IOC Report
connector_installer.exe

loading gif

Files

File Path
Type
Category
Malicious
connector_installer.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
malicious
C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\uninstall.cmd
DOS batch file, ASCII text, with CRLF line terminators
dropped
C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\updater.exe
PE32 executable (GUI) Intel 80386, for MS Windows
dropped
C:\Program Files (x86)\Google\GoogleUpdater\d7ea94e0-0c53-44c7-bf0e-8441f89d08c6.tmp
JSON data
dropped
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json (copy)
JSON data
dropped
C:\Program Files (x86)\Google\GoogleUpdater\updater.log
ASCII text, with very long lines (515)
modified
C:\Windows\SystemTemp\Google7316_551467776\UPDATER.PACKED.7Z
7-zip archive data, version 0.4
dropped
C:\Windows\SystemTemp\Google7316_61980551\bin\uninstall.cmd
DOS batch file, ASCII text, with CRLF line terminators
dropped
C:\Windows\SystemTemp\Google7316_61980551\updater.7z
7-zip archive data, version 0.4
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe
"C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe" --install=appguid={79CA0169-DEE3-4588-AB99-0FFBD277EEE0}&iid={A7BF5C8D-E83D-89A6-5A3B-0F5DCC3906D6}&lang=en&browser=4&usagestats=0&appname=Google%20Cloud%20Certificate%20Connector&needsadmin=true --enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2
malicious
C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe
C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\Crashpad" --url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=131.0.6776.0 "--attachment=C:\Program Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8
malicious
C:\Users\user\Desktop\connector_installer.exe
"C:\Users\user\Desktop\connector_installer.exe"

URLs

Name
IP
Malicious
http://html4/loose.dtd
unknown
http://support.google.com/installer/%s?product=%s&error=%d
unknown
http://support.google.com/installer/?product=&error=75035
unknown
http://support.google.com/installer/?product=&error=75035kXXcG
unknown
https://crashpad.chromium.org/
unknown
http://.css
unknown
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
unknown
https://m.google.com/devicemanagement/data/api
unknown
http://.jpg
unknown
https://crashpad.chromium.org/bug/new
unknown
https://dl.google.com/update2/installers/icons/
unknown
http://support.google.com/installer/
unknown
There are 2 hidden URLs, click here to show them.

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}
pv
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}
name
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7405F538-1185-5D46-BDE0-8FD5C0DBFF39}
AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7405F538-1185-5D46-BDE0-8FD5C0DBFF39}
LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7405F538-1185-5D46-BDE0-8FD5C0DBFF39}
ServiceParameters
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC1132BC-C84F-5D90-9BB6-3D44C6394B28}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC1132BC-C84F-5D90-9BB6-3D44C6394B28}\ProxyStubClsid32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC1132BC-C84F-5D90-9BB6-3D44C6394B28}\TypeLib
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC1132BC-C84F-5D90-9BB6-3D44C6394B28}\TypeLib
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC1132BC-C84F-5D90-9BB6-3D44C6394B28}\1.0\0\win32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC1132BC-C84F-5D90-9BB6-3D44C6394B28}\1.0
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}\TypeLib
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}\ProxyStubClsid32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}\TypeLib
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}\TypeLib
Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}\1.0\0\win32
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}\1.0
NULL
There are 8 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
73C0000
heap
page read and write
56304000
direct allocation
page read and write
400000
heap
page read and write
52A0000
heap
page read and write
562BC000
direct allocation
page read and write
DEC000
unkown
page readonly
586F9000
direct allocation
page read and write
41C50000
direct allocation
page read and write
970F000
stack
page read and write
4F90000
heap
page read and write
4FE0000
heap
page read and write
D19000
unkown
page readonly
586C8000
direct allocation
page read and write
6F34000
heap
page read and write
71AF000
stack
page read and write
549B000
stack
page read and write
562DC000
direct allocation
page read and write
DDA000
unkown
page read and write
8AD000
unkown
page execute read
5287000
heap
page read and write
41C88000
direct allocation
page read and write
748E000
stack
page read and write
56318000
direct allocation
page read and write
56214000
direct allocation
page read and write
6EEC000
stack
page read and write
891000
unkown
page read and write
586E8000
direct allocation
page read and write
58614000
direct allocation
page read and write
974E000
stack
page read and write
41CBC000
direct allocation
page read and write
5387000
heap
page read and write
41C6C000
direct allocation
page read and write
722E000
stack
page read and write
4F2C000
stack
page read and write
58638000
direct allocation
page read and write
73B0000
heap
page read and write
734F000
stack
page read and write
50A0000
heap
page read and write
5298000
heap
page read and write
41C78000
direct allocation
page read and write
41C70000
direct allocation
page read and write
8A6000
unkown
page read and write
7C8E000
stack
page read and write
4A0000
heap
page read and write
6C7F000
stack
page read and write
940000
unkown
page readonly
8AE000
unkown
page readonly
589D000
stack
page read and write
41C24000
direct allocation
page read and write
DEC000
unkown
page readonly
56270000
direct allocation
page read and write
490000
heap
page read and write
586F4000
direct allocation
page read and write
562FC000
direct allocation
page read and write
586B8000
direct allocation
page read and write
5860C000
direct allocation
page read and write
41C28000
direct allocation
page read and write
5275000
heap
page read and write
527C000
heap
page read and write
56250000
direct allocation
page read and write
7EAE000
stack
page read and write
41CB0000
direct allocation
page read and write
940000
unkown
page readonly
562BE000
direct allocation
page read and write
56260000
direct allocation
page read and write
56A0000
heap
page read and write
5866C000
direct allocation
page read and write
5706000
heap
page read and write
4CA0C000
direct allocation
page read and write
50E0000
heap
page read and write
4C0000
unkown
page readonly
58688000
direct allocation
page read and write
8AE000
unkown
page readonly
52604000
direct allocation
page read and write
941000
unkown
page execute read
5625C000
direct allocation
page read and write
562F4000
direct allocation
page read and write
58634000
direct allocation
page read and write
DDA000
unkown
page read and write
562DC000
direct allocation
page read and write
5272000
heap
page read and write
4FFE000
stack
page read and write
9881000
heap
page read and write
5631C000
direct allocation
page read and write
4CA04000
direct allocation
page read and write
5262000
heap
page read and write
56308000
direct allocation
page read and write
9C000
stack
page read and write
56314000
direct allocation
page read and write
5626C000
direct allocation
page read and write
5386000
heap
page read and write
562B8000
direct allocation
page read and write
DEC000
unkown
page readonly
586D0000
direct allocation
page read and write
19B000
stack
page read and write
4F8F000
stack
page read and write
DD6000
unkown
page read and write
41C0C000
direct allocation
page read and write
7F6000
unkown
page readonly
5275000
heap
page read and write
41C04000
direct allocation
page read and write
41C01000
direct allocation
page read and write
586FC000
direct allocation
page read and write
DE0000
unkown
page execute read
8AD000
unkown
page execute read
D43000
unkown
page readonly
940000
unkown
page readonly
5123000
heap
page read and write
586D4000
direct allocation
page read and write
74BC000
stack
page read and write
DE0000
unkown
page execute read
4FBE000
stack
page read and write
41C14000
direct allocation
page read and write
52608000
direct allocation
page read and write
41CE8000
direct allocation
page read and write
58648000
direct allocation
page read and write
DC2000
unkown
page read and write
54C0000
heap
page read and write
41CB8000
direct allocation
page read and write
6F2E000
stack
page read and write
58670000
direct allocation
page read and write
41C34000
direct allocation
page read and write
56288000
direct allocation
page read and write
41C5C000
direct allocation
page read and write
41C60000
direct allocation
page read and write
562AC000
direct allocation
page read and write
56224000
direct allocation
page read and write
562E8000
direct allocation
page read and write
D19000
unkown
page readonly
41CD4000
direct allocation
page read and write
562E8000
direct allocation
page read and write
58628000
direct allocation
page read and write
56240000
direct allocation
page read and write
DC2000
unkown
page read and write
998F000
heap
page read and write
DEC000
unkown
page readonly
984F000
stack
page read and write
940000
unkown
page readonly
90C000
stack
page read and write
960E000
stack
page read and write
D19000
unkown
page readonly
41C48000
direct allocation
page read and write
7D0C000
stack
page read and write
DC2000
unkown
page write copy
56314000
direct allocation
page read and write
5278000
heap
page read and write
58698000
direct allocation
page read and write
4C1000
unkown
page execute read
5000000
heap
page read and write
723F000
stack
page read and write
5329000
heap
page read and write
586BC000
direct allocation
page read and write
71EE000
stack
page read and write
DE1000
unkown
page readonly
DE0000
unkown
page execute read
6E7F000
stack
page read and write
79B0000
heap
page read and write
586AC000
direct allocation
page read and write
DC5000
unkown
page write copy
8A1000
unkown
page read and write
4A9000
heap
page read and write
58650000
direct allocation
page read and write
5865C000
direct allocation
page read and write
562C1000
direct allocation
page read and write
533F000
heap
page read and write
DE1000
unkown
page readonly
5900000
heap
page read and write
DE1000
unkown
page readonly
41C38000
direct allocation
page read and write
52A0000
heap
page read and write
4F9D000
stack
page read and write
4C1000
unkown
page execute read
4A6000
heap
page read and write
56278000
direct allocation
page read and write
529F000
heap
page read and write
5260C000
direct allocation
page read and write
5620C000
direct allocation
page read and write
DC5000
unkown
page write copy
58660000
direct allocation
page read and write
9980000
trusted library allocation
page read and write
562B8000
direct allocation
page read and write
529F000
heap
page read and write
88F000
unkown
page read and write
50E8000
heap
page read and write
4FD0000
heap
page read and write
52FC000
stack
page read and write
7240000
heap
page read and write
5320000
heap
page read and write
DC4000
unkown
page read and write
562FC000
direct allocation
page read and write
941000
unkown
page execute read
744F000
stack
page read and write
50A4000
heap
page read and write
7FAF000
stack
page read and write
7450000
trusted library allocation
page read and write
195000
stack
page read and write
7F6000
unkown
page readonly
4CA08000
direct allocation
page read and write
7D8F000
stack
page read and write
941000
unkown
page execute read
75E0000
heap
page read and write
4C0000
unkown
page readonly
41C98000
direct allocation
page read and write
58678000
direct allocation
page read and write
56201000
direct allocation
page read and write
DC6000
unkown
page read and write
562CC000
direct allocation
page read and write
9880000
heap
page read and write
88F000
unkown
page write copy
58624000
direct allocation
page read and write
5283000
heap
page read and write
5230000
heap
page read and write
DE0000
unkown
page execute read
890000
unkown
page write copy
504E000
stack
page read and write
586E0000
direct allocation
page read and write
713C000
stack
page read and write
941000
unkown
page execute read
58604000
direct allocation
page read and write
5700000
heap
page read and write
DC6000
unkown
page read and write
56204000
direct allocation
page read and write
5220000
heap
page readonly
56228000
direct allocation
page read and write
41CD0000
direct allocation
page read and write
19F000
stack
page read and write
4FE0000
heap
page read and write
58DE000
stack
page read and write
52618000
direct allocation
page read and write
56230000
direct allocation
page read and write
5238000
heap
page read and write
73B7000
stack
page read and write
6F30000
heap
page read and write
41CAC000
direct allocation
page read and write
DC2000
unkown
page write copy
D19000
unkown
page readonly
DE1000
unkown
page readonly
DCA000
unkown
page read and write
510C000
heap
page read and write
58601000
direct allocation
page read and write
D43000
unkown
page readonly
56298000
direct allocation
page read and write
758F000
stack
page read and write
DCA000
unkown
page read and write
41CC8000
direct allocation
page read and write
DC3000
unkown
page write copy
5623C000
direct allocation
page read and write
6D7E000
stack
page read and write
41CDC000
direct allocation
page read and write
7C0E000
stack
page read and write
5380000
heap
page read and write
There are 241 hidden memdumps, click here to show them.