00000002.00000002.2943389427.0000000041C38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report--database=C:
Source: updater.exe, 00000002.00000002.2943445827.0000000041C50000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/reportcc(LOCALAPPDATA=C:
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: https://crashpad.chromium.org/
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: https://dl.google.com/update2/installers/icons/
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: https://update.googleapis.com/service/update2/json
Source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drString found in binary or memory: https://update.googleapis.com/service/update2/jsonhttps://clients2.google.com/cr/reporthttps://m.goo
Source: C:\Users\user\Desktop\connector_installer.exeFile created: C:\Windows\SystemTemp\Google7316_551467776Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeFile created: C:\Windows\SystemTemp\Google7316_551467776\UPDATER.PACKED.7ZJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeFile created: C:\Windows\SystemTemp\Google7316_61980551Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeFile created: C:\Windows\SystemTemp\Google7316_61980551\updater.7zJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeFile created: C:\Windows\SystemTemp\Google7316_61980551\binJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeFile created: C:\Windows\SystemTemp\Google7316_61980551\bin\uninstall.cmdJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeFile created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeFile deleted: C:\Windows\SystemTemp\Google7316_61980551\updater.7zJump to behavior
Source: connector_installer.exeStatic PE information: Resource name: B7 type: 7-zip archive data, version 0.4
Source: connector_installer.exeStatic PE information: Resource name: RT_STRING type: CLIPPER COFF executable (VAX #) not stripped - version 71
Source: updater.exe.0.drStatic PE information: Resource name: RT_STRING type: CLIPPER COFF executable (VAX #) not stripped - version 71
Source: updater.exe.1.drStatic PE information: Resource name: RT_STRING type: CLIPPER COFF executable (VAX #) not stripped - version 71
Source: connector_installer.exe, 00000000.00000000.1692304674.0000000000D43000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameupdater.exe> vs connector_installer.exe
Source: connector_installer.exe, 00000000.00000000.1692304674.0000000000D43000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUpdaterSetup.exeB vs connector_installer.exe
Source: connector_installer.exeBinary or memory string: OriginalFilenameupdater.exe> vs connector_installer.exe
Source: connector_installer.exeBinary or memory string: OriginalFilenameUpdaterSetup.exeB vs connector_installer.exe
Source: connector_installer.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: clean19.evad.winEXE@5/9@0/0
Source: C:\Users\user\Desktop\connector_installer.exeFile created: C:\Program Files (x86)\Google\GoogleUpdaterJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeMutant created: \Sessions\1\BaseNamedObjects\Global\G{A5732CF5-E5AD-47A5-8131-DC4CCA530B02}.131.0.6776.0
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeMutant created: \Sessions\1\BaseNamedObjects\Global\G{D8E4A6FE-EA7A-4D20-A8C8-B4628776A101}
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeFile created: C:\Users\user\AppData\Local\Temp\updater-backupJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: connector_installer.exeString found in binary or memory: windows-installer
Source: connector_installer.exeString found in binary or memory: binprefers-userexpect-elevated..\..\chrome\updater\win\installer\installer.ccHandleRunElevatedUnexpected elevation loop! : cannot show an elevation prompt with `/silent`: expect-de-elevatedHandleRunDeElevatedUnexpected de-elevation loop! --updater.7z=\bin\updater.exeSetup file can leak on file system: Metainstaller WMain returned: , Windows error: windows-installer
Source: connector_installer.exeString found in binary or memory: https://dl.google.com/update2/installers/icons/
Source: connector_installer.exeString found in binary or memory: Fhttps://update.googleapis.com/service/update2/jsonhttps://clients2.google.com/cr/reporthttps://m.google.com/devicemanagement/data/apihttps://dl.google.com/update2/installers/icons/enterprise_companion.mojom.EnterpriseCompanionReceive mojo replyReceive mojo message
Source: connector_installer.exeString found in binary or memory: overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script>
Source: connector_installer.exeString found in binary or memory: http://support.google.com/installer/
Source: connector_installer.exeString found in binary or memory: ..\..\chrome\updater\app\app_install_win.ccUpdate success.No updates.Updater error: http://support.google.com/installer/%s?product=%s&error=%d installation completed: error category[], error_code[], extra_code1[], completion_message[], post_install_launch_command_line[]oemSetOemInstallState failedStoreRunTimeEnrollmentToken failed
Source: connector_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: connector_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: connector_installer.exeString found in binary or memory: --help display this help and exit
Source: connector_installer.exeString found in binary or memory: --help display this help and exit
Source: connector_installer.exeString found in binary or memory: partition_alloc/address_space
Source: connector_installer.exeString found in binary or memory: asennuksen: $1oError sa pag-install: Nag-apply ang administrator ng network mo ng Group Policy na pumipigil sa pag-install: $1
Source: connector_installer.exeString found in binary or memory: Tapos na ang pag-install.
Source: connector_installer.exeString found in binary or memory: Kanselahin ang Pag-install
Source: connector_installer.exeString found in binary or memory: Error sa pag-install: $1
Source: connector_installer.exeString found in binary or memory: isvaatimuksia.fHindi na-install dahil hindi natutugunan ng iyong computer ang mga minimum na requirement sa hardware.mL'installation a
Source: connector_installer.exeString found in binary or memory: Inihinto ang Pag-install.
Source: connector_installer.exeString found in binary or memory: $1-installeerder
Source: connector_installer.exeString found in binary or memory: $1-Installationsprogramm
Source: connector_installer.exeString found in binary or memory: $1-installatieprogramma
Source: connector_installer.exeString found in binary or memory: $1-installasjonsprogram
Source: connector_installer.exeString found in binary or memory: .:Asennusvirhe: Asennusprosessin aloittaminen ei onnistunut.?Error sa pag-install: Hindi nagsimula ang proseso ng installer.GErreur d'installation
Source: connector_installer.exeString found in binary or memory: .LAsennusvirhe: Asennusohjelmaa ei suoritettu loppuun. Asennus on keskeytetty.LError sa pag-install: Hindi natapos ang installer. Na-abort ang pag-install.tErreur d'installation
Source: connector_installer.exeString found in binary or memory: Ini-install...
Source: connector_installer.exeString found in binary or memory: 3Asennus ei ole valmis. Haluatko varmasti perua sen?IHindi nakumpleto ang pag-install. Sigurado ka bang gusto mong kanselahin?9Installation non termin
Source: connector_installer.exeString found in binary or memory: uudelleen.#Hindi na-install. Pakisubukan ulit.,
Source: connector_installer.exeString found in binary or memory: isen virheen takia.FHindi na-install dahil sa isang internal na error sa server ng update.Q
Source: connector_installer.exeString found in binary or memory: ei tueta.OError sa pag-install: Invalid o hindi sinusuportahan ang filename ng installer.fErreur d'installation
Source: connector_installer.exeString found in binary or memory: ivityspalvelimella ei ole tiivistedataa sovelluksesta.\Hindi na-install dahil walang anumang data ng hash para sa application ang server ng update.p
Source: connector_installer.exeString found in binary or memory: n versiota ei tueta.QHindi na-install dahil hindi sinusuportahan ang bersyong ito ng operating system.ZL'installation a
Source: connector_installer.exeString found in binary or memory: maassa.AHindi na-install dahil pinaghihigpitan ang access sa bansang ito.=L'installation a
Source: connector_installer.exeString found in binary or memory: Ituloy ang Pag-install
Source: connector_installer.exeString found in binary or memory: Nakansela ang pag-install.
Source: connector_installer.exeString found in binary or memory: n.\Salamat sa pag-install. Dapat mong i-restart ang lahat ng iyong browser bago gamitin ang $1.eMerci d'avoir install
Source: connector_installer.exeString found in binary or memory: n.SSalamat sa pag-install. Dapat mong i-restart ang iyong browser bago gamitin ang $1.aMerci d'avoir install
Source: connector_installer.exeString found in binary or memory: n.TSalamat sa pag-install. Dapat mong i-restart ang iyong computer bago gamitin ang $1.aMerci d'avoir install
Source: connector_installer.exeString found in binary or memory: .4Asennus ei onnistu, palvelin ei tunnista sovellusta.9Hindi na-install, hindi kilala ng server ang application.=Installation impossible. Le serveur ne reconna
Source: connector_installer.exeString found in binary or memory: onnistui, koska protokollaa ei tueta.BHindi na-install dahil sa error na hindi sinusuportahang protocol.K
Source: connector_installer.exeString found in binary or memory: si Windows-versiota ei tueta.IHindi na-install dahil hindi sinusuportahan ang iyong bersyon ng Windows.V
Source: connector_installer.exeString found in binary or memory: Naghihintay sa pag-install...
Source: connector_installer.exeString found in binary or memory: Inihinto ang Pag-install.PA
Source: connector_installer.exeString found in binary or memory: isen virheen takia.FHindi na-install dahil sa isang internal na error sa server ng update.PAQ
Source: unknownProcess created: C:\Users\user\Desktop\connector_installer.exe "C:\Users\user\Desktop\connector_installer.exe"
Source: C:\Users\user\Desktop\connector_installer.exeProcess created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe "C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe" --install=appguid={79CA0169-DEE3-4588-AB99-0FFBD277EEE0}&iid={A7BF5C8D-E83D-89A6-5A3B-0F5DCC3906D6}&lang=en&browser=4&usagestats=0&appname=Google%20Cloud%20Certificate%20Connector&needsadmin=true --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeProcess created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=131.0.6776.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8
Source: C:\Users\user\Desktop\connector_installer.exeProcess created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe "C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe" --install=appguid={79CA0169-DEE3-4588-AB99-0FFBD277EEE0}&iid={A7BF5C8D-E83D-89A6-5A3B-0F5DCC3906D6}&lang=en&browser=4&usagestats=0&appname=Google%20Cloud%20Certificate%20Connector&needsadmin=true --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeProcess created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=131.0.6776.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: connector_installer.exeStatic PE information: certificate valid
Source: connector_installer.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: connector_installer.exeStatic file information: File size 10219392 > 1048576
Source: connector_installer.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x334200
Source: connector_installer.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x5d0000
Source: connector_installer.exeStatic PE information: More than 200 imports for KERNEL32.dll
Source: connector_installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: connector_installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: connector_installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: connector_installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: connector_installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: connector_installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: connector_installer.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: connector_installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: UpdaterSetup.exe.pdb source: connector_installer.exe
Source: Binary string: updater.exe.pdb source: connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.dr
Source: connector_installer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: connector_installer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: connector_installer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: connector_installer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: connector_installer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: connector_installer.exeStatic PE information: real checksum: 0x9c7a2a should be: 0x9ce932
Source: connector_installer.exeStatic PE information: section name: CPADinfo
Source: connector_installer.exeStatic PE information: section name: malloc_h
Source: updater.exe.0.drStatic PE information: section name: CPADinfo
Source: updater.exe.0.drStatic PE information: section name: malloc_h
Source: updater.exe.1.drStatic PE information: section name: CPADinfo
Source: updater.exe.1.drStatic PE information: section name: malloc_h

Persistence and Installation Behavior

barindex
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeExecutable created and started: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeFile created: C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\updater.exeJump to dropped file
Source: C:\Users\user\Desktop\connector_installer.exeFile created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeJump to dropped file
Source: C:\Users\user\Desktop\connector_installer.exeFile created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeJump to dropped file
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeProcess created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=131.0.6776.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8Jump to behavior
Source: C:\Users\user\Desktop\connector_installer.exeProcess created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe "c:\windows\systemtemp\google7316_61980551\bin\updater.exe" --install=appguid={79ca0169-dee3-4588-ab99-0ffbd277eee0}&iid={a7bf5c8d-e83d-89a6-5a3b-0f5dcc3906d6}&lang=en&browser=4&usagestats=0&appname=google%20cloud%20certificate%20connector&needsadmin=true --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeProcess created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe c:\windows\systemtemp\google7316_61980551\bin\updater.exe --crash-handler --system "--database=c:\program files (x86)\google\googleupdater\131.0.6776.0\crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=update4 --annotation=ver=131.0.6776.0 "--attachment=c:\program files (x86)\google\googleupdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8
Source: C:\Users\user\Desktop\connector_installer.exeProcess created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe "c:\windows\systemtemp\google7316_61980551\bin\updater.exe" --install=appguid={79ca0169-dee3-4588-ab99-0ffbd277eee0}&iid={a7bf5c8d-e83d-89a6-5a3b-0f5dcc3906d6}&lang=en&browser=4&usagestats=0&appname=google%20cloud%20certificate%20connector&needsadmin=true --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2Jump to behavior
Source: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exeProcess created: C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe c:\windows\systemtemp\google7316_61980551\bin\updater.exe --crash-handler --system "--database=c:\program files (x86)\google\googleupdater\131.0.6776.0\crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=update4 --annotation=ver=131.0.6776.0 "--attachment=c:\program files (x86)\google\googleupdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8Jump to behavior
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
Command and Scripting Interpreter
1
Scheduled Task/Job
11
Process Injection
121
Masquerading
OS Credential Dumping1
Process Discovery
Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Scheduled Task/Job
1
DLL Side-Loading
1
Scheduled Task/Job
11
Process Injection
LSASS Memory1
System Information Discovery
Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading
1
DLL Side-Loading
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
File Deletion
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1540398 Sample: connector_installer.exe Startdate: 23/10/2024 Architecture: WINDOWS Score: 19 6 connector_installer.exe 9 2->6         started        file3 15 C:\Windows\SystemTemp\...\updater.exe, PE32 6->15 dropped 9 updater.exe 18 9 6->9         started        process4 file5 17 C:\Program Files (x86)behaviorgraphoogle\...\updater.exe, PE32 9->17 dropped 19 Drops executables to the windows directory (C:\Windows) and starts them 9->19 13 updater.exe 4 9->13         started        signatures6 process7

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
No Antivirus matches
SourceDetectionScannerLabelLink
C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\updater.exe0%ReversingLabs
C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe0%ReversingLabs
No Antivirus matches
No Antivirus matches
No Antivirus matches
No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://html4/loose.dtdconnector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drfalse
    unknown
    http://support.google.com/installer/%s?product=%s&error=%dconnector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drfalse
      unknown
      http://support.google.com/installer/?product=&error=75035updater.exe, 00000001.00000002.2944271030.0000000058634000.00000004.00001000.00020000.00000000.sdmp, updater.exe, 00000001.00000002.2942617071.0000000004F9D000.00000004.00000010.00020000.00000000.sdmpfalse
        unknown
        http://support.google.com/installer/?product=&error=75035kXXcGupdater.exe, 00000001.00000002.2944271030.0000000058634000.00000004.00001000.00020000.00000000.sdmpfalse
          unknown
          https://crashpad.chromium.org/connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drfalse
            unknown
            http://.cssconnector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drfalse
              unknown
              https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newconnector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drfalse
                unknown
                https://m.google.com/devicemanagement/data/apiconnector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drfalse
                  unknown
                  http://.jpgconnector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drfalse
                    unknown
                    https://crashpad.chromium.org/bug/newconnector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drfalse
                      unknown
                      https://dl.google.com/update2/installers/icons/connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drfalse
                        unknown
                        http://support.google.com/installer/connector_installer.exe, updater.7z.0.dr, UPDATER.PACKED.7Z.0.dr, updater.exe.0.dr, updater.exe.1.drfalse
                          unknown
                          No contacted IP infos
                          Joe Sandbox version:41.0.0 Charoite
                          Analysis ID:1540398
                          Start date and time:2024-10-23 18:28:18 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 4m 42s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                          Number of analysed new started processes analysed:7
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:connector_installer.exe
                          Detection:CLEAN
                          Classification:clean19.evad.winEXE@5/9@0/0
                          Cookbook Comments:
                          • Found application associated with file extension: .exe
                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                          • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                          • Not all processes where analyzed, report is missing behavior information
                          • VT rate limit hit for: connector_installer.exe
                          TimeTypeDescription
                          17:29:13Task SchedulerRun new task: GoogleUpdaterTaskSystem131.0.6776.0{18909501-55E1-48E4-973E-779BE327F586} path: "C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\updater.exe" s>--wake --system
                          No context
                          No context
                          No context
                          No context
                          No context
                          Process:C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe
                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):653
                          Entropy (8bit):4.923215133873056
                          Encrypted:false
                          SSDEEP:12:2snTJp6rOanOFkgU4hEu8NRaPJRRmvxOgtc/aH+ndUE:7T+rjO+Z4hTb6dIa8P
                          MD5:FBC297EE9060D4256192E4EDB98CAD1B
                          SHA1:F305C065378AEC46EB4DACAAEEE3F866B1527105
                          SHA-256:099592FFA867124D16C0C6D868AF1214FD2B7180FA76E4EEE01ABF2A5CF8F044
                          SHA-512:C867D366252E5124C6560FBB42ED4473DC7546360BC1221E9FCBC192E9216D6265E41AD26A733F7566C064B136AE02E21EF5F7095FCB6AE6F65B6FBEB3401FFE
                          Malicious:false
                          Reputation:moderate, very likely benign file
                          Preview:@echo off....rem Deletes recursively the directory specified by the `--dir` command line..rem argument of the script. The directory must be an updater install path.....echo %1 %2..if not "%1"=="--dir" (.. echo "Invalid switch.".. exit 1..)....set Directory=%2....rem Validate the path is an updater path...@echo %Directory% | FindStr /L \Google\GoogleUpdater > nul..if %ERRORLEVEL% NEQ 0 (.. echo "Invalid argument.".. exit 2..)....rem Try deleting the directory 15 times and wait one second between tries...for /L %%G IN (1,1,15) do (.. ping -n 2 127.0.0.1 > nul.. rmdir %Directory% /s /q > nul.. if not exist %Directory% exit 0..)....exit 3....
                          Process:C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe
                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Category:dropped
                          Size (bytes):5507168
                          Entropy (8bit):6.777859624994641
                          Encrypted:false
                          SSDEEP:98304:gcFdYcc8M9AE4MaqYWx/4c5UwVlxw0UVRuGXNRp45RK0wtIFC7VjwizP:gcLYcp/E4oR94c5tK0UVDuC0wtIFC7JD
                          MD5:E2937E33C2554EECC37C804A7F99F8B7
                          SHA1:2C33D4573E21C7D18DE1D3F337BACD7C4E58FE87
                          SHA-256:5DDE29F028E75EE72F50902D20C41B699EF8FC5C294F04A321DEAC6909FFE409
                          SHA-512:CF50E630CD75483F5887153490AB5C55E21A711541D0A4AA0E29D055F42076F7D58EDF743BFF26E145B56A69B6BE9F6704E9C2B071BE0AA5A7F6CC1F6BE3406F
                          Malicious:false
                          Antivirus:
                          • Antivirus: ReversingLabs, Detection: 0%
                          Reputation:low
                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."......x=..b........"...........@...........................U.....)bT...@...........................G.P....G.......J. .............S.`(....S.P...`NG......................KG.......=.............8.G.......G.@....................text....v=......x=................. ..`.rdata........=......|=.............@..@.data...$.... H..`....H.............@....tls....u.....I......`H.............@...CPADinfo(.....I......bH.............@...malloc_h......J......dH............. ..`.rsrc... .....J......fH.............@..@.reloc..P.....S.......Q.............@..B........................................................................................................................................................................................................................................................................................................................
                          Process:C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):49
                          Entropy (8bit):4.5172723438944455
                          Encrypted:false
                          SSDEEP:3:YEGSAsPMHoo2S8ty:YEGMa2q
                          MD5:4A2784F1CA879E8FBBD97E39D0DE3CC9
                          SHA1:A0EB8B63B4B19B134B46FEA8E66F819105F004E8
                          SHA-256:2BCD0A4051B1FA5B0444CEE9FD9F7341FAFE1EAE36659511926EBEFBA648DEE9
                          SHA-512:95E64A2AFBDBA5943410F912EBA5BC626CBE775C14DD8A3AC8FB6C8C0301762190C15844F2776F894088CF937450E383464592BEE8E24308C6F90029D5A57F57
                          Malicious:false
                          Reputation:low
                          Preview:{"active_version":"131.0.6776.0","swapping":true}
                          Process:C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe
                          File Type:JSON data
                          Category:dropped
                          Size (bytes):49
                          Entropy (8bit):4.5172723438944455
                          Encrypted:false
                          SSDEEP:3:YEGSAsPMHoo2S8ty:YEGMa2q
                          MD5:4A2784F1CA879E8FBBD97E39D0DE3CC9
                          SHA1:A0EB8B63B4B19B134B46FEA8E66F819105F004E8
                          SHA-256:2BCD0A4051B1FA5B0444CEE9FD9F7341FAFE1EAE36659511926EBEFBA648DEE9
                          SHA-512:95E64A2AFBDBA5943410F912EBA5BC626CBE775C14DD8A3AC8FB6C8C0301762190C15844F2776F894088CF937450E383464592BEE8E24308C6F90029D5A57F57
                          Malicious:false
                          Reputation:low
                          Preview:{"active_version":"131.0.6776.0","swapping":true}
                          Process:C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe
                          File Type:ASCII text, with very long lines (515)
                          Category:modified
                          Size (bytes):6465
                          Entropy (8bit):5.6267060417247325
                          Encrypted:false
                          SSDEEP:96:JZ/lZNKR2GRZrDWwOrvKe53hMe4Se4Wqe4Ne4Pae4fe4uL:C9SFrvvrMswqn1aZAL
                          MD5:F732702EE2742C60BF635C5F246DA4E7
                          SHA1:CD7BB1CD12422229032303DE0CC679421EA09A30
                          SHA-256:0C9C654D04440958F22FC2FF47B7AF687572F7DC75382A6D717ADB348C59FB64
                          SHA-512:109A8D226EAE7FA2CEABA1A9553E9D2D512A8E2DB2DE2C298902BC6BE40CB326AA9AC59E08E60D32CB1AB514F8A2CB7AFA097A74D79568D2A96730A544A94644
                          Malicious:false
                          Reputation:low
                          Preview:[7316:7320:1023/122911.323:VERBOSE1:installer.cc(429)] "C:\Users\user\Desktop\connector_installer.exe" --install=appguid={79CA0169-DEE3-4588-AB99-0FFBD277EEE0}&iid={A7BF5C8D-E83D-89A6-5A3B-0F5DCC3906D6}&lang=en&browser=4&usagestats=0&appname=Google%20Cloud%20Certificate%20Connector&needsadmin=true --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2.[7352:7356:1023/122912.186:VERBOSE1:updater.cc(320)] Version: 131.0.6776.0, opt, 32 bits, command line: "C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe" --install=appguid={79CA0169-DEE3-4588-AB99-0FFBD277EEE0}&iid={A7BF5C8D-E83D-89A6-5A3B-0F5DCC3906D6}&lang=en&browser=4&usagestats=0&appname=Google%20Cloud%20Certificate%20Connector&needsadmin=true --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2.[7352:7356:1023/122912.186:VERBOSE1:updater.cc(322)] OS version:
                          Process:C:\Users\user\Desktop\connector_installer.exe
                          File Type:7-zip archive data, version 0.4
                          Category:dropped
                          Size (bytes):5508148
                          Entropy (8bit):6.778006060999788
                          Encrypted:false
                          SSDEEP:98304:VcFdYcc8M9AE4MaqYWx/4c5UwVlxw0UVRuGXNRp45RK0wtIFC7VjwizR:VcLYcp/E4oR94c5tK0UVDuC0wtIFC7JF
                          MD5:80881BE77BAA2AEF7DFF04E892E844DB
                          SHA1:7F0D971D845089AD856DEF886F9DA1FE57FF47A8
                          SHA-256:8936179EB5C40842E019421662490F251202DC603884E94B040A3605EF7E218C
                          SHA-512:1B058EE94FB6AFA042B82ACAD38D733C88C04E67691C45ADD1B03AD1EE40578E5B3BFAEDFD47DCA1F97F5AA7E3D37C15D444B28C18D754392044ED41538E3C61
                          Malicious:false
                          Reputation:low
                          Preview:7z..'.....&...T.....b........;..7z..'....P.m.T.....%........#..@echo off....rem Deletes recursively the directory specified by the `--dir` command line..rem argument of the script. The directory must be an updater install path.....echo %1 %2..if not "%1"=="--dir" (.. echo "Invalid switch.".. exit 1..)....set Directory=%2....rem Validate the path is an updater path...@echo %Directory% | FindStr /L \Google\GoogleUpdater > nul..if %ERRORLEVEL% NEQ 0 (.. echo "Invalid argument.".. exit 2..)....rem Try deleting the directory 15 times and wait one second between tries...for /L %%G IN (1,1,15) do (.. ping -n 2 127.0.0.1 > nul.. rmdir %Directory% /s /q > nul.. if not exist %Directory% exit 0..)....exit 3....MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."......x=..b........"...........@...........................U.....)bT...@...........................G.P....G.......J. .............S.`(....S
                          Process:C:\Users\user\Desktop\connector_installer.exe
                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                          Category:dropped
                          Size (bytes):653
                          Entropy (8bit):4.923215133873056
                          Encrypted:false
                          SSDEEP:12:2snTJp6rOanOFkgU4hEu8NRaPJRRmvxOgtc/aH+ndUE:7T+rjO+Z4hTb6dIa8P
                          MD5:FBC297EE9060D4256192E4EDB98CAD1B
                          SHA1:F305C065378AEC46EB4DACAAEEE3F866B1527105
                          SHA-256:099592FFA867124D16C0C6D868AF1214FD2B7180FA76E4EEE01ABF2A5CF8F044
                          SHA-512:C867D366252E5124C6560FBB42ED4473DC7546360BC1221E9FCBC192E9216D6265E41AD26A733F7566C064B136AE02E21EF5F7095FCB6AE6F65B6FBEB3401FFE
                          Malicious:false
                          Reputation:moderate, very likely benign file
                          Preview:@echo off....rem Deletes recursively the directory specified by the `--dir` command line..rem argument of the script. The directory must be an updater install path.....echo %1 %2..if not "%1"=="--dir" (.. echo "Invalid switch.".. exit 1..)....set Directory=%2....rem Validate the path is an updater path...@echo %Directory% | FindStr /L \Google\GoogleUpdater > nul..if %ERRORLEVEL% NEQ 0 (.. echo "Invalid argument.".. exit 2..)....rem Try deleting the directory 15 times and wait one second between tries...for /L %%G IN (1,1,15) do (.. ping -n 2 127.0.0.1 > nul.. rmdir %Directory% /s /q > nul.. if not exist %Directory% exit 0..)....exit 3....
                          Process:C:\Users\user\Desktop\connector_installer.exe
                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Category:dropped
                          Size (bytes):5507168
                          Entropy (8bit):6.777859624994641
                          Encrypted:false
                          SSDEEP:98304:gcFdYcc8M9AE4MaqYWx/4c5UwVlxw0UVRuGXNRp45RK0wtIFC7VjwizP:gcLYcp/E4oR94c5tK0UVDuC0wtIFC7JD
                          MD5:E2937E33C2554EECC37C804A7F99F8B7
                          SHA1:2C33D4573E21C7D18DE1D3F337BACD7C4E58FE87
                          SHA-256:5DDE29F028E75EE72F50902D20C41B699EF8FC5C294F04A321DEAC6909FFE409
                          SHA-512:CF50E630CD75483F5887153490AB5C55E21A711541D0A4AA0E29D055F42076F7D58EDF743BFF26E145B56A69B6BE9F6704E9C2B071BE0AA5A7F6CC1F6BE3406F
                          Malicious:true
                          Antivirus:
                          • Antivirus: ReversingLabs, Detection: 0%
                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."......x=..b........"...........@...........................U.....)bT...@...........................G.P....G.......J. .............S.`(....S.P...`NG......................KG.......=.............8.G.......G.@....................text....v=......x=................. ..`.rdata........=......|=.............@..@.data...$.... H..`....H.............@....tls....u.....I......`H.............@...CPADinfo(.....I......bH.............@...malloc_h......J......dH............. ..`.rsrc... .....J......fH.............@..@.reloc..P.....S.......Q.............@..B........................................................................................................................................................................................................................................................................................................................
                          Process:C:\Users\user\Desktop\connector_installer.exe
                          File Type:7-zip archive data, version 0.4
                          Category:dropped
                          Size (bytes):5508018
                          Entropy (8bit):6.778021914227375
                          Encrypted:false
                          SSDEEP:98304:TcFdYcc8M9AE4MaqYWx/4c5UwVlxw0UVRuGXNRp45RK0wtIFC7VjwizM:TcLYcp/E4oR94c5tK0UVDuC0wtIFC7JI
                          MD5:07C50FFA6B1A66C09192D26158B76011
                          SHA1:B54FC7A3D0F30A65C67B1641F11D161D4BD8BFE9
                          SHA-256:92975F728E9211F63893B1DFC1612112EE1196EFB187F18C42BF7008E2A7FE11
                          SHA-512:A263F718544FACA253D7890B92817581F467431DBBBFDD9DB38F1AC034192AD6C03C2B65E24EF5448FC3C2A7AA5750DA6AA8B4AE264832BD58E29F5AD57F9714
                          Malicious:false
                          Preview:7z..'....P.m.T.....%........#..@echo off....rem Deletes recursively the directory specified by the `--dir` command line..rem argument of the script. The directory must be an updater install path.....echo %1 %2..if not "%1"=="--dir" (.. echo "Invalid switch.".. exit 1..)....set Directory=%2....rem Validate the path is an updater path...@echo %Directory% | FindStr /L \Google\GoogleUpdater > nul..if %ERRORLEVEL% NEQ 0 (.. echo "Invalid argument.".. exit 2..)....rem Try deleting the directory 15 times and wait one second between tries...for /L %%G IN (1,1,15) do (.. ping -n 2 127.0.0.1 > nul.. rmdir %Directory% /s /q > nul.. if not exist %Directory% exit 0..)....exit 3....MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."......x=..b........"...........@...........................U.....)bT...@...........................G.P....G.......J. .............S.`(....S.P...`NG......................KG
                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                          Entropy (8bit):6.781764651464666
                          TrID:
                          • Win32 Executable (generic) a (10002005/4) 99.96%
                          • Generic Win/DOS Executable (2004/3) 0.02%
                          • DOS Executable Generic (2002/1) 0.02%
                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                          File name:connector_installer.exe
                          File size:10'219'392 bytes
                          MD5:e6c6e9f4f0597bdfba49a8725945c5ce
                          SHA1:3d0dda58389100c76d3446ee3486d85316faecf4
                          SHA256:861416f2bdf4cd9c1cd2c8c227e38156fdd3d12cbadf678e954d8336450e505f
                          SHA512:8678428f0881d7685a736b71c64381dfaa0012d43ff7abc047b2ebbc05c2928f256ec908e99c21602370d035c7070024b139d52c8a384efac70ee13ca540182b
                          SSDEEP:196608:zIC0KQrG/rJP2sX52l/0qPX1UjN4vcLYcp/E4oR94c5tK0UVDuC0wtIFC7JzblE:z3bQrcX5a/0qdUjN4vWZp/a9Z540UVDc
                          TLSH:53A69D02FAA05130E5A33276B93D673E9D367E329B358ACB86442CC82FB47D1553935B
                          File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."......B3..^h......o............@..........................p......*z....@...........................<.U.....<.@..
                          Icon Hash:2f232d67b7934633
                          Entrypoint:0x5b6fd0
                          Entrypoint Section:.text
                          Digitally signed:true
                          Imagebase:0x400000
                          Subsystem:windows gui
                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Time Stamp:0x670C89AA [Mon Oct 14 03:02:02 2024 UTC]
                          TLS Callbacks:0x4f3a20, 0x5b5ed0, 0x4c51c0, 0x5b5760, 0x47eac0, 0x4e4c70
                          CLR (.Net) Version:
                          OS Version Major:10
                          OS Version Minor:0
                          File Version Major:10
                          File Version Minor:0
                          Subsystem Version Major:10
                          Subsystem Version Minor:0
                          Import Hash:e67b7bbd4fffe24d331de3ccaeea9874
                          Signature Valid:true
                          Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                          Signature Validation Error:The operation completed successfully
                          Error Number:0
                          Not Before, Not After
                          • 08/04/2024 01:00:00 11/04/2027 00:59:59
                          Subject Chain
                          • CN=Google LLC, O=Google LLC, L=Mountain View, S=California, C=US, SERIALNUMBER=3582691, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US
                          Version:3
                          Thumbprint MD5:F87B1BFA8FFB860CE59A8D63EC60262F
                          Thumbprint SHA-1:607A3EDAA64933E94422FC8F0C80388E0590986C
                          Thumbprint SHA-256:2029505D14BAF18AF60A0D1A7D8B56447DB643B32FAA849D4C08D2AB1FF3A4FD
                          Serial:0B50CF246B263EFD85A729315158F3FF
                          Instruction
                          call 00007FB88482157Ah
                          jmp 00007FB8848213EDh
                          mov ecx, dword ptr [007CF040h]
                          push esi
                          push edi
                          mov edi, BB40E64Eh
                          mov esi, FFFF0000h
                          cmp ecx, edi
                          je 00007FB884821576h
                          test esi, ecx
                          jne 00007FB884821598h
                          call 00007FB8848215A1h
                          mov ecx, eax
                          cmp ecx, edi
                          jne 00007FB884821579h
                          mov ecx, BB40E64Fh
                          jmp 00007FB884821580h
                          test esi, ecx
                          jne 00007FB88482157Ch
                          or eax, 00004711h
                          shl eax, 10h
                          or ecx, eax
                          mov dword ptr [007CF040h], ecx
                          not ecx
                          pop edi
                          mov dword ptr [007CF080h], ecx
                          pop esi
                          ret
                          push ebp
                          mov ebp, esp
                          sub esp, 14h
                          and dword ptr [ebp-0Ch], 00000000h
                          lea eax, dword ptr [ebp-0Ch]
                          and dword ptr [ebp-08h], 00000000h
                          push eax
                          call dword ptr [007C9634h]
                          mov eax, dword ptr [ebp-08h]
                          xor eax, dword ptr [ebp-0Ch]
                          mov dword ptr [ebp-04h], eax
                          call dword ptr [007C95A0h]
                          xor dword ptr [ebp-04h], eax
                          call dword ptr [007C9598h]
                          xor dword ptr [ebp-04h], eax
                          lea eax, dword ptr [ebp-14h]
                          push eax
                          call dword ptr [007C971Ch]
                          mov eax, dword ptr [ebp-10h]
                          lea ecx, dword ptr [ebp-04h]
                          xor eax, dword ptr [ebp-14h]
                          xor eax, dword ptr [ebp-04h]
                          xor eax, ecx
                          leave
                          ret
                          mov eax, 00004000h
                          ret
                          int3
                          int3
                          int3
                          int3
                          int3
                          int3
                          int3
                          int3
                          mov al, 01h
                          ret
                          push 00030000h
                          push 00010000h
                          push 00000000h
                          call 00007FB884830CEAh
                          add esp, 0Ch
                          NameVirtual AddressVirtual Size Is in Section
                          IMAGE_DIRECTORY_ENTRY_EXPORT0x3c8a900x55.rdata
                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3c8ae80x140.rdata
                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x3ee0000x5cfffc.rsrc
                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                          IMAGE_DIRECTORY_ENTRY_SECURITY0x9ba6000x4980
                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x9be0000x1864c.reloc
                          IMAGE_DIRECTORY_ENTRY_DEBUG0x3c3bb00x1c.rdata
                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                          IMAGE_DIRECTORY_ENTRY_TLS0x3c39400x18.rdata
                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3361c80xc0.rdata
                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_IAT0x3c928c0x664.rdata
                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                          .text0x10000x33410e0x334200f5d91c37cebeaa9cf35e4b1aa2dfeb22unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          .rdata0x3360000x981200x982004b539d5307ef9915b125e98c3f1fc37eFalse0.3671762659202958Matlab v4 mat-file (little endian) \345\244\374L\275>s\346\025Er\335X9|, numeric, rows 0, columns 06.214330366905451IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .data0x3cf0000x1b54c0x50003a3ae1ff79ee588d45f81a1f3cd7823eFalse0.125390625data3.235208929220571IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          .tls0x3eb0000x1750x2004b6bb5b517191dcae9f6ef4ceb8a6060False0.07421875data0.34262747993819864IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          CPADinfo0x3ec0000x280x200842689af09e7bf563672a4b43f1a2286False0.04296875data0.12227588125913882IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                          malloc_h0x3ed0000xb90x2000d7d6bc463fa2562251debc2954e8535False0.3671875data3.040564321777124IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          .rsrc0x3ee0000x5cfffc0x5d00003937b4acacbb9e68880188b64527576cunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                          .reloc0x9be0000x1864c0x18800e598955636f0176cbb5405f206fb7dc8False0.6558812978316326data6.693908233075818IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                          NameRVASizeTypeLanguageCountryZLIB Complexity
                          B70x3f20bc0x540c347-zip archive data, version 0.4EnglishUnited States0.5005550384521484
                          RT_BITMAP0x932cf00xa8e8Device independent bitmap graphic, 120 x 120 x 24, image size 0, resolution 3780 x 3780 px/mEnglishUnited States0.4533765032377428
                          RT_ICON0x93d5d80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colorsEnglishUnited States0.6317567567567568
                          RT_ICON0x93d7000x568Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colorsEnglishUnited States0.5823699421965318
                          RT_ICON0x93dc680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colorsEnglishUnited States0.5120967741935484
                          RT_ICON0x93df500x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.5455776173285198
                          RT_ICON0x93e7f80x668Device independent bitmap graphic, 48 x 96 x 4, image size 1536EnglishUnited States0.36341463414634145
                          RT_ICON0x93ee600xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2688EnglishUnited States0.42350746268656714
                          RT_DIALOG0x93fd080x5adataEnglishUnited States0.7555555555555555
                          RT_STRING0x93fd640xd0adataEnglishUnited States0.4682444577591372
                          RT_STRING0x940a700xdd2dataEnglishUnited States0.38157150932730355
                          RT_STRING0x9418440xc0cdataEnglishUnited States0.5239948119325551
                          RT_STRING0x9424500xd3cTarga image data - Color 1072 x 1093 x 32 +1083 +1075 "\257\0045\0044\004 "EnglishUnited States0.4542502951593861
                          RT_STRING0x94318c0xbacdataEnglishUnited States0.499665327978581
                          RT_STRING0x943d380x396dataEnglishUnited States0.6285403050108932
                          RT_STRING0x9440d00x2dcdataEnglishUnited States0.4959016393442623
                          RT_STRING0x9443ac0x282dataEnglishUnited States0.7819314641744548
                          RT_STRING0x9446300x2bedataEnglishUnited States0.603988603988604
                          RT_STRING0x9448f00x2cedataEnglishUnited States0.6782729805013927
                          RT_STRING0x944bc00x1c6dataEnglishUnited States0.7026431718061674
                          RT_STRING0x944d880x1d6dataEnglishUnited States0.5808510638297872
                          RT_STRING0x944f600x1f0dataEnglishUnited States0.7701612903225806
                          RT_STRING0x9451500x1d8dataEnglishUnited States0.6334745762711864
                          RT_STRING0x9453280x1cadataEnglishUnited States0.7183406113537117
                          RT_STRING0x9454f40x21adataEnglishUnited States0.6672862453531598
                          RT_STRING0x9457100x28edataEnglishUnited States0.43577981651376146
                          RT_STRING0x9459a00x27cdataEnglishUnited States0.7468553459119497
                          RT_STRING0x945c1c0x2aedataEnglishUnited States0.6749271137026239
                          RT_STRING0x945ecc0x280dataEnglishUnited States0.6296875
                          RT_STRING0x94614c0x152dataEnglishUnited States0.7958579881656804
                          RT_STRING0x9462a00xccdataEnglishUnited States0.7401960784313726
                          RT_STRING0x94636c0xd2dataEnglishUnited States0.8904761904761904
                          RT_STRING0x9464400xeadataEnglishUnited States0.8974358974358975
                          RT_STRING0x94652c0xe8dataEnglishUnited States0.7931034482758621
                          RT_STRING0x9466140x124dataEnglishUnited States0.8561643835616438
                          RT_STRING0x9467380x20cTarga image data - RLE 1083 x 1103 x 32 +1077 +1075 "A\0045\004."EnglishUnited States0.601145038167939
                          RT_STRING0x9469440x21cdataEnglishUnited States0.6611111111111111
                          RT_STRING0x946b600x24cdataEnglishUnited States0.7261904761904762
                          RT_STRING0x946dac0x1d2dataEnglishUnited States0.6609442060085837
                          RT_STRING0x946f800x200dataEnglishUnited States0.75
                          RT_STRING0x9471800x2cedataEnglishUnited States0.564066852367688
                          RT_STRING0x9474500x298dataEnglishUnited States0.6204819277108434
                          RT_STRING0x9476e80x278dataEnglishUnited States0.7848101265822784
                          RT_STRING0x9479600x2d2Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "8\011.\011M\011*\011(\011M\011(\011 "EnglishUnited States0.6481994459833795
                          RT_STRING0x947c340x29adataEnglishUnited States0.7087087087087087
                          RT_STRING0x947ed00x488dataEnglishUnited States0.5198275862068965
                          RT_STRING0x9483580x476dataEnglishUnited States0.4956217162872154
                          RT_STRING0x9487d00x49cdataEnglishUnited States0.6466101694915254
                          RT_STRING0x948c6c0x456dataEnglishUnited States0.5540540540540541
                          RT_STRING0x9490c40x3f8dataEnglishUnited States0.5974409448818898
                          RT_STRING0x9494bc0x460dataEnglishUnited States0.575
                          RT_STRING0x94991c0x4b4dataEnglishUnited States0.46677740863787376
                          RT_STRING0x949dd00x478dataEnglishUnited States0.6354895104895105
                          RT_STRING0x94a2480x470dataEnglishUnited States0.5598591549295775
                          RT_STRING0x94a6b80x41cdataEnglishUnited States0.5807984790874525
                          RT_STRING0x94aad40x426dataEnglishUnited States0.5790960451977402
                          RT_STRING0x94aefc0x488dataEnglishUnited States0.45775862068965517
                          RT_STRING0x94b3840x424dataEnglishUnited States0.6490566037735849
                          RT_STRING0x94b7a80x42cdataEnglishUnited States0.5608614232209738
                          RT_STRING0x94bbd40x43adataEnglishUnited States0.6090573012939002
                          RT_STRING0x94c0100x43cdataEnglishUnited States0.6199261992619927
                          RT_STRING0x94c44c0x59cdataEnglishUnited States0.435933147632312
                          RT_STRING0x94c9e80x500Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "\025\011@\011 "EnglishUnited States0.6640625
                          RT_STRING0x94cee80x59cdataEnglishUnited States0.5682451253481894
                          RT_STRING0x94d4840x536dataEnglishUnited States0.5907046476761619
                          RT_STRING0x94d9bc0x8e6dataEnglishUnited States0.5258999122036875
                          RT_STRING0x94e2a40xc92dataEnglishUnited States0.3334369173399627
                          RT_STRING0x94ef380xbf4dataEnglishUnited States0.5320261437908497
                          RT_STRING0x94fb2c0xc5edataEnglishUnited States0.48673404927353126
                          RT_STRING0x95078c0xcd8dataEnglishUnited States0.4382603406326034
                          RT_STRING0x9514640x92cdataEnglishUnited States0.5404599659284497
                          RT_STRING0x951d900x9cedataEnglishUnited States0.3669322709163347
                          RT_STRING0x9527600x962dataEnglishUnited States0.5104079933388843
                          RT_STRING0x9530c40x986dataEnglishUnited States0.5332239540607056
                          RT_STRING0x953a4c0x9d8dataEnglishUnited States0.4765873015873016
                          RT_STRING0x9544240x8ecdataEnglishUnited States0.563922942206655
                          RT_STRING0x954d100xcc6dataEnglishUnited States0.382262996941896
                          RT_STRING0x9559d80xca8dataEnglishUnited States0.4367283950617284
                          RT_STRING0x9566800xcbedataEnglishUnited States0.5076640098099325
                          RT_STRING0x9573400xd0cdataEnglishUnited States0.4224550898203593
                          RT_STRING0x95804c0x8a6dataEnglishUnited States0.5519421860885275
                          RT_STRING0x9588f40x256dataEnglishUnited States0.4983277591973244
                          RT_STRING0x958b4c0x260dataEnglishUnited States0.5444078947368421
                          RT_STRING0x958dac0x22edataEnglishUnited States0.6505376344086021
                          RT_STRING0x958fdc0x23adataEnglishUnited States0.5333333333333333
                          RT_STRING0x9592180x288dataEnglishUnited States0.6388888888888888
                          RT_STRING0x9594a00x7a6dataEnglishUnited States0.49284984678243104
                          RT_STRING0x959c480x820dataEnglishUnited States0.46923076923076923
                          RT_STRING0x95a4680x6bedataEnglishUnited States0.6292004634994206
                          RT_STRING0x95ab280x7d8dataEnglishUnited States0.4960159362549801
                          RT_STRING0x95b3000x636dataEnglishUnited States0.5943396226415094
                          RT_STRING0x95b9380xe0dataEnglishUnited States0.10714285714285714
                          RT_STRING0x95ba180xe0dataEnglishUnited States0.10714285714285714
                          RT_STRING0x95baf80xe0dataEnglishUnited States0.10714285714285714
                          RT_STRING0x95bbd80xe0dataEnglishUnited States0.10714285714285714
                          RT_STRING0x95bcb80xe0dataEnglishUnited States0.10714285714285714
                          RT_STRING0x95bd980x2c4dataEnglishUnited States0.634180790960452
                          RT_STRING0x95c05c0x30edataEnglishUnited States0.45524296675191817
                          RT_STRING0x95c36c0x2b2dataEnglishUnited States0.6768115942028986
                          RT_STRING0x95c6200x318dataEnglishUnited States0.5732323232323232
                          RT_STRING0x95c9380x326dataEnglishUnited States0.6178660049627791
                          RT_STRING0x95cc600x2dadataEnglishUnited States0.6328767123287671
                          RT_STRING0x95cf3c0x362dataEnglishUnited States0.3972286374133949
                          RT_STRING0x95d2a00x2f4dataEnglishUnited States0.6666666666666666
                          RT_STRING0x95d5940x302dataEnglishUnited States0.5324675324675324
                          RT_STRING0x95d8980x35adataEnglishUnited States0.5722610722610723
                          RT_STRING0x95dbf40x2cadataEnglishUnited States0.6442577030812325
                          RT_STRING0x95dec00x2b0dataEnglishUnited States0.39098837209302323
                          RT_STRING0x95e1700x2badataEnglishUnited States0.670487106017192
                          RT_STRING0x95e42c0x2f0dataEnglishUnited States0.6316489361702128
                          RT_STRING0x95e71c0x2fadataEnglishUnited States0.573490813648294
                          RT_STRING0x95ea180x2c2dataEnglishUnited States0.6147308781869688
                          RT_STRING0x95ecdc0x34cdataEnglishUnited States0.39691943127962087
                          RT_STRING0x95f0280x3a4dataEnglishUnited States0.5482832618025751
                          RT_STRING0x95f3cc0x34cdataEnglishUnited States0.566350710900474
                          RT_STRING0x95f7180x372dataEnglishUnited States0.4580498866213152
                          RT_STRING0x95fa8c0x2a4dataEnglishUnited States0.628698224852071
                          RT_STRING0x95fd300x29adataEnglishUnited States0.506006006006006
                          RT_STRING0x95ffcc0x2b4dataEnglishUnited States0.5520231213872833
                          RT_STRING0x9602800x290dataEnglishUnited States0.6829268292682927
                          RT_STRING0x9605100x274dataEnglishUnited States0.5589171974522293
                          RT_STRING0x9607840x25edataEnglishUnited States0.6897689768976898
                          RT_STRING0x9609e40x304dataEnglishUnited States0.5375647668393783
                          RT_STRING0x960ce80x334dataEnglishUnited States0.5536585365853659
                          RT_STRING0x96101c0x2e6dataEnglishUnited States0.6819407008086253
                          RT_STRING0x9613040x2fadataEnglishUnited States0.5603674540682415
                          RT_STRING0x9616000x274dataEnglishUnited States0.6449044585987261
                          RT_STRING0x9618740x33adataEnglishUnited States0.5581113801452785
                          RT_STRING0x961bb00x37cdataEnglishUnited States0.5302690582959642
                          RT_STRING0x961f2c0x2fedataEnglishUnited States0.6945169712793734
                          RT_STRING0x96222c0x34cdataEnglishUnited States0.5592417061611374
                          RT_STRING0x9625780x31cdataEnglishUnited States0.6344221105527639
                          RT_STRING0x9628940x464dataEnglishUnited States0.5729537366548043
                          RT_STRING0x962cf80x4d8dataEnglishUnited States0.46048387096774196
                          RT_STRING0x9631d00x3bcdataEnglishUnited States0.6527196652719666
                          RT_STRING0x96358c0x45edataEnglishUnited States0.5330948121645797
                          RT_STRING0x9639ec0x44adataEnglishUnited States0.5819672131147541
                          RT_STRING0x963e380x10cdataEnglishUnited States0.8470149253731343
                          RT_STRING0x963f440xc0dataEnglishUnited States0.7864583333333334
                          RT_STRING0x9640040xe6StarOffice Gallery theme \372, 154195760 objects, 1st \356\020\333\020\320\020\340\020\324\020\321\020\320\020\010EnglishUnited States0.9304347826086956
                          RT_STRING0x9640ec0xcedataEnglishUnited States0.7766990291262136
                          RT_STRING0x9641bc0xe6dataEnglishUnited States0.8608695652173913
                          RT_STRING0x9642a40x872dataEnglishUnited States0.543940795559667
                          RT_STRING0x964b180xbf6dataEnglishUnited States0.3791639451338994
                          RT_STRING0x9657100xa84dataEnglishUnited States0.5824665676077266
                          RT_STRING0x9661940xba8dataEnglishUnited States0.47989276139410186
                          RT_STRING0x966d3c0xb46dataEnglishUnited States0.5246015246015246
                          RT_STRING0x9678840x406dataEnglishUnited States0.629126213592233
                          RT_STRING0x967c8c0x216dataEnglishUnited States0.50187265917603
                          RT_STRING0x967ea40x204dataEnglishUnited States0.7596899224806202
                          RT_STRING0x9680a80x212dataEnglishUnited States0.6754716981132075
                          RT_STRING0x9682bc0x22cdataEnglishUnited States0.6151079136690647
                          RT_STRING0x9684e80x230dataEnglishUnited States0.6839285714285714
                          RT_STRING0x9687180x2fedataEnglishUnited States0.46344647519582244
                          RT_STRING0x968a180x312dataEnglishUnited States0.6743002544529262
                          RT_STRING0x968d2c0x2e8dataEnglishUnited States0.706989247311828
                          RT_STRING0x9690140x2f0dataEnglishUnited States0.5651595744680851
                          RT_STRING0x9693040x1eedataEnglishUnited States0.7489878542510121
                          RT_STRING0x9694f40x2c0dataEnglishUnited States0.48579545454545453
                          RT_STRING0x9697b40x25edataEnglishUnited States0.5429042904290429
                          RT_STRING0x969a140x20cdataEnglishUnited States0.6717557251908397
                          RT_STRING0x969c200x272dataEnglishUnited States0.5015974440894568
                          RT_STRING0x969e940x2e4dataEnglishUnited States0.6851351351351351
                          RT_STRING0x96a1780x846dataEnglishUnited States0.40557129367327666
                          RT_STRING0x96a9c00x7b8dataEnglishUnited States0.4473684210526316
                          RT_STRING0x96b1780x716dataEnglishUnited States0.5931642778390298
                          RT_STRING0x96b8900x7c4dataEnglishUnited States0.44969818913480886
                          RT_STRING0x96c0540x65cdataEnglishUnited States0.5706388206388207
                          RT_STRING0x96c6b00xa9edataEnglishUnited States0.40066225165562913
                          RT_STRING0x96d1500xa76dataEnglishUnited States0.39357729648991785
                          RT_STRING0x96dbc80x93cdataEnglishUnited States0.5376480541455161
                          RT_STRING0x96e5040xa4adataEnglishUnited States0.43242217160212604
                          RT_STRING0x96ef500x8b8dataEnglishUnited States0.5013440860215054
                          RT_STRING0x96f8080x238dataEnglishUnited States0.6355633802816901
                          RT_STRING0x96fa400x1f2dataEnglishUnited States0.5120481927710844
                          RT_STRING0x96fc340x1dedataEnglishUnited States0.7510460251046025
                          RT_STRING0x96fe140x200Targa image data - Color 1072 x 1078 x 32 +1083 +1075 "1\0040\0049\004=\0040\004."EnglishUnited States0.615234375
                          RT_STRING0x9700140x1d8dataEnglishUnited States0.6758474576271186
                          RT_STRING0x9701ec0x2fedataEnglishUnited States0.6292428198433421
                          RT_STRING0x9704ec0x376dataEnglishUnited States0.5079006772009029
                          RT_STRING0x9708640x328dataEnglishUnited States0.681930693069307
                          RT_STRING0x970b8c0x34adataEnglishUnited States0.5653206650831354
                          RT_STRING0x970ed80x31edataEnglishUnited States0.6290726817042607
                          RT_STRING0x9711f80x5e4dataEnglishUnited States0.5663129973474801
                          RT_STRING0x9717dc0x836dataEnglishUnited States0.42055185537583256
                          RT_STRING0x9720140x68edataEnglishUnited States0.6495828367103695
                          RT_STRING0x9726a40x7c2dataEnglishUnited States0.5171198388721048
                          RT_STRING0x972e680x72cdataEnglishUnited States0.5620915032679739
                          RT_STRING0x9735940x4c8dataEnglishUnited States0.6111111111111112
                          RT_STRING0x973a5c0x57adataEnglishUnited States0.43009985734664763
                          RT_STRING0x973fd80x4d6dataEnglishUnited States0.6639741518578353
                          RT_STRING0x9744b00x55adataEnglishUnited States0.6197080291970803
                          RT_STRING0x974a0c0x52cdataEnglishUnited States0.554380664652568
                          RT_STRING0x974f380x5d8dataEnglishUnited States0.608957219251337
                          RT_STRING0x9755100x95adataEnglishUnited States0.38345864661654133
                          RT_STRING0x975e6c0x876dataEnglishUnited States0.5198522622345337
                          RT_STRING0x9766e40x800dataEnglishUnited States0.5810546875
                          RT_STRING0x976ee40x8badataEnglishUnited States0.486123545210385
                          RT_STRING0x9777a00x592dataEnglishUnited States0.6227208976157083
                          RT_STRING0x977d340x494dataEnglishUnited States0.39505119453924914
                          RT_STRING0x9781c80x414dataEnglishUnited States0.4272030651340996
                          RT_STRING0x9785dc0x44edataEnglishUnited States0.5444646098003629
                          RT_STRING0x978a2c0x44adataEnglishUnited States0.43169398907103823
                          RT_STRING0x978e780x4c0dataEnglishUnited States0.537828947368421
                          RT_STRING0x9793380xa62dataEnglishUnited States0.41346877351392025
                          RT_STRING0x979d9c0xa88dataEnglishUnited States0.4328635014836795
                          RT_STRING0x97a8240x946dataEnglishUnited States0.5686604886267902
                          RT_STRING0x97b16c0xa5edataEnglishUnited States0.45139412207987945
                          RT_STRING0x97bbcc0x70cdataEnglishUnited States0.5609756097560976
                          RT_STRING0x97c2d80x14adataEnglishUnited States0.6606060606060606
                          RT_STRING0x97c4240x136dataEnglishUnited States0.635483870967742
                          RT_STRING0x97c55c0x112dataEnglishUnited States0.9051094890510949
                          RT_STRING0x97c6700x17adataEnglishUnited States0.6084656084656085
                          RT_STRING0x97c7ec0x104dataEnglishUnited States0.8961538461538462
                          RT_STRING0x97c8f00xb3adataEnglishUnited States0.4826026443980515
                          RT_STRING0x97d42c0xc7adataEnglishUnited States0.40388227927363807
                          RT_STRING0x97e0a80xa4cdataEnglishUnited States0.571320182094082
                          RT_STRING0x97eaf40xb48dataEnglishUnited States0.4878808864265928
                          RT_STRING0x97f63c0xa54dataEnglishUnited States0.5268532526475038
                          RT_STRING0x9800900xcf0dataEnglishUnited States0.5135869565217391
                          RT_STRING0x980d800xe28dataEnglishUnited States0.38051876379690946
                          RT_STRING0x981ba80xd0cdataEnglishUnited States0.5586826347305389
                          RT_STRING0x9828b40xedcdataEnglishUnited States0.47003154574132494
                          RT_STRING0x9837900xe64dataEnglishUnited States0.503257328990228
                          RT_STRING0x9845f40x452dataEnglishUnited States0.6301989150090416
                          RT_STRING0x984a480x3f0dataEnglishUnited States0.4742063492063492
                          RT_STRING0x984e380x32adataEnglishUnited States0.7358024691358025
                          RT_STRING0x9851640x34edataEnglishUnited States0.5921985815602837
                          RT_STRING0x9854b40x39edataEnglishUnited States0.6479481641468683
                          RT_STRING0x9858540x6cedataEnglishUnited States0.5597014925373134
                          RT_STRING0x985f240xa78dataEnglishUnited States0.37089552238805973
                          RT_STRING0x98699c0x932dataEnglishUnited States0.5739167374681393
                          RT_STRING0x9872d00x9a8dataEnglishUnited States0.5234627831715211
                          RT_STRING0x987c780x9a4dataEnglishUnited States0.4813614262560778
                          RT_STRING0x98861c0x4bcdataEnglishUnited States0.6452145214521452
                          RT_STRING0x988ad80x2aadataEnglishUnited States0.5381231671554252
                          RT_STRING0x988d840x27cdataEnglishUnited States0.6839622641509434
                          RT_STRING0x9890000x2a4dataEnglishUnited States0.7144970414201184
                          RT_STRING0x9892a40x2a0dataEnglishUnited States0.6502976190476191
                          RT_STRING0x9895440x246AmigaOS bitmap font "5\016*\016\025\0162\016#\016L\016\027\016 \0162\016"\016+\016%\0161\016\007\016\031", fc_YSize 26880, 8974 elements, 2nd "s", 3rd "e"EnglishUnited States0.738831615120275
                          RT_STRING0x98978c0x214dataEnglishUnited States0.5921052631578947
                          RT_STRING0x9899a00x23edataEnglishUnited States0.6515679442508711
                          RT_STRING0x989be00x27edataEnglishUnited States0.7523510971786834
                          RT_STRING0x989e600x21cdataEnglishUnited States0.6388888888888888
                          RT_STRING0x98a07c0x386dataEnglishUnited States0.6862527716186253
                          RT_STRING0x98a4040x8a0dataEnglishUnited States0.458786231884058
                          RT_STRING0x98aca40x872dataEnglishUnited States0.49167437557816834
                          RT_STRING0x98b5180x7a4dataEnglishUnited States0.6492842535787321
                          RT_STRING0x98bcbc0x83cdataEnglishUnited States0.50853889943074
                          RT_STRING0x98c4f80x644dataEnglishUnited States0.6315461346633416
                          RT_STRING0x98cb3c0x2c2AmigaOS bitmap font "3\006*\006&\006F\006'\006A\006 ", fc_YSize 4294936073, 9990 elements, 2nd "\276\011\260\011 ", 3rd "r"EnglishUnited States0.5821529745042493
                          RT_STRING0x98ce000x2f6dataEnglishUnited States0.5672823218997362
                          RT_STRING0x98d0f80x27adataEnglishUnited States0.8028391167192429
                          RT_STRING0x98d3740x2dedataEnglishUnited States0.6335149863760218
                          RT_STRING0x98d6540x276dataEnglishUnited States0.7126984126984127
                          RT_STRING0x98d8cc0x392dataEnglishUnited States0.5831509846827133
                          RT_STRING0x98dc600x3a8dataEnglishUnited States0.5160256410256411
                          RT_STRING0x98e0080x31cdataEnglishUnited States0.7273869346733668
                          RT_STRING0x98e3240x386Targa image data - Color 1072 x 1093 x 32 +1083 +1075 "\257\0049\004;\0044\004;\0048\0049\0043\004 "EnglishUnited States0.5986696230598669
                          RT_STRING0x98e6ac0x334dataEnglishUnited States0.6487804878048781
                          RT_STRING0x98e9e00xa24dataEnglishUnited States0.5161787365177196
                          RT_STRING0x98f4040xbd6dataEnglishUnited States0.4062706270627063
                          RT_STRING0x98ffdc0xaf6dataEnglishUnited States0.5823235923022095
                          RT_STRING0x990ad40xc5adataEnglishUnited States0.48007590132827327
                          RT_STRING0x9917300xc86dataEnglishUnited States0.5028072364316906
                          RT_STRING0x9923b80x952dataEnglishUnited States0.5431684828164292
                          RT_STRING0x992d0c0xabedataEnglishUnited States0.3916363636363636
                          RT_STRING0x9937cc0xa8adataEnglishUnited States0.5830244625648628
                          RT_STRING0x9942580xb78dataEnglishUnited States0.4887602179836512
                          RT_STRING0x994dd00xb80dataEnglishUnited States0.5040760869565217
                          RT_STRING0x9959500x96adataEnglishUnited States0.5439834024896265
                          RT_STRING0x9962bc0xaa2dataEnglishUnited States0.39162380602498165
                          RT_STRING0x996d600xa86dataEnglishUnited States0.5783221974758723
                          RT_STRING0x9977e80xb70dataEnglishUnited States0.5215163934426229
                          RT_STRING0x9983580xb38dataEnglishUnited States0.4794568245125348
                          RT_STRING0x998e900x9c2dataEnglishUnited States0.5612489991993594
                          RT_STRING0x9998540xc0edataEnglishUnited States0.41088788075178223
                          RT_STRING0x99a4640xb3edataEnglishUnited States0.5111188325225852
                          RT_STRING0x99afa40xbacdataEnglishUnited States0.5471887550200804
                          RT_STRING0x99bb500xb70dataEnglishUnited States0.48189890710382516
                          RT_STRING0x99c6c00x84edataEnglishUnited States0.5973659454374413
                          RT_STRING0x99cf100x7c0dataEnglishUnited States0.4329637096774194
                          RT_STRING0x99d6d00x7b4dataEnglishUnited States0.49898580121703856
                          RT_STRING0x99de840x70cdataEnglishUnited States0.5909090909090909
                          RT_STRING0x99e5900x7b0dataEnglishUnited States0.4949186991869919
                          RT_STRING0x99ed400x606dataEnglishUnited States0.6465629053177692
                          RT_STRING0x99f3480x8a4dataEnglishUnited States0.4462025316455696
                          RT_STRING0x99fbec0x8d8dataEnglishUnited States0.4620141342756184
                          RT_STRING0x9a04c40x786dataEnglishUnited States0.6246105919003115
                          RT_STRING0x9a0c4c0x872Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "\027\0110\011?\011\017\011\025\011K\011 "EnglishUnited States0.48103607770582796
                          RT_STRING0x9a14c00x6f0dataEnglishUnited States0.5996621621621622
                          RT_STRING0x9a1bb00x896dataEnglishUnited States0.47952684258416745
                          RT_STRING0x9a24480x872dataEnglishUnited States0.4398704902867715
                          RT_STRING0x9a2cbc0x77adataEnglishUnited States0.6212121212121212
                          RT_STRING0x9a34380x824dataEnglishUnited States0.4923224568138196
                          RT_STRING0x9a3c5c0x6fcdataEnglishUnited States0.5956375838926175
                          RT_STRING0x9a43580xdcdataEnglishUnited States0.8772727272727273
                          RT_STRING0x9a44340xd8dataEnglishUnited States0.7407407407407407
                          RT_STRING0x9a450c0xccdataEnglishUnited States0.9215686274509803
                          RT_STRING0x9a45d80xf0dataEnglishUnited States0.7958333333333333
                          RT_STRING0x9a46c80xcadataEnglishUnited States0.8712871287128713
                          RT_STRING0x9a47940x7dadataEnglishUnited States0.5084577114427861
                          RT_STRING0x9a4f700x97edataEnglishUnited States0.4020576131687243
                          RT_STRING0x9a58f00x7ecdataEnglishUnited States0.5729783037475346
                          RT_STRING0x9a60dc0x8eedataEnglishUnited States0.47112860892388453
                          RT_STRING0x9a69cc0x8badataEnglishUnited States0.517905102954342
                          RT_STRING0x9a72880x1f20dataEnglishUnited States0.38679718875502006
                          RT_STRING0x9a91a80x2b14dataEnglishUnited States0.2920747188973522
                          RT_STRING0x9abcbc0x2756CLIPPER COFF executable (VAX #) not stripped - version 71EnglishUnited States0.40625620655412115
                          RT_STRING0x9ae4140x2aeedataEnglishUnited States0.34795268425841674
                          RT_STRING0x9b0f040x27b2dataEnglishUnited States0.37699271796890377
                          RT_STRING0x9b36b80xc1cdataEnglishUnited States0.4483870967741935
                          RT_STRING0x9b42d40x364dataEnglishUnited States0.3467741935483871
                          RT_STRING0x9b46380x32adataEnglishUnited States0.5530864197530864
                          RT_STRING0x9b49640x33edataEnglishUnited States0.4867469879518072
                          RT_STRING0x9b4ca40x330dataEnglishUnited States0.4215686274509804
                          RT_STRING0x9b4fd40x340dataEnglishUnited States0.6153846153846154
                          RT_STRING0x9b53140x3aedataEnglishUnited States0.4447983014861996
                          RT_STRING0x9b56c40x366dataEnglishUnited States0.6091954022988506
                          RT_STRING0x9b5a2c0x3b0dataEnglishUnited States0.6038135593220338
                          RT_STRING0x9b5ddc0x390dataEnglishUnited States0.5537280701754386
                          RT_STRING0x9b616c0x2f4dataEnglishUnited States0.6917989417989417
                          RT_STRING0x9b64600x332Targa image data - RLE 1074 x 1072 x 32 +1072 +1082 "A\0045\004 "EnglishUnited States0.5158924205378973
                          RT_STRING0x9b67940x36cdataEnglishUnited States0.5901826484018264
                          RT_STRING0x9b6b000x376dataEnglishUnited States0.6557562076749436
                          RT_STRING0x9b6e780x33edataEnglishUnited States0.5783132530120482
                          RT_STRING0x9b71b80x4b4dataEnglishUnited States0.6395348837209303
                          RT_STRING0x9b766c0xba2dataEnglishUnited States0.40597716588314303
                          RT_STRING0x9b82100xc80dataEnglishUnited States0.4353125
                          RT_STRING0x9b8e900xb54dataEnglishUnited States0.5582758620689655
                          RT_STRING0x9b99e40xb5cdataEnglishUnited States0.4470426409903714
                          RT_STRING0x9ba5400x9b8dataEnglishUnited States0.5542604501607717
                          RT_STRING0x9baef80x86edataEnglishUnited States0.4712696941612604
                          RT_STRING0x9bb7680x8ecdataEnglishUnited States0.44089316987740806
                          RT_STRING0x9bc0540x7d2dataEnglishUnited States0.5934065934065934
                          RT_STRING0x9bc8280x7d4dataEnglishUnited States0.49650698602794413
                          RT_STRING0x9bcffc0x748dataEnglishUnited States0.5574034334763949
                          RT_GROUP_ICON0x9bd7440x5adataEnglishUnited States0.7333333333333333
                          RT_VERSION0x9bd7a00x488dataEnglishUnited States0.4387931034482759
                          RT_MANIFEST0x9bdc280x3d2XML 1.0 document, ASCII text, with very long lines (864)EnglishUnited States0.5398773006134969
                          DLLImport
                          ADVAPI32.dllAddAce, AdjustTokenPrivileges, AllocateAndInitializeSid, BuildTrusteeWithSidW, ChangeServiceConfig2W, ChangeServiceConfigW, CheckTokenMembership, CloseServiceHandle, ConvertSidToStringSidW, ConvertStringSidToSidW, CopySid, CreateProcessAsUserW, CreateProcessWithTokenW, CreateServiceW, DeleteService, DuplicateTokenEx, EqualSid, FreeSid, GetAce, GetAclInformation, GetLengthSid, GetNamedSecurityInfoW, GetSecurityDescriptorControl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorLength, GetSecurityDescriptorOwner, GetSecurityDescriptorSacl, GetSecurityInfo, GetSidIdentifierAuthority, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetTokenInformation, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, ImpersonateLoggedOnUser, InitializeAcl, InitializeSecurityDescriptor, InitializeSid, IsValidAcl, IsValidSecurityDescriptor, IsValidSid, LookupAccountSidW, LookupPrivilegeValueW, MakeAbsoluteSD, MakeSelfRelativeSD, OpenProcessToken, OpenSCManagerW, OpenServiceW, OpenThreadToken, QueryServiceConfigW, RegCloseKey, RegCreateKeyExW, RegDeleteKeyExW, RegDeleteValueW, RegEnumKeyExW, RegEnumValueW, RegOpenKeyExW, RegQueryInfoKeyW, RegQueryValueExW, RegSetValueExW, RegisterTraceGuidsW, RevertToSelf, SetEntriesInAclW, SetNamedSecurityInfoW, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityInfo, TraceEvent, UnregisterTraceGuids
                          dbghelp.dllSymCleanup, SymFromAddr, SymGetLineFromAddr64, SymGetSearchPathW, SymInitialize, SymSetOptions, SymSetSearchPathW
                          OLEAUT32.dllLoadTypeLib, SafeArrayAccessData, SafeArrayCreateVector, SafeArrayDestroy, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayGetVartype, SafeArrayUnaccessData, SysAllocString, SysAllocStringByteLen, SysAllocStringLen, SysFreeString, SysStringLen, SystemTimeToVariantTime, VariantClear
                          SHELL32.dllCommandLineToArgvW, SHGetFolderPathW, SHGetKnownFolderPath, ShellExecuteExW
                          USER32.dllAllowSetForegroundWindow, CharUpperW, CreateDialogParamW, CreateWindowExW, DefWindowProcW, DestroyIcon, DestroyWindow, DispatchMessageW, GetActiveWindow, GetClientRect, GetMessageW, GetMonitorInfoW, GetParent, GetQueueStatus, GetShellWindow, GetSystemMetrics, GetWindow, GetWindowLongW, GetWindowRect, GetWindowThreadProcessId, KillTimer, LoadImageW, MapWindowPoints, MessageBoxExW, MonitorFromWindow, MsgWaitForMultipleObjectsEx, PeekMessageW, PostMessageW, PostQuitMessage, RegisterClassExW, SendMessageW, SetForegroundWindow, SetTimer, SetWindowLongW, SetWindowPos, SetWindowTextW, ShowWindow, TranslateMessage, UnregisterClassW
                          KERNEL32.dllAcquireSRWLockExclusive, AcquireSRWLockShared, AssignProcessToJobObject, CloseHandle, CompareStringW, ConnectNamedPipe, CopyFileW, CreateDirectoryW, CreateEventW, CreateFileA, CreateFileMappingW, CreateFileW, CreateIoCompletionPort, CreateMutexW, CreateNamedPipeW, CreateProcessW, CreateThread, CreateToolhelp32Snapshot, DecodePointer, DeleteCriticalSection, DeleteFileW, DeleteProcThreadAttributeList, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumResourceNamesW, EnumSystemLocalesW, ExitProcess, ExpandEnvironmentStringsW, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindNextFileW, FindResourceW, FlushFileBuffers, FlushInstructionCache, FlushViewOfFile, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetComputerNameW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDiskFreeSpaceExW, GetDriveTypeW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileSizeEx, GetFileType, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoW, GetLogicalProcessorInformation, GetLogicalProcessorInformationEx, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetOEMCP, GetProcAddress, GetProcessHeap, GetProcessId, GetProcessMitigationPolicy, GetProcessTimes, GetProductInfo, GetQueuedCompletionStatus, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetSystemTimePreciseAsFileTime, GetTempPathW, GetThreadId, GetThreadPreferredUILanguages, GetThreadPriority, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserPreferredUILanguages, GetVersionExW, GetWindowsDirectoryW, GlobalAlloc, GlobalFree, GlobalMemoryStatusEx, HeapAlloc, HeapDestroy, HeapFree, HeapReAlloc, HeapSetInformation, HeapSize, InitOnceExecuteOnce, InitializeConditionVariable, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeProcThreadAttributeList, InitializeSListHead, InitializeSRWLock, InterlockedPopEntrySList, InterlockedPushEntrySList, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32GetModuleInformation, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadResource, LocalFree, LockFileEx, LockResource, MapViewOfFile, MoveFileExW, MoveFileW, MultiByteToWideChar, OpenProcess, OutputDebugStringA, OutputDebugStringW, PostQueuedCompletionStatus, Process32FirstW, Process32NextW, ProcessIdToSessionId, QueryFullProcessImageNameW, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, ReleaseMutex, ReleaseSRWLockExclusive, ReleaseSRWLockShared, RemoveDirectoryW, ReplaceFileW, ResetEvent, RtlCaptureStackBackTrace, RtlUnwind, SetCurrentDirectoryW, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFileInformationByHandle, SetFilePointer, SetFilePointerEx, SetFileTime, SetHandleInformation, SetLastError, SetProcessWorkingSetSize, SetStdHandle, SetThreadInformation, SetThreadPriority, SetUnhandledExceptionFilter, SizeofResource, Sleep, SleepConditionVariableSRW, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, TzSpecificLocalTimeToSystemTime, UnhandledExceptionFilter, UnlockFileEx, UnmapViewOfFile, UnregisterWaitEx, UpdateProcThreadAttribute, VerSetConditionMask, VerifyVersionInfoW, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, WTSGetActiveConsoleSessionId, WaitForMultipleObjects, WaitForSingleObject, WaitNamedPipeW, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile, lstrcmpiW
                          ole32.dllCoAddRefServerProcess, CoCreateInstance, CoGetCallContext, CoInitializeEx, CoRegisterClassObject, CoRegisterInitializeSpy, CoReleaseServerProcess, CoResumeClassObjects, CoRevokeClassObject, CoRevokeInitializeSpy, CoSetProxyBlanket, CoTaskMemFree, CoUninitialize, IIDFromString, StringFromGUID2
                          Secur32.dllGetUserNameExW
                          WTSAPI32.dllWTSEnumerateSessionsW, WTSFreeMemory, WTSQuerySessionInformationW
                          USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, EnterCriticalPolicySection, LeaveCriticalPolicySection, UnloadUserProfile
                          WINHTTP.dllWinHttpAddRequestHeaders, WinHttpCloseHandle, WinHttpConnect, WinHttpGetProxyForUrl, WinHttpOpen, WinHttpOpenRequest, WinHttpQueryHeaders, WinHttpReadData, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpSetOption, WinHttpSetStatusCallback
                          SHLWAPI.dllPathMatchSpecW
                          ntdll.dllNtDeleteKey
                          WINMM.dlltimeBeginPeriod, timeEndPeriod, timeGetTime
                          api-ms-win-core-winrt-l1-1-0.dllRoInitialize, RoUninitialize
                          NameOrdinalAddress
                          GetHandleVerifier10x4b3750
                          Language of compilation systemCountry where language is spokenMap
                          EnglishUnited States
                          No network behavior found

                          Click to jump to process

                          Click to jump to process

                          Click to dive into process behavior distribution

                          Click to jump to process

                          Target ID:0
                          Start time:12:29:11
                          Start date:23/10/2024
                          Path:C:\Users\user\Desktop\connector_installer.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Users\user\Desktop\connector_installer.exe"
                          Imagebase:0x4c0000
                          File size:10'219'392 bytes
                          MD5 hash:E6C6E9F4F0597BDFBA49A8725945C5CE
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          Target ID:1
                          Start time:12:29:12
                          Start date:23/10/2024
                          Path:C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe
                          Wow64 process (32bit):true
                          Commandline:"C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe" --install=appguid={79CA0169-DEE3-4588-AB99-0FFBD277EEE0}&iid={A7BF5C8D-E83D-89A6-5A3B-0F5DCC3906D6}&lang=en&browser=4&usagestats=0&appname=Google%20Cloud%20Certificate%20Connector&needsadmin=true --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2
                          Imagebase:0x940000
                          File size:5'507'168 bytes
                          MD5 hash:E2937E33C2554EECC37C804A7F99F8B7
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Antivirus matches:
                          • Detection: 0%, ReversingLabs
                          Reputation:low
                          Has exited:false

                          Target ID:2
                          Start time:12:29:12
                          Start date:23/10/2024
                          Path:C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe
                          Wow64 process (32bit):true
                          Commandline:C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=131.0.6776.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8
                          Imagebase:0x940000
                          File size:5'507'168 bytes
                          MD5 hash:E2937E33C2554EECC37C804A7F99F8B7
                          Has elevated privileges:true
                          Has administrator privileges:true
                          Programmed in:C, C++ or other language
                          Reputation:low
                          Has exited:false

                          No disassembly