Windows
Analysis Report
connector_installer.exe
Overview
General Information
Detection
Score: | 19 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 40% |
Compliance
Score: | 47 |
Range: | 0 - 100 |
Signatures
Classification
- System is w10x64
- connector_installer.exe (PID: 7316 cmdline:
"C:\Users\ user\Deskt op\connect or_install er.exe" MD5: E6C6E9F4F0597BDFBA49A8725945C5CE) - updater.exe (PID: 7352 cmdline:
"C:\Window s\SystemTe mp\Google7 316_619805 51\bin\upd ater.exe" --install= appguid={7 9CA0169-DE E3-4588-AB 99-0FFBD27 7EEE0}&iid ={A7BF5C8D -E83D-89A6 -5A3B-0F5D CC3906D6}& lang=en&br owser=4&us agestats=0 &appname=G oogle%20Cl oud%20Cert ificate%20 Connector& needsadmin =true --en able-loggi ng --vmodu le=*/compo nents/winh ttp/*=1,*/ components /update_cl ient/*=2,* /chrome/en terprise_c ompanion/* =2,*/chrom e/updater/ *=2 MD5: E2937E33C2554EECC37C804A7F99F8B7) - updater.exe (PID: 7372 cmdline:
C:\Windows \SystemTem p\Google73 16_6198055 1\bin\upda ter.exe -- crash-hand ler --syst em "--data base=C:\Pr ogram File s (x86)\Go ogle\Googl eUpdater\1 31.0.6776. 0\Crashpad " --url=ht tps://clie nts2.googl e.com/cr/r eport --an notation=p rod=Update 4 --annota tion=ver=1 31.0.6776. 0 "--attac hment=C:\P rogram Fil es (x86)\G oogle\Goog leUpdater\ updater.lo g" --initi al-client- data=0x28c ,0x290,0x2 94,0x268,0 x298,0xdd6 290,0xdd62 9c,0xdd62a 8 MD5: E2937E33C2554EECC37C804A7F99F8B7)
- cleanup
Click to jump to signature section
Compliance |
---|
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | Executable created and started: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Command and Scripting Interpreter | 1 Scheduled Task/Job | 11 Process Injection | 121 Masquerading | OS Credential Dumping | 1 Process Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Scheduled Task/Job | 1 DLL Side-Loading | 1 Scheduled Task/Job | 11 Process Injection | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 DLL Side-Loading | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 File Deletion | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | ReversingLabs |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1540398 |
Start date and time: | 2024-10-23 18:28:18 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | connector_installer.exe |
Detection: | CLEAN |
Classification: | clean19.evad.winEXE@5/9@0/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: connector_installer.exe
Time | Type | Description |
---|---|---|
17:29:13 | Task Scheduler |
Process: | C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 4.923215133873056 |
Encrypted: | false |
SSDEEP: | 12:2snTJp6rOanOFkgU4hEu8NRaPJRRmvxOgtc/aH+ndUE:7T+rjO+Z4hTb6dIa8P |
MD5: | FBC297EE9060D4256192E4EDB98CAD1B |
SHA1: | F305C065378AEC46EB4DACAAEEE3F866B1527105 |
SHA-256: | 099592FFA867124D16C0C6D868AF1214FD2B7180FA76E4EEE01ABF2A5CF8F044 |
SHA-512: | C867D366252E5124C6560FBB42ED4473DC7546360BC1221E9FCBC192E9216D6265E41AD26A733F7566C064B136AE02E21EF5F7095FCB6AE6F65B6FBEB3401FFE |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5507168 |
Entropy (8bit): | 6.777859624994641 |
Encrypted: | false |
SSDEEP: | 98304:gcFdYcc8M9AE4MaqYWx/4c5UwVlxw0UVRuGXNRp45RK0wtIFC7VjwizP:gcLYcp/E4oR94c5tK0UVDuC0wtIFC7JD |
MD5: | E2937E33C2554EECC37C804A7F99F8B7 |
SHA1: | 2C33D4573E21C7D18DE1D3F337BACD7C4E58FE87 |
SHA-256: | 5DDE29F028E75EE72F50902D20C41B699EF8FC5C294F04A321DEAC6909FFE409 |
SHA-512: | CF50E630CD75483F5887153490AB5C55E21A711541D0A4AA0E29D055F42076F7D58EDF743BFF26E145B56A69B6BE9F6704E9C2B071BE0AA5A7F6CC1F6BE3406F |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49 |
Entropy (8bit): | 4.5172723438944455 |
Encrypted: | false |
SSDEEP: | 3:YEGSAsPMHoo2S8ty:YEGMa2q |
MD5: | 4A2784F1CA879E8FBBD97E39D0DE3CC9 |
SHA1: | A0EB8B63B4B19B134B46FEA8E66F819105F004E8 |
SHA-256: | 2BCD0A4051B1FA5B0444CEE9FD9F7341FAFE1EAE36659511926EBEFBA648DEE9 |
SHA-512: | 95E64A2AFBDBA5943410F912EBA5BC626CBE775C14DD8A3AC8FB6C8C0301762190C15844F2776F894088CF937450E383464592BEE8E24308C6F90029D5A57F57 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49 |
Entropy (8bit): | 4.5172723438944455 |
Encrypted: | false |
SSDEEP: | 3:YEGSAsPMHoo2S8ty:YEGMa2q |
MD5: | 4A2784F1CA879E8FBBD97E39D0DE3CC9 |
SHA1: | A0EB8B63B4B19B134B46FEA8E66F819105F004E8 |
SHA-256: | 2BCD0A4051B1FA5B0444CEE9FD9F7341FAFE1EAE36659511926EBEFBA648DEE9 |
SHA-512: | 95E64A2AFBDBA5943410F912EBA5BC626CBE775C14DD8A3AC8FB6C8C0301762190C15844F2776F894088CF937450E383464592BEE8E24308C6F90029D5A57F57 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe |
File Type: | |
Category: | modified |
Size (bytes): | 6465 |
Entropy (8bit): | 5.6267060417247325 |
Encrypted: | false |
SSDEEP: | 96:JZ/lZNKR2GRZrDWwOrvKe53hMe4Se4Wqe4Ne4Pae4fe4uL:C9SFrvvrMswqn1aZAL |
MD5: | F732702EE2742C60BF635C5F246DA4E7 |
SHA1: | CD7BB1CD12422229032303DE0CC679421EA09A30 |
SHA-256: | 0C9C654D04440958F22FC2FF47B7AF687572F7DC75382A6D717ADB348C59FB64 |
SHA-512: | 109A8D226EAE7FA2CEABA1A9553E9D2D512A8E2DB2DE2C298902BC6BE40CB326AA9AC59E08E60D32CB1AB514F8A2CB7AFA097A74D79568D2A96730A544A94644 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\connector_installer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5508148 |
Entropy (8bit): | 6.778006060999788 |
Encrypted: | false |
SSDEEP: | 98304:VcFdYcc8M9AE4MaqYWx/4c5UwVlxw0UVRuGXNRp45RK0wtIFC7VjwizR:VcLYcp/E4oR94c5tK0UVDuC0wtIFC7JF |
MD5: | 80881BE77BAA2AEF7DFF04E892E844DB |
SHA1: | 7F0D971D845089AD856DEF886F9DA1FE57FF47A8 |
SHA-256: | 8936179EB5C40842E019421662490F251202DC603884E94B040A3605EF7E218C |
SHA-512: | 1B058EE94FB6AFA042B82ACAD38D733C88C04E67691C45ADD1B03AD1EE40578E5B3BFAEDFD47DCA1F97F5AA7E3D37C15D444B28C18D754392044ED41538E3C61 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\connector_installer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 4.923215133873056 |
Encrypted: | false |
SSDEEP: | 12:2snTJp6rOanOFkgU4hEu8NRaPJRRmvxOgtc/aH+ndUE:7T+rjO+Z4hTb6dIa8P |
MD5: | FBC297EE9060D4256192E4EDB98CAD1B |
SHA1: | F305C065378AEC46EB4DACAAEEE3F866B1527105 |
SHA-256: | 099592FFA867124D16C0C6D868AF1214FD2B7180FA76E4EEE01ABF2A5CF8F044 |
SHA-512: | C867D366252E5124C6560FBB42ED4473DC7546360BC1221E9FCBC192E9216D6265E41AD26A733F7566C064B136AE02E21EF5F7095FCB6AE6F65B6FBEB3401FFE |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\connector_installer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5507168 |
Entropy (8bit): | 6.777859624994641 |
Encrypted: | false |
SSDEEP: | 98304:gcFdYcc8M9AE4MaqYWx/4c5UwVlxw0UVRuGXNRp45RK0wtIFC7VjwizP:gcLYcp/E4oR94c5tK0UVDuC0wtIFC7JD |
MD5: | E2937E33C2554EECC37C804A7F99F8B7 |
SHA1: | 2C33D4573E21C7D18DE1D3F337BACD7C4E58FE87 |
SHA-256: | 5DDE29F028E75EE72F50902D20C41B699EF8FC5C294F04A321DEAC6909FFE409 |
SHA-512: | CF50E630CD75483F5887153490AB5C55E21A711541D0A4AA0E29D055F42076F7D58EDF743BFF26E145B56A69B6BE9F6704E9C2B071BE0AA5A7F6CC1F6BE3406F |
Malicious: | true |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\connector_installer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5508018 |
Entropy (8bit): | 6.778021914227375 |
Encrypted: | false |
SSDEEP: | 98304:TcFdYcc8M9AE4MaqYWx/4c5UwVlxw0UVRuGXNRp45RK0wtIFC7VjwizM:TcLYcp/E4oR94c5tK0UVDuC0wtIFC7JI |
MD5: | 07C50FFA6B1A66C09192D26158B76011 |
SHA1: | B54FC7A3D0F30A65C67B1641F11D161D4BD8BFE9 |
SHA-256: | 92975F728E9211F63893B1DFC1612112EE1196EFB187F18C42BF7008E2A7FE11 |
SHA-512: | A263F718544FACA253D7890B92817581F467431DBBBFDD9DB38F1AC034192AD6C03C2B65E24EF5448FC3C2A7AA5750DA6AA8B4AE264832BD58E29F5AD57F9714 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.781764651464666 |
TrID: |
|
File name: | connector_installer.exe |
File size: | 10'219'392 bytes |
MD5: | e6c6e9f4f0597bdfba49a8725945c5ce |
SHA1: | 3d0dda58389100c76d3446ee3486d85316faecf4 |
SHA256: | 861416f2bdf4cd9c1cd2c8c227e38156fdd3d12cbadf678e954d8336450e505f |
SHA512: | 8678428f0881d7685a736b71c64381dfaa0012d43ff7abc047b2ebbc05c2928f256ec908e99c21602370d035c7070024b139d52c8a384efac70ee13ca540182b |
SSDEEP: | 196608:zIC0KQrG/rJP2sX52l/0qPX1UjN4vcLYcp/E4oR94c5tK0UVDuC0wtIFC7JzblE:z3bQrcX5a/0qdUjN4vWZp/a9Z540UVDc |
TLSH: | 53A69D02FAA05130E5A33276B93D673E9D367E329B358ACB86442CC82FB47D1553935B |
File Content Preview: | MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L......g.........."......B3..^h......o............@..........................p......*z....@...........................<.U.....<.@.. |
Icon Hash: | 2f232d67b7934633 |
Entrypoint: | 0x5b6fd0 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x670C89AA [Mon Oct 14 03:02:02 2024 UTC] |
TLS Callbacks: | 0x4f3a20, 0x5b5ed0, 0x4c51c0, 0x5b5760, 0x47eac0, 0x4e4c70 |
CLR (.Net) Version: | |
OS Version Major: | 10 |
OS Version Minor: | 0 |
File Version Major: | 10 |
File Version Minor: | 0 |
Subsystem Version Major: | 10 |
Subsystem Version Minor: | 0 |
Import Hash: | e67b7bbd4fffe24d331de3ccaeea9874 |
Signature Valid: | true |
Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | F87B1BFA8FFB860CE59A8D63EC60262F |
Thumbprint SHA-1: | 607A3EDAA64933E94422FC8F0C80388E0590986C |
Thumbprint SHA-256: | 2029505D14BAF18AF60A0D1A7D8B56447DB643B32FAA849D4C08D2AB1FF3A4FD |
Serial: | 0B50CF246B263EFD85A729315158F3FF |
Instruction |
---|
call 00007FB88482157Ah |
jmp 00007FB8848213EDh |
mov ecx, dword ptr [007CF040h] |
push esi |
push edi |
mov edi, BB40E64Eh |
mov esi, FFFF0000h |
cmp ecx, edi |
je 00007FB884821576h |
test esi, ecx |
jne 00007FB884821598h |
call 00007FB8848215A1h |
mov ecx, eax |
cmp ecx, edi |
jne 00007FB884821579h |
mov ecx, BB40E64Fh |
jmp 00007FB884821580h |
test esi, ecx |
jne 00007FB88482157Ch |
or eax, 00004711h |
shl eax, 10h |
or ecx, eax |
mov dword ptr [007CF040h], ecx |
not ecx |
pop edi |
mov dword ptr [007CF080h], ecx |
pop esi |
ret |
push ebp |
mov ebp, esp |
sub esp, 14h |
and dword ptr [ebp-0Ch], 00000000h |
lea eax, dword ptr [ebp-0Ch] |
and dword ptr [ebp-08h], 00000000h |
push eax |
call dword ptr [007C9634h] |
mov eax, dword ptr [ebp-08h] |
xor eax, dword ptr [ebp-0Ch] |
mov dword ptr [ebp-04h], eax |
call dword ptr [007C95A0h] |
xor dword ptr [ebp-04h], eax |
call dword ptr [007C9598h] |
xor dword ptr [ebp-04h], eax |
lea eax, dword ptr [ebp-14h] |
push eax |
call dword ptr [007C971Ch] |
mov eax, dword ptr [ebp-10h] |
lea ecx, dword ptr [ebp-04h] |
xor eax, dword ptr [ebp-14h] |
xor eax, dword ptr [ebp-04h] |
xor eax, ecx |
leave |
ret |
mov eax, 00004000h |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
mov al, 01h |
ret |
push 00030000h |
push 00010000h |
push 00000000h |
call 00007FB884830CEAh |
add esp, 0Ch |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x3c8a90 | 0x55 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3c8ae8 | 0x140 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3ee000 | 0x5cfffc | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x9ba600 | 0x4980 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x9be000 | 0x1864c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x3c3bb0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x3c3940 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x3361c8 | 0xc0 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x3c928c | 0x664 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x33410e | 0x334200 | f5d91c37cebeaa9cf35e4b1aa2dfeb22 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x336000 | 0x98120 | 0x98200 | 4b539d5307ef9915b125e98c3f1fc37e | False | 0.3671762659202958 | Matlab v4 mat-file (little endian) \345\244\374L\275>s\346\025Er\335X9|, numeric, rows 0, columns 0 | 6.214330366905451 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x3cf000 | 0x1b54c | 0x5000 | 3a3ae1ff79ee588d45f81a1f3cd7823e | False | 0.125390625 | data | 3.235208929220571 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x3eb000 | 0x175 | 0x200 | 4b6bb5b517191dcae9f6ef4ceb8a6060 | False | 0.07421875 | data | 0.34262747993819864 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
CPADinfo | 0x3ec000 | 0x28 | 0x200 | 842689af09e7bf563672a4b43f1a2286 | False | 0.04296875 | data | 0.12227588125913882 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
malloc_h | 0x3ed000 | 0xb9 | 0x200 | 0d7d6bc463fa2562251debc2954e8535 | False | 0.3671875 | data | 3.040564321777124 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x3ee000 | 0x5cfffc | 0x5d0000 | 3937b4acacbb9e68880188b64527576c | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x9be000 | 0x1864c | 0x18800 | e598955636f0176cbb5405f206fb7dc8 | False | 0.6558812978316326 | data | 6.693908233075818 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
B7 | 0x3f20bc | 0x540c34 | 7-zip archive data, version 0.4 | English | United States | 0.5005550384521484 |
RT_BITMAP | 0x932cf0 | 0xa8e8 | Device independent bitmap graphic, 120 x 120 x 24, image size 0, resolution 3780 x 3780 px/m | English | United States | 0.4533765032377428 |
RT_ICON | 0x93d5d8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colors | English | United States | 0.6317567567567568 |
RT_ICON | 0x93d700 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colors | English | United States | 0.5823699421965318 |
RT_ICON | 0x93dc68 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colors | English | United States | 0.5120967741935484 |
RT_ICON | 0x93df50 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.5455776173285198 |
RT_ICON | 0x93e7f8 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1536 | English | United States | 0.36341463414634145 |
RT_ICON | 0x93ee60 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688 | English | United States | 0.42350746268656714 |
RT_DIALOG | 0x93fd08 | 0x5a | data | English | United States | 0.7555555555555555 |
RT_STRING | 0x93fd64 | 0xd0a | data | English | United States | 0.4682444577591372 |
RT_STRING | 0x940a70 | 0xdd2 | data | English | United States | 0.38157150932730355 |
RT_STRING | 0x941844 | 0xc0c | data | English | United States | 0.5239948119325551 |
RT_STRING | 0x942450 | 0xd3c | Targa image data - Color 1072 x 1093 x 32 +1083 +1075 "\257\0045\0044\004 " | English | United States | 0.4542502951593861 |
RT_STRING | 0x94318c | 0xbac | data | English | United States | 0.499665327978581 |
RT_STRING | 0x943d38 | 0x396 | data | English | United States | 0.6285403050108932 |
RT_STRING | 0x9440d0 | 0x2dc | data | English | United States | 0.4959016393442623 |
RT_STRING | 0x9443ac | 0x282 | data | English | United States | 0.7819314641744548 |
RT_STRING | 0x944630 | 0x2be | data | English | United States | 0.603988603988604 |
RT_STRING | 0x9448f0 | 0x2ce | data | English | United States | 0.6782729805013927 |
RT_STRING | 0x944bc0 | 0x1c6 | data | English | United States | 0.7026431718061674 |
RT_STRING | 0x944d88 | 0x1d6 | data | English | United States | 0.5808510638297872 |
RT_STRING | 0x944f60 | 0x1f0 | data | English | United States | 0.7701612903225806 |
RT_STRING | 0x945150 | 0x1d8 | data | English | United States | 0.6334745762711864 |
RT_STRING | 0x945328 | 0x1ca | data | English | United States | 0.7183406113537117 |
RT_STRING | 0x9454f4 | 0x21a | data | English | United States | 0.6672862453531598 |
RT_STRING | 0x945710 | 0x28e | data | English | United States | 0.43577981651376146 |
RT_STRING | 0x9459a0 | 0x27c | data | English | United States | 0.7468553459119497 |
RT_STRING | 0x945c1c | 0x2ae | data | English | United States | 0.6749271137026239 |
RT_STRING | 0x945ecc | 0x280 | data | English | United States | 0.6296875 |
RT_STRING | 0x94614c | 0x152 | data | English | United States | 0.7958579881656804 |
RT_STRING | 0x9462a0 | 0xcc | data | English | United States | 0.7401960784313726 |
RT_STRING | 0x94636c | 0xd2 | data | English | United States | 0.8904761904761904 |
RT_STRING | 0x946440 | 0xea | data | English | United States | 0.8974358974358975 |
RT_STRING | 0x94652c | 0xe8 | data | English | United States | 0.7931034482758621 |
RT_STRING | 0x946614 | 0x124 | data | English | United States | 0.8561643835616438 |
RT_STRING | 0x946738 | 0x20c | Targa image data - RLE 1083 x 1103 x 32 +1077 +1075 "A\0045\004." | English | United States | 0.601145038167939 |
RT_STRING | 0x946944 | 0x21c | data | English | United States | 0.6611111111111111 |
RT_STRING | 0x946b60 | 0x24c | data | English | United States | 0.7261904761904762 |
RT_STRING | 0x946dac | 0x1d2 | data | English | United States | 0.6609442060085837 |
RT_STRING | 0x946f80 | 0x200 | data | English | United States | 0.75 |
RT_STRING | 0x947180 | 0x2ce | data | English | United States | 0.564066852367688 |
RT_STRING | 0x947450 | 0x298 | data | English | United States | 0.6204819277108434 |
RT_STRING | 0x9476e8 | 0x278 | data | English | United States | 0.7848101265822784 |
RT_STRING | 0x947960 | 0x2d2 | Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "8\011.\011M\011*\011(\011M\011(\011 " | English | United States | 0.6481994459833795 |
RT_STRING | 0x947c34 | 0x29a | data | English | United States | 0.7087087087087087 |
RT_STRING | 0x947ed0 | 0x488 | data | English | United States | 0.5198275862068965 |
RT_STRING | 0x948358 | 0x476 | data | English | United States | 0.4956217162872154 |
RT_STRING | 0x9487d0 | 0x49c | data | English | United States | 0.6466101694915254 |
RT_STRING | 0x948c6c | 0x456 | data | English | United States | 0.5540540540540541 |
RT_STRING | 0x9490c4 | 0x3f8 | data | English | United States | 0.5974409448818898 |
RT_STRING | 0x9494bc | 0x460 | data | English | United States | 0.575 |
RT_STRING | 0x94991c | 0x4b4 | data | English | United States | 0.46677740863787376 |
RT_STRING | 0x949dd0 | 0x478 | data | English | United States | 0.6354895104895105 |
RT_STRING | 0x94a248 | 0x470 | data | English | United States | 0.5598591549295775 |
RT_STRING | 0x94a6b8 | 0x41c | data | English | United States | 0.5807984790874525 |
RT_STRING | 0x94aad4 | 0x426 | data | English | United States | 0.5790960451977402 |
RT_STRING | 0x94aefc | 0x488 | data | English | United States | 0.45775862068965517 |
RT_STRING | 0x94b384 | 0x424 | data | English | United States | 0.6490566037735849 |
RT_STRING | 0x94b7a8 | 0x42c | data | English | United States | 0.5608614232209738 |
RT_STRING | 0x94bbd4 | 0x43a | data | English | United States | 0.6090573012939002 |
RT_STRING | 0x94c010 | 0x43c | data | English | United States | 0.6199261992619927 |
RT_STRING | 0x94c44c | 0x59c | data | English | United States | 0.435933147632312 |
RT_STRING | 0x94c9e8 | 0x500 | Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "\025\011@\011 " | English | United States | 0.6640625 |
RT_STRING | 0x94cee8 | 0x59c | data | English | United States | 0.5682451253481894 |
RT_STRING | 0x94d484 | 0x536 | data | English | United States | 0.5907046476761619 |
RT_STRING | 0x94d9bc | 0x8e6 | data | English | United States | 0.5258999122036875 |
RT_STRING | 0x94e2a4 | 0xc92 | data | English | United States | 0.3334369173399627 |
RT_STRING | 0x94ef38 | 0xbf4 | data | English | United States | 0.5320261437908497 |
RT_STRING | 0x94fb2c | 0xc5e | data | English | United States | 0.48673404927353126 |
RT_STRING | 0x95078c | 0xcd8 | data | English | United States | 0.4382603406326034 |
RT_STRING | 0x951464 | 0x92c | data | English | United States | 0.5404599659284497 |
RT_STRING | 0x951d90 | 0x9ce | data | English | United States | 0.3669322709163347 |
RT_STRING | 0x952760 | 0x962 | data | English | United States | 0.5104079933388843 |
RT_STRING | 0x9530c4 | 0x986 | data | English | United States | 0.5332239540607056 |
RT_STRING | 0x953a4c | 0x9d8 | data | English | United States | 0.4765873015873016 |
RT_STRING | 0x954424 | 0x8ec | data | English | United States | 0.563922942206655 |
RT_STRING | 0x954d10 | 0xcc6 | data | English | United States | 0.382262996941896 |
RT_STRING | 0x9559d8 | 0xca8 | data | English | United States | 0.4367283950617284 |
RT_STRING | 0x956680 | 0xcbe | data | English | United States | 0.5076640098099325 |
RT_STRING | 0x957340 | 0xd0c | data | English | United States | 0.4224550898203593 |
RT_STRING | 0x95804c | 0x8a6 | data | English | United States | 0.5519421860885275 |
RT_STRING | 0x9588f4 | 0x256 | data | English | United States | 0.4983277591973244 |
RT_STRING | 0x958b4c | 0x260 | data | English | United States | 0.5444078947368421 |
RT_STRING | 0x958dac | 0x22e | data | English | United States | 0.6505376344086021 |
RT_STRING | 0x958fdc | 0x23a | data | English | United States | 0.5333333333333333 |
RT_STRING | 0x959218 | 0x288 | data | English | United States | 0.6388888888888888 |
RT_STRING | 0x9594a0 | 0x7a6 | data | English | United States | 0.49284984678243104 |
RT_STRING | 0x959c48 | 0x820 | data | English | United States | 0.46923076923076923 |
RT_STRING | 0x95a468 | 0x6be | data | English | United States | 0.6292004634994206 |
RT_STRING | 0x95ab28 | 0x7d8 | data | English | United States | 0.4960159362549801 |
RT_STRING | 0x95b300 | 0x636 | data | English | United States | 0.5943396226415094 |
RT_STRING | 0x95b938 | 0xe0 | data | English | United States | 0.10714285714285714 |
RT_STRING | 0x95ba18 | 0xe0 | data | English | United States | 0.10714285714285714 |
RT_STRING | 0x95baf8 | 0xe0 | data | English | United States | 0.10714285714285714 |
RT_STRING | 0x95bbd8 | 0xe0 | data | English | United States | 0.10714285714285714 |
RT_STRING | 0x95bcb8 | 0xe0 | data | English | United States | 0.10714285714285714 |
RT_STRING | 0x95bd98 | 0x2c4 | data | English | United States | 0.634180790960452 |
RT_STRING | 0x95c05c | 0x30e | data | English | United States | 0.45524296675191817 |
RT_STRING | 0x95c36c | 0x2b2 | data | English | United States | 0.6768115942028986 |
RT_STRING | 0x95c620 | 0x318 | data | English | United States | 0.5732323232323232 |
RT_STRING | 0x95c938 | 0x326 | data | English | United States | 0.6178660049627791 |
RT_STRING | 0x95cc60 | 0x2da | data | English | United States | 0.6328767123287671 |
RT_STRING | 0x95cf3c | 0x362 | data | English | United States | 0.3972286374133949 |
RT_STRING | 0x95d2a0 | 0x2f4 | data | English | United States | 0.6666666666666666 |
RT_STRING | 0x95d594 | 0x302 | data | English | United States | 0.5324675324675324 |
RT_STRING | 0x95d898 | 0x35a | data | English | United States | 0.5722610722610723 |
RT_STRING | 0x95dbf4 | 0x2ca | data | English | United States | 0.6442577030812325 |
RT_STRING | 0x95dec0 | 0x2b0 | data | English | United States | 0.39098837209302323 |
RT_STRING | 0x95e170 | 0x2ba | data | English | United States | 0.670487106017192 |
RT_STRING | 0x95e42c | 0x2f0 | data | English | United States | 0.6316489361702128 |
RT_STRING | 0x95e71c | 0x2fa | data | English | United States | 0.573490813648294 |
RT_STRING | 0x95ea18 | 0x2c2 | data | English | United States | 0.6147308781869688 |
RT_STRING | 0x95ecdc | 0x34c | data | English | United States | 0.39691943127962087 |
RT_STRING | 0x95f028 | 0x3a4 | data | English | United States | 0.5482832618025751 |
RT_STRING | 0x95f3cc | 0x34c | data | English | United States | 0.566350710900474 |
RT_STRING | 0x95f718 | 0x372 | data | English | United States | 0.4580498866213152 |
RT_STRING | 0x95fa8c | 0x2a4 | data | English | United States | 0.628698224852071 |
RT_STRING | 0x95fd30 | 0x29a | data | English | United States | 0.506006006006006 |
RT_STRING | 0x95ffcc | 0x2b4 | data | English | United States | 0.5520231213872833 |
RT_STRING | 0x960280 | 0x290 | data | English | United States | 0.6829268292682927 |
RT_STRING | 0x960510 | 0x274 | data | English | United States | 0.5589171974522293 |
RT_STRING | 0x960784 | 0x25e | data | English | United States | 0.6897689768976898 |
RT_STRING | 0x9609e4 | 0x304 | data | English | United States | 0.5375647668393783 |
RT_STRING | 0x960ce8 | 0x334 | data | English | United States | 0.5536585365853659 |
RT_STRING | 0x96101c | 0x2e6 | data | English | United States | 0.6819407008086253 |
RT_STRING | 0x961304 | 0x2fa | data | English | United States | 0.5603674540682415 |
RT_STRING | 0x961600 | 0x274 | data | English | United States | 0.6449044585987261 |
RT_STRING | 0x961874 | 0x33a | data | English | United States | 0.5581113801452785 |
RT_STRING | 0x961bb0 | 0x37c | data | English | United States | 0.5302690582959642 |
RT_STRING | 0x961f2c | 0x2fe | data | English | United States | 0.6945169712793734 |
RT_STRING | 0x96222c | 0x34c | data | English | United States | 0.5592417061611374 |
RT_STRING | 0x962578 | 0x31c | data | English | United States | 0.6344221105527639 |
RT_STRING | 0x962894 | 0x464 | data | English | United States | 0.5729537366548043 |
RT_STRING | 0x962cf8 | 0x4d8 | data | English | United States | 0.46048387096774196 |
RT_STRING | 0x9631d0 | 0x3bc | data | English | United States | 0.6527196652719666 |
RT_STRING | 0x96358c | 0x45e | data | English | United States | 0.5330948121645797 |
RT_STRING | 0x9639ec | 0x44a | data | English | United States | 0.5819672131147541 |
RT_STRING | 0x963e38 | 0x10c | data | English | United States | 0.8470149253731343 |
RT_STRING | 0x963f44 | 0xc0 | data | English | United States | 0.7864583333333334 |
RT_STRING | 0x964004 | 0xe6 | StarOffice Gallery theme \372, 154195760 objects, 1st \356\020\333\020\320\020\340\020\324\020\321\020\320\020\010 | English | United States | 0.9304347826086956 |
RT_STRING | 0x9640ec | 0xce | data | English | United States | 0.7766990291262136 |
RT_STRING | 0x9641bc | 0xe6 | data | English | United States | 0.8608695652173913 |
RT_STRING | 0x9642a4 | 0x872 | data | English | United States | 0.543940795559667 |
RT_STRING | 0x964b18 | 0xbf6 | data | English | United States | 0.3791639451338994 |
RT_STRING | 0x965710 | 0xa84 | data | English | United States | 0.5824665676077266 |
RT_STRING | 0x966194 | 0xba8 | data | English | United States | 0.47989276139410186 |
RT_STRING | 0x966d3c | 0xb46 | data | English | United States | 0.5246015246015246 |
RT_STRING | 0x967884 | 0x406 | data | English | United States | 0.629126213592233 |
RT_STRING | 0x967c8c | 0x216 | data | English | United States | 0.50187265917603 |
RT_STRING | 0x967ea4 | 0x204 | data | English | United States | 0.7596899224806202 |
RT_STRING | 0x9680a8 | 0x212 | data | English | United States | 0.6754716981132075 |
RT_STRING | 0x9682bc | 0x22c | data | English | United States | 0.6151079136690647 |
RT_STRING | 0x9684e8 | 0x230 | data | English | United States | 0.6839285714285714 |
RT_STRING | 0x968718 | 0x2fe | data | English | United States | 0.46344647519582244 |
RT_STRING | 0x968a18 | 0x312 | data | English | United States | 0.6743002544529262 |
RT_STRING | 0x968d2c | 0x2e8 | data | English | United States | 0.706989247311828 |
RT_STRING | 0x969014 | 0x2f0 | data | English | United States | 0.5651595744680851 |
RT_STRING | 0x969304 | 0x1ee | data | English | United States | 0.7489878542510121 |
RT_STRING | 0x9694f4 | 0x2c0 | data | English | United States | 0.48579545454545453 |
RT_STRING | 0x9697b4 | 0x25e | data | English | United States | 0.5429042904290429 |
RT_STRING | 0x969a14 | 0x20c | data | English | United States | 0.6717557251908397 |
RT_STRING | 0x969c20 | 0x272 | data | English | United States | 0.5015974440894568 |
RT_STRING | 0x969e94 | 0x2e4 | data | English | United States | 0.6851351351351351 |
RT_STRING | 0x96a178 | 0x846 | data | English | United States | 0.40557129367327666 |
RT_STRING | 0x96a9c0 | 0x7b8 | data | English | United States | 0.4473684210526316 |
RT_STRING | 0x96b178 | 0x716 | data | English | United States | 0.5931642778390298 |
RT_STRING | 0x96b890 | 0x7c4 | data | English | United States | 0.44969818913480886 |
RT_STRING | 0x96c054 | 0x65c | data | English | United States | 0.5706388206388207 |
RT_STRING | 0x96c6b0 | 0xa9e | data | English | United States | 0.40066225165562913 |
RT_STRING | 0x96d150 | 0xa76 | data | English | United States | 0.39357729648991785 |
RT_STRING | 0x96dbc8 | 0x93c | data | English | United States | 0.5376480541455161 |
RT_STRING | 0x96e504 | 0xa4a | data | English | United States | 0.43242217160212604 |
RT_STRING | 0x96ef50 | 0x8b8 | data | English | United States | 0.5013440860215054 |
RT_STRING | 0x96f808 | 0x238 | data | English | United States | 0.6355633802816901 |
RT_STRING | 0x96fa40 | 0x1f2 | data | English | United States | 0.5120481927710844 |
RT_STRING | 0x96fc34 | 0x1de | data | English | United States | 0.7510460251046025 |
RT_STRING | 0x96fe14 | 0x200 | Targa image data - Color 1072 x 1078 x 32 +1083 +1075 "1\0040\0049\004=\0040\004." | English | United States | 0.615234375 |
RT_STRING | 0x970014 | 0x1d8 | data | English | United States | 0.6758474576271186 |
RT_STRING | 0x9701ec | 0x2fe | data | English | United States | 0.6292428198433421 |
RT_STRING | 0x9704ec | 0x376 | data | English | United States | 0.5079006772009029 |
RT_STRING | 0x970864 | 0x328 | data | English | United States | 0.681930693069307 |
RT_STRING | 0x970b8c | 0x34a | data | English | United States | 0.5653206650831354 |
RT_STRING | 0x970ed8 | 0x31e | data | English | United States | 0.6290726817042607 |
RT_STRING | 0x9711f8 | 0x5e4 | data | English | United States | 0.5663129973474801 |
RT_STRING | 0x9717dc | 0x836 | data | English | United States | 0.42055185537583256 |
RT_STRING | 0x972014 | 0x68e | data | English | United States | 0.6495828367103695 |
RT_STRING | 0x9726a4 | 0x7c2 | data | English | United States | 0.5171198388721048 |
RT_STRING | 0x972e68 | 0x72c | data | English | United States | 0.5620915032679739 |
RT_STRING | 0x973594 | 0x4c8 | data | English | United States | 0.6111111111111112 |
RT_STRING | 0x973a5c | 0x57a | data | English | United States | 0.43009985734664763 |
RT_STRING | 0x973fd8 | 0x4d6 | data | English | United States | 0.6639741518578353 |
RT_STRING | 0x9744b0 | 0x55a | data | English | United States | 0.6197080291970803 |
RT_STRING | 0x974a0c | 0x52c | data | English | United States | 0.554380664652568 |
RT_STRING | 0x974f38 | 0x5d8 | data | English | United States | 0.608957219251337 |
RT_STRING | 0x975510 | 0x95a | data | English | United States | 0.38345864661654133 |
RT_STRING | 0x975e6c | 0x876 | data | English | United States | 0.5198522622345337 |
RT_STRING | 0x9766e4 | 0x800 | data | English | United States | 0.5810546875 |
RT_STRING | 0x976ee4 | 0x8ba | data | English | United States | 0.486123545210385 |
RT_STRING | 0x9777a0 | 0x592 | data | English | United States | 0.6227208976157083 |
RT_STRING | 0x977d34 | 0x494 | data | English | United States | 0.39505119453924914 |
RT_STRING | 0x9781c8 | 0x414 | data | English | United States | 0.4272030651340996 |
RT_STRING | 0x9785dc | 0x44e | data | English | United States | 0.5444646098003629 |
RT_STRING | 0x978a2c | 0x44a | data | English | United States | 0.43169398907103823 |
RT_STRING | 0x978e78 | 0x4c0 | data | English | United States | 0.537828947368421 |
RT_STRING | 0x979338 | 0xa62 | data | English | United States | 0.41346877351392025 |
RT_STRING | 0x979d9c | 0xa88 | data | English | United States | 0.4328635014836795 |
RT_STRING | 0x97a824 | 0x946 | data | English | United States | 0.5686604886267902 |
RT_STRING | 0x97b16c | 0xa5e | data | English | United States | 0.45139412207987945 |
RT_STRING | 0x97bbcc | 0x70c | data | English | United States | 0.5609756097560976 |
RT_STRING | 0x97c2d8 | 0x14a | data | English | United States | 0.6606060606060606 |
RT_STRING | 0x97c424 | 0x136 | data | English | United States | 0.635483870967742 |
RT_STRING | 0x97c55c | 0x112 | data | English | United States | 0.9051094890510949 |
RT_STRING | 0x97c670 | 0x17a | data | English | United States | 0.6084656084656085 |
RT_STRING | 0x97c7ec | 0x104 | data | English | United States | 0.8961538461538462 |
RT_STRING | 0x97c8f0 | 0xb3a | data | English | United States | 0.4826026443980515 |
RT_STRING | 0x97d42c | 0xc7a | data | English | United States | 0.40388227927363807 |
RT_STRING | 0x97e0a8 | 0xa4c | data | English | United States | 0.571320182094082 |
RT_STRING | 0x97eaf4 | 0xb48 | data | English | United States | 0.4878808864265928 |
RT_STRING | 0x97f63c | 0xa54 | data | English | United States | 0.5268532526475038 |
RT_STRING | 0x980090 | 0xcf0 | data | English | United States | 0.5135869565217391 |
RT_STRING | 0x980d80 | 0xe28 | data | English | United States | 0.38051876379690946 |
RT_STRING | 0x981ba8 | 0xd0c | data | English | United States | 0.5586826347305389 |
RT_STRING | 0x9828b4 | 0xedc | data | English | United States | 0.47003154574132494 |
RT_STRING | 0x983790 | 0xe64 | data | English | United States | 0.503257328990228 |
RT_STRING | 0x9845f4 | 0x452 | data | English | United States | 0.6301989150090416 |
RT_STRING | 0x984a48 | 0x3f0 | data | English | United States | 0.4742063492063492 |
RT_STRING | 0x984e38 | 0x32a | data | English | United States | 0.7358024691358025 |
RT_STRING | 0x985164 | 0x34e | data | English | United States | 0.5921985815602837 |
RT_STRING | 0x9854b4 | 0x39e | data | English | United States | 0.6479481641468683 |
RT_STRING | 0x985854 | 0x6ce | data | English | United States | 0.5597014925373134 |
RT_STRING | 0x985f24 | 0xa78 | data | English | United States | 0.37089552238805973 |
RT_STRING | 0x98699c | 0x932 | data | English | United States | 0.5739167374681393 |
RT_STRING | 0x9872d0 | 0x9a8 | data | English | United States | 0.5234627831715211 |
RT_STRING | 0x987c78 | 0x9a4 | data | English | United States | 0.4813614262560778 |
RT_STRING | 0x98861c | 0x4bc | data | English | United States | 0.6452145214521452 |
RT_STRING | 0x988ad8 | 0x2aa | data | English | United States | 0.5381231671554252 |
RT_STRING | 0x988d84 | 0x27c | data | English | United States | 0.6839622641509434 |
RT_STRING | 0x989000 | 0x2a4 | data | English | United States | 0.7144970414201184 |
RT_STRING | 0x9892a4 | 0x2a0 | data | English | United States | 0.6502976190476191 |
RT_STRING | 0x989544 | 0x246 | AmigaOS bitmap font "5\016*\016\025\0162\016#\016L\016\027\016 \0162\016"\016+\016%\0161\016\007\016\031", fc_YSize 26880, 8974 elements, 2nd "s", 3rd "e" | English | United States | 0.738831615120275 |
RT_STRING | 0x98978c | 0x214 | data | English | United States | 0.5921052631578947 |
RT_STRING | 0x9899a0 | 0x23e | data | English | United States | 0.6515679442508711 |
RT_STRING | 0x989be0 | 0x27e | data | English | United States | 0.7523510971786834 |
RT_STRING | 0x989e60 | 0x21c | data | English | United States | 0.6388888888888888 |
RT_STRING | 0x98a07c | 0x386 | data | English | United States | 0.6862527716186253 |
RT_STRING | 0x98a404 | 0x8a0 | data | English | United States | 0.458786231884058 |
RT_STRING | 0x98aca4 | 0x872 | data | English | United States | 0.49167437557816834 |
RT_STRING | 0x98b518 | 0x7a4 | data | English | United States | 0.6492842535787321 |
RT_STRING | 0x98bcbc | 0x83c | data | English | United States | 0.50853889943074 |
RT_STRING | 0x98c4f8 | 0x644 | data | English | United States | 0.6315461346633416 |
RT_STRING | 0x98cb3c | 0x2c2 | AmigaOS bitmap font "3\006*\006&\006F\006'\006A\006 ", fc_YSize 4294936073, 9990 elements, 2nd "\276\011\260\011 ", 3rd "r" | English | United States | 0.5821529745042493 |
RT_STRING | 0x98ce00 | 0x2f6 | data | English | United States | 0.5672823218997362 |
RT_STRING | 0x98d0f8 | 0x27a | data | English | United States | 0.8028391167192429 |
RT_STRING | 0x98d374 | 0x2de | data | English | United States | 0.6335149863760218 |
RT_STRING | 0x98d654 | 0x276 | data | English | United States | 0.7126984126984127 |
RT_STRING | 0x98d8cc | 0x392 | data | English | United States | 0.5831509846827133 |
RT_STRING | 0x98dc60 | 0x3a8 | data | English | United States | 0.5160256410256411 |
RT_STRING | 0x98e008 | 0x31c | data | English | United States | 0.7273869346733668 |
RT_STRING | 0x98e324 | 0x386 | Targa image data - Color 1072 x 1093 x 32 +1083 +1075 "\257\0049\004;\0044\004;\0048\0049\0043\004 " | English | United States | 0.5986696230598669 |
RT_STRING | 0x98e6ac | 0x334 | data | English | United States | 0.6487804878048781 |
RT_STRING | 0x98e9e0 | 0xa24 | data | English | United States | 0.5161787365177196 |
RT_STRING | 0x98f404 | 0xbd6 | data | English | United States | 0.4062706270627063 |
RT_STRING | 0x98ffdc | 0xaf6 | data | English | United States | 0.5823235923022095 |
RT_STRING | 0x990ad4 | 0xc5a | data | English | United States | 0.48007590132827327 |
RT_STRING | 0x991730 | 0xc86 | data | English | United States | 0.5028072364316906 |
RT_STRING | 0x9923b8 | 0x952 | data | English | United States | 0.5431684828164292 |
RT_STRING | 0x992d0c | 0xabe | data | English | United States | 0.3916363636363636 |
RT_STRING | 0x9937cc | 0xa8a | data | English | United States | 0.5830244625648628 |
RT_STRING | 0x994258 | 0xb78 | data | English | United States | 0.4887602179836512 |
RT_STRING | 0x994dd0 | 0xb80 | data | English | United States | 0.5040760869565217 |
RT_STRING | 0x995950 | 0x96a | data | English | United States | 0.5439834024896265 |
RT_STRING | 0x9962bc | 0xaa2 | data | English | United States | 0.39162380602498165 |
RT_STRING | 0x996d60 | 0xa86 | data | English | United States | 0.5783221974758723 |
RT_STRING | 0x9977e8 | 0xb70 | data | English | United States | 0.5215163934426229 |
RT_STRING | 0x998358 | 0xb38 | data | English | United States | 0.4794568245125348 |
RT_STRING | 0x998e90 | 0x9c2 | data | English | United States | 0.5612489991993594 |
RT_STRING | 0x999854 | 0xc0e | data | English | United States | 0.41088788075178223 |
RT_STRING | 0x99a464 | 0xb3e | data | English | United States | 0.5111188325225852 |
RT_STRING | 0x99afa4 | 0xbac | data | English | United States | 0.5471887550200804 |
RT_STRING | 0x99bb50 | 0xb70 | data | English | United States | 0.48189890710382516 |
RT_STRING | 0x99c6c0 | 0x84e | data | English | United States | 0.5973659454374413 |
RT_STRING | 0x99cf10 | 0x7c0 | data | English | United States | 0.4329637096774194 |
RT_STRING | 0x99d6d0 | 0x7b4 | data | English | United States | 0.49898580121703856 |
RT_STRING | 0x99de84 | 0x70c | data | English | United States | 0.5909090909090909 |
RT_STRING | 0x99e590 | 0x7b0 | data | English | United States | 0.4949186991869919 |
RT_STRING | 0x99ed40 | 0x606 | data | English | United States | 0.6465629053177692 |
RT_STRING | 0x99f348 | 0x8a4 | data | English | United States | 0.4462025316455696 |
RT_STRING | 0x99fbec | 0x8d8 | data | English | United States | 0.4620141342756184 |
RT_STRING | 0x9a04c4 | 0x786 | data | English | United States | 0.6246105919003115 |
RT_STRING | 0x9a0c4c | 0x872 | Targa image data - Color 2379 x 2337 x 32 +2344 +2354 "\027\0110\011?\011\017\011\025\011K\011 " | English | United States | 0.48103607770582796 |
RT_STRING | 0x9a14c0 | 0x6f0 | data | English | United States | 0.5996621621621622 |
RT_STRING | 0x9a1bb0 | 0x896 | data | English | United States | 0.47952684258416745 |
RT_STRING | 0x9a2448 | 0x872 | data | English | United States | 0.4398704902867715 |
RT_STRING | 0x9a2cbc | 0x77a | data | English | United States | 0.6212121212121212 |
RT_STRING | 0x9a3438 | 0x824 | data | English | United States | 0.4923224568138196 |
RT_STRING | 0x9a3c5c | 0x6fc | data | English | United States | 0.5956375838926175 |
RT_STRING | 0x9a4358 | 0xdc | data | English | United States | 0.8772727272727273 |
RT_STRING | 0x9a4434 | 0xd8 | data | English | United States | 0.7407407407407407 |
RT_STRING | 0x9a450c | 0xcc | data | English | United States | 0.9215686274509803 |
RT_STRING | 0x9a45d8 | 0xf0 | data | English | United States | 0.7958333333333333 |
RT_STRING | 0x9a46c8 | 0xca | data | English | United States | 0.8712871287128713 |
RT_STRING | 0x9a4794 | 0x7da | data | English | United States | 0.5084577114427861 |
RT_STRING | 0x9a4f70 | 0x97e | data | English | United States | 0.4020576131687243 |
RT_STRING | 0x9a58f0 | 0x7ec | data | English | United States | 0.5729783037475346 |
RT_STRING | 0x9a60dc | 0x8ee | data | English | United States | 0.47112860892388453 |
RT_STRING | 0x9a69cc | 0x8ba | data | English | United States | 0.517905102954342 |
RT_STRING | 0x9a7288 | 0x1f20 | data | English | United States | 0.38679718875502006 |
RT_STRING | 0x9a91a8 | 0x2b14 | data | English | United States | 0.2920747188973522 |
RT_STRING | 0x9abcbc | 0x2756 | CLIPPER COFF executable (VAX #) not stripped - version 71 | English | United States | 0.40625620655412115 |
RT_STRING | 0x9ae414 | 0x2aee | data | English | United States | 0.34795268425841674 |
RT_STRING | 0x9b0f04 | 0x27b2 | data | English | United States | 0.37699271796890377 |
RT_STRING | 0x9b36b8 | 0xc1c | data | English | United States | 0.4483870967741935 |
RT_STRING | 0x9b42d4 | 0x364 | data | English | United States | 0.3467741935483871 |
RT_STRING | 0x9b4638 | 0x32a | data | English | United States | 0.5530864197530864 |
RT_STRING | 0x9b4964 | 0x33e | data | English | United States | 0.4867469879518072 |
RT_STRING | 0x9b4ca4 | 0x330 | data | English | United States | 0.4215686274509804 |
RT_STRING | 0x9b4fd4 | 0x340 | data | English | United States | 0.6153846153846154 |
RT_STRING | 0x9b5314 | 0x3ae | data | English | United States | 0.4447983014861996 |
RT_STRING | 0x9b56c4 | 0x366 | data | English | United States | 0.6091954022988506 |
RT_STRING | 0x9b5a2c | 0x3b0 | data | English | United States | 0.6038135593220338 |
RT_STRING | 0x9b5ddc | 0x390 | data | English | United States | 0.5537280701754386 |
RT_STRING | 0x9b616c | 0x2f4 | data | English | United States | 0.6917989417989417 |
RT_STRING | 0x9b6460 | 0x332 | Targa image data - RLE 1074 x 1072 x 32 +1072 +1082 "A\0045\004 " | English | United States | 0.5158924205378973 |
RT_STRING | 0x9b6794 | 0x36c | data | English | United States | 0.5901826484018264 |
RT_STRING | 0x9b6b00 | 0x376 | data | English | United States | 0.6557562076749436 |
RT_STRING | 0x9b6e78 | 0x33e | data | English | United States | 0.5783132530120482 |
RT_STRING | 0x9b71b8 | 0x4b4 | data | English | United States | 0.6395348837209303 |
RT_STRING | 0x9b766c | 0xba2 | data | English | United States | 0.40597716588314303 |
RT_STRING | 0x9b8210 | 0xc80 | data | English | United States | 0.4353125 |
RT_STRING | 0x9b8e90 | 0xb54 | data | English | United States | 0.5582758620689655 |
RT_STRING | 0x9b99e4 | 0xb5c | data | English | United States | 0.4470426409903714 |
RT_STRING | 0x9ba540 | 0x9b8 | data | English | United States | 0.5542604501607717 |
RT_STRING | 0x9baef8 | 0x86e | data | English | United States | 0.4712696941612604 |
RT_STRING | 0x9bb768 | 0x8ec | data | English | United States | 0.44089316987740806 |
RT_STRING | 0x9bc054 | 0x7d2 | data | English | United States | 0.5934065934065934 |
RT_STRING | 0x9bc828 | 0x7d4 | data | English | United States | 0.49650698602794413 |
RT_STRING | 0x9bcffc | 0x748 | data | English | United States | 0.5574034334763949 |
RT_GROUP_ICON | 0x9bd744 | 0x5a | data | English | United States | 0.7333333333333333 |
RT_VERSION | 0x9bd7a0 | 0x488 | data | English | United States | 0.4387931034482759 |
RT_MANIFEST | 0x9bdc28 | 0x3d2 | XML 1.0 document, ASCII text, with very long lines (864) | English | United States | 0.5398773006134969 |
DLL | Import |
---|---|
ADVAPI32.dll | AddAce, AdjustTokenPrivileges, AllocateAndInitializeSid, BuildTrusteeWithSidW, ChangeServiceConfig2W, ChangeServiceConfigW, CheckTokenMembership, CloseServiceHandle, ConvertSidToStringSidW, ConvertStringSidToSidW, CopySid, CreateProcessAsUserW, CreateProcessWithTokenW, CreateServiceW, DeleteService, DuplicateTokenEx, EqualSid, FreeSid, GetAce, GetAclInformation, GetLengthSid, GetNamedSecurityInfoW, GetSecurityDescriptorControl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorLength, GetSecurityDescriptorOwner, GetSecurityDescriptorSacl, GetSecurityInfo, GetSidIdentifierAuthority, GetSidLengthRequired, GetSidSubAuthority, GetSidSubAuthorityCount, GetTokenInformation, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, ImpersonateLoggedOnUser, InitializeAcl, InitializeSecurityDescriptor, InitializeSid, IsValidAcl, IsValidSecurityDescriptor, IsValidSid, LookupAccountSidW, LookupPrivilegeValueW, MakeAbsoluteSD, MakeSelfRelativeSD, OpenProcessToken, OpenSCManagerW, OpenServiceW, OpenThreadToken, QueryServiceConfigW, RegCloseKey, RegCreateKeyExW, RegDeleteKeyExW, RegDeleteValueW, RegEnumKeyExW, RegEnumValueW, RegOpenKeyExW, RegQueryInfoKeyW, RegQueryValueExW, RegSetValueExW, RegisterTraceGuidsW, RevertToSelf, SetEntriesInAclW, SetNamedSecurityInfoW, SetSecurityDescriptorDacl, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, SetSecurityInfo, TraceEvent, UnregisterTraceGuids |
dbghelp.dll | SymCleanup, SymFromAddr, SymGetLineFromAddr64, SymGetSearchPathW, SymInitialize, SymSetOptions, SymSetSearchPathW |
OLEAUT32.dll | LoadTypeLib, SafeArrayAccessData, SafeArrayCreateVector, SafeArrayDestroy, SafeArrayGetDim, SafeArrayGetLBound, SafeArrayGetUBound, SafeArrayGetVartype, SafeArrayUnaccessData, SysAllocString, SysAllocStringByteLen, SysAllocStringLen, SysFreeString, SysStringLen, SystemTimeToVariantTime, VariantClear |
SHELL32.dll | CommandLineToArgvW, SHGetFolderPathW, SHGetKnownFolderPath, ShellExecuteExW |
USER32.dll | AllowSetForegroundWindow, CharUpperW, CreateDialogParamW, CreateWindowExW, DefWindowProcW, DestroyIcon, DestroyWindow, DispatchMessageW, GetActiveWindow, GetClientRect, GetMessageW, GetMonitorInfoW, GetParent, GetQueueStatus, GetShellWindow, GetSystemMetrics, GetWindow, GetWindowLongW, GetWindowRect, GetWindowThreadProcessId, KillTimer, LoadImageW, MapWindowPoints, MessageBoxExW, MonitorFromWindow, MsgWaitForMultipleObjectsEx, PeekMessageW, PostMessageW, PostQuitMessage, RegisterClassExW, SendMessageW, SetForegroundWindow, SetTimer, SetWindowLongW, SetWindowPos, SetWindowTextW, ShowWindow, TranslateMessage, UnregisterClassW |
KERNEL32.dll | AcquireSRWLockExclusive, AcquireSRWLockShared, AssignProcessToJobObject, CloseHandle, CompareStringW, ConnectNamedPipe, CopyFileW, CreateDirectoryW, CreateEventW, CreateFileA, CreateFileMappingW, CreateFileW, CreateIoCompletionPort, CreateMutexW, CreateNamedPipeW, CreateProcessW, CreateThread, CreateToolhelp32Snapshot, DecodePointer, DeleteCriticalSection, DeleteFileW, DeleteProcThreadAttributeList, DuplicateHandle, EncodePointer, EnterCriticalSection, EnumResourceNamesW, EnumSystemLocalesW, ExitProcess, ExpandEnvironmentStringsW, FileTimeToLocalFileTime, FileTimeToSystemTime, FindClose, FindFirstFileExW, FindNextFileW, FindResourceW, FlushFileBuffers, FlushInstructionCache, FlushViewOfFile, FormatMessageW, FreeEnvironmentStringsW, FreeLibrary, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetComputerNameW, GetConsoleMode, GetConsoleOutputCP, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatW, GetDiskFreeSpaceExW, GetDriveTypeW, GetEnvironmentStringsW, GetEnvironmentVariableW, GetExitCodeProcess, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileSizeEx, GetFileType, GetFullPathNameW, GetLastError, GetLocalTime, GetLocaleInfoW, GetLogicalProcessorInformation, GetLogicalProcessorInformationEx, GetLongPathNameW, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExW, GetModuleHandleW, GetNativeSystemInfo, GetOEMCP, GetProcAddress, GetProcessHeap, GetProcessId, GetProcessMitigationPolicy, GetProcessTimes, GetProductInfo, GetQueuedCompletionStatus, GetStartupInfoW, GetStdHandle, GetStringTypeW, GetSystemDirectoryW, GetSystemInfo, GetSystemTimeAsFileTime, GetSystemTimePreciseAsFileTime, GetTempPathW, GetThreadId, GetThreadPreferredUILanguages, GetThreadPriority, GetTickCount, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserPreferredUILanguages, GetVersionExW, GetWindowsDirectoryW, GlobalAlloc, GlobalFree, GlobalMemoryStatusEx, HeapAlloc, HeapDestroy, HeapFree, HeapReAlloc, HeapSetInformation, HeapSize, InitOnceExecuteOnce, InitializeConditionVariable, InitializeCriticalSectionAndSpinCount, InitializeCriticalSectionEx, InitializeProcThreadAttributeList, InitializeSListHead, InitializeSRWLock, InterlockedPopEntrySList, InterlockedPushEntrySList, IsDebuggerPresent, IsProcessorFeaturePresent, IsValidCodePage, IsValidLocale, IsWow64Process, K32GetModuleInformation, LCMapStringW, LeaveCriticalSection, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadResource, LocalFree, LockFileEx, LockResource, MapViewOfFile, MoveFileExW, MoveFileW, MultiByteToWideChar, OpenProcess, OutputDebugStringA, OutputDebugStringW, PostQueuedCompletionStatus, Process32FirstW, Process32NextW, ProcessIdToSessionId, QueryFullProcessImageNameW, QueryPerformanceCounter, QueryPerformanceFrequency, QueryThreadCycleTime, RaiseException, ReadConsoleW, ReadFile, ReleaseMutex, ReleaseSRWLockExclusive, ReleaseSRWLockShared, RemoveDirectoryW, ReplaceFileW, ResetEvent, RtlCaptureStackBackTrace, RtlUnwind, SetCurrentDirectoryW, SetEndOfFile, SetEnvironmentVariableW, SetEvent, SetFileAttributesW, SetFileInformationByHandle, SetFilePointer, SetFilePointerEx, SetFileTime, SetHandleInformation, SetLastError, SetProcessWorkingSetSize, SetStdHandle, SetThreadInformation, SetThreadPriority, SetUnhandledExceptionFilter, SizeofResource, Sleep, SleepConditionVariableSRW, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateProcess, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, TryAcquireSRWLockExclusive, TzSpecificLocalTimeToSystemTime, UnhandledExceptionFilter, UnlockFileEx, UnmapViewOfFile, UnregisterWaitEx, UpdateProcThreadAttribute, VerSetConditionMask, VerifyVersionInfoW, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, WTSGetActiveConsoleSessionId, WaitForMultipleObjects, WaitForSingleObject, WaitNamedPipeW, WakeAllConditionVariable, WakeConditionVariable, WideCharToMultiByte, WriteConsoleW, WriteFile, lstrcmpiW |
ole32.dll | CoAddRefServerProcess, CoCreateInstance, CoGetCallContext, CoInitializeEx, CoRegisterClassObject, CoRegisterInitializeSpy, CoReleaseServerProcess, CoResumeClassObjects, CoRevokeClassObject, CoRevokeInitializeSpy, CoSetProxyBlanket, CoTaskMemFree, CoUninitialize, IIDFromString, StringFromGUID2 |
Secur32.dll | GetUserNameExW |
WTSAPI32.dll | WTSEnumerateSessionsW, WTSFreeMemory, WTSQuerySessionInformationW |
USERENV.dll | CreateEnvironmentBlock, DestroyEnvironmentBlock, EnterCriticalPolicySection, LeaveCriticalPolicySection, UnloadUserProfile |
WINHTTP.dll | WinHttpAddRequestHeaders, WinHttpCloseHandle, WinHttpConnect, WinHttpGetProxyForUrl, WinHttpOpen, WinHttpOpenRequest, WinHttpQueryHeaders, WinHttpReadData, WinHttpReceiveResponse, WinHttpSendRequest, WinHttpSetOption, WinHttpSetStatusCallback |
SHLWAPI.dll | PathMatchSpecW |
ntdll.dll | NtDeleteKey |
WINMM.dll | timeBeginPeriod, timeEndPeriod, timeGetTime |
api-ms-win-core-winrt-l1-1-0.dll | RoInitialize, RoUninitialize |
Name | Ordinal | Address |
---|---|---|
GetHandleVerifier | 1 | 0x4b3750 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 12:29:11 |
Start date: | 23/10/2024 |
Path: | C:\Users\user\Desktop\connector_installer.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x4c0000 |
File size: | 10'219'392 bytes |
MD5 hash: | E6C6E9F4F0597BDFBA49A8725945C5CE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Target ID: | 1 |
Start time: | 12:29:12 |
Start date: | 23/10/2024 |
Path: | C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x940000 |
File size: | 5'507'168 bytes |
MD5 hash: | E2937E33C2554EECC37C804A7F99F8B7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Antivirus matches: |
|
Reputation: | low |
Has exited: | false |
Target ID: | 2 |
Start time: | 12:29:12 |
Start date: | 23/10/2024 |
Path: | C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x940000 |
File size: | 5'507'168 bytes |
MD5 hash: | E2937E33C2554EECC37C804A7F99F8B7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |