Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
connector_installer.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\uninstall.cmd
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\updater.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
C:\Program Files (x86)\Google\GoogleUpdater\d7ea94e0-0c53-44c7-bf0e-8441f89d08c6.tmp
|
JSON data
|
dropped
|
||
C:\Program Files (x86)\Google\GoogleUpdater\prefs.json (copy)
|
JSON data
|
dropped
|
||
C:\Program Files (x86)\Google\GoogleUpdater\updater.log
|
ASCII text, with very long lines (515)
|
modified
|
||
C:\Windows\SystemTemp\Google7316_551467776\UPDATER.PACKED.7Z
|
7-zip archive data, version 0.4
|
dropped
|
||
C:\Windows\SystemTemp\Google7316_61980551\bin\uninstall.cmd
|
DOS batch file, ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Windows\SystemTemp\Google7316_61980551\updater.7z
|
7-zip archive data, version 0.4
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe
|
"C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe" --install=appguid={79CA0169-DEE3-4588-AB99-0FFBD277EEE0}&iid={A7BF5C8D-E83D-89A6-5A3B-0F5DCC3906D6}&lang=en&browser=4&usagestats=0&appname=Google%20Cloud%20Certificate%20Connector&needsadmin=true
--enable-logging --vmodule=*/components/winhttp/*=1,*/components/update_client/*=2,*/chrome/enterprise_companion/*=2,*/chrome/updater/*=2
|
||
C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe
|
C:\Windows\SystemTemp\Google7316_61980551\bin\updater.exe --crash-handler --system "--database=C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\Crashpad"
--url=https://clients2.google.com/cr/report --annotation=prod=Update4 --annotation=ver=131.0.6776.0 "--attachment=C:\Program
Files (x86)\Google\GoogleUpdater\updater.log" --initial-client-data=0x28c,0x290,0x294,0x268,0x298,0xdd6290,0xdd629c,0xdd62a8
|
||
C:\Users\user\Desktop\connector_installer.exe
|
"C:\Users\user\Desktop\connector_installer.exe"
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://html4/loose.dtd
|
unknown
|
||
http://support.google.com/installer/%s?product=%s&error=%d
|
unknown
|
||
http://support.google.com/installer/?product=&error=75035
|
unknown
|
||
http://support.google.com/installer/?product=&error=75035kXXcG
|
unknown
|
||
https://crashpad.chromium.org/
|
unknown
|
||
http://.css
|
unknown
|
||
https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
|
unknown
|
||
https://m.google.com/devicemanagement/data/api
|
unknown
|
||
http://.jpg
|
unknown
|
||
https://crashpad.chromium.org/bug/new
|
unknown
|
||
https://dl.google.com/update2/installers/icons/
|
unknown
|
||
http://support.google.com/installer/
|
unknown
|
There are 2 hidden URLs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}
|
pv
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\Clients\{44fc7fe2-65ce-487c-93f4-edee46eeaaab}
|
name
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{7405F538-1185-5D46-BDE0-8FD5C0DBFF39}
|
AppID
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7405F538-1185-5D46-BDE0-8FD5C0DBFF39}
|
LocalService
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{7405F538-1185-5D46-BDE0-8FD5C0DBFF39}
|
ServiceParameters
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC1132BC-C84F-5D90-9BB6-3D44C6394B28}
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC1132BC-C84F-5D90-9BB6-3D44C6394B28}\ProxyStubClsid32
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC1132BC-C84F-5D90-9BB6-3D44C6394B28}\TypeLib
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FC1132BC-C84F-5D90-9BB6-3D44C6394B28}\TypeLib
|
Version
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC1132BC-C84F-5D90-9BB6-3D44C6394B28}\1.0\0\win32
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC1132BC-C84F-5D90-9BB6-3D44C6394B28}\1.0
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}\TypeLib
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}\ProxyStubClsid32
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}\TypeLib
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}\TypeLib
|
Version
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}\1.0\0\win32
|
NULL
|
||
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D5BB0C40-8078-5D97-80DD-2C8F4510263D}\1.0
|
NULL
|
There are 8 hidden registries, click here to show them.
Memdumps
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
---|---|---|---|---|
73C0000
|
heap
|
page read and write
|
||
56304000
|
direct allocation
|
page read and write
|
||
400000
|
heap
|
page read and write
|
||
52A0000
|
heap
|
page read and write
|
||
562BC000
|
direct allocation
|
page read and write
|
||
DEC000
|
unkown
|
page readonly
|
||
586F9000
|
direct allocation
|
page read and write
|
||
41C50000
|
direct allocation
|
page read and write
|
||
970F000
|
stack
|
page read and write
|
||
4F90000
|
heap
|
page read and write
|
||
4FE0000
|
heap
|
page read and write
|
||
D19000
|
unkown
|
page readonly
|
||
586C8000
|
direct allocation
|
page read and write
|
||
6F34000
|
heap
|
page read and write
|
||
71AF000
|
stack
|
page read and write
|
||
549B000
|
stack
|
page read and write
|
||
562DC000
|
direct allocation
|
page read and write
|
||
DDA000
|
unkown
|
page read and write
|
||
8AD000
|
unkown
|
page execute read
|
||
5287000
|
heap
|
page read and write
|
||
41C88000
|
direct allocation
|
page read and write
|
||
748E000
|
stack
|
page read and write
|
||
56318000
|
direct allocation
|
page read and write
|
||
56214000
|
direct allocation
|
page read and write
|
||
6EEC000
|
stack
|
page read and write
|
||
891000
|
unkown
|
page read and write
|
||
586E8000
|
direct allocation
|
page read and write
|
||
58614000
|
direct allocation
|
page read and write
|
||
974E000
|
stack
|
page read and write
|
||
41CBC000
|
direct allocation
|
page read and write
|
||
5387000
|
heap
|
page read and write
|
||
41C6C000
|
direct allocation
|
page read and write
|
||
722E000
|
stack
|
page read and write
|
||
4F2C000
|
stack
|
page read and write
|
||
58638000
|
direct allocation
|
page read and write
|
||
73B0000
|
heap
|
page read and write
|
||
734F000
|
stack
|
page read and write
|
||
50A0000
|
heap
|
page read and write
|
||
5298000
|
heap
|
page read and write
|
||
41C78000
|
direct allocation
|
page read and write
|
||
41C70000
|
direct allocation
|
page read and write
|
||
8A6000
|
unkown
|
page read and write
|
||
7C8E000
|
stack
|
page read and write
|
||
4A0000
|
heap
|
page read and write
|
||
6C7F000
|
stack
|
page read and write
|
||
940000
|
unkown
|
page readonly
|
||
8AE000
|
unkown
|
page readonly
|
||
589D000
|
stack
|
page read and write
|
||
41C24000
|
direct allocation
|
page read and write
|
||
DEC000
|
unkown
|
page readonly
|
||
56270000
|
direct allocation
|
page read and write
|
||
490000
|
heap
|
page read and write
|
||
586F4000
|
direct allocation
|
page read and write
|
||
562FC000
|
direct allocation
|
page read and write
|
||
586B8000
|
direct allocation
|
page read and write
|
||
5860C000
|
direct allocation
|
page read and write
|
||
41C28000
|
direct allocation
|
page read and write
|
||
5275000
|
heap
|
page read and write
|
||
527C000
|
heap
|
page read and write
|
||
56250000
|
direct allocation
|
page read and write
|
||
7EAE000
|
stack
|
page read and write
|
||
41CB0000
|
direct allocation
|
page read and write
|
||
940000
|
unkown
|
page readonly
|
||
562BE000
|
direct allocation
|
page read and write
|
||
56260000
|
direct allocation
|
page read and write
|
||
56A0000
|
heap
|
page read and write
|
||
5866C000
|
direct allocation
|
page read and write
|
||
5706000
|
heap
|
page read and write
|
||
4CA0C000
|
direct allocation
|
page read and write
|
||
50E0000
|
heap
|
page read and write
|
||
4C0000
|
unkown
|
page readonly
|
||
58688000
|
direct allocation
|
page read and write
|
||
8AE000
|
unkown
|
page readonly
|
||
52604000
|
direct allocation
|
page read and write
|
||
941000
|
unkown
|
page execute read
|
||
5625C000
|
direct allocation
|
page read and write
|
||
562F4000
|
direct allocation
|
page read and write
|
||
58634000
|
direct allocation
|
page read and write
|
||
DDA000
|
unkown
|
page read and write
|
||
562DC000
|
direct allocation
|
page read and write
|
||
5272000
|
heap
|
page read and write
|
||
4FFE000
|
stack
|
page read and write
|
||
9881000
|
heap
|
page read and write
|
||
5631C000
|
direct allocation
|
page read and write
|
||
4CA04000
|
direct allocation
|
page read and write
|
||
5262000
|
heap
|
page read and write
|
||
56308000
|
direct allocation
|
page read and write
|
||
9C000
|
stack
|
page read and write
|
||
56314000
|
direct allocation
|
page read and write
|
||
5626C000
|
direct allocation
|
page read and write
|
||
5386000
|
heap
|
page read and write
|
||
562B8000
|
direct allocation
|
page read and write
|
||
DEC000
|
unkown
|
page readonly
|
||
586D0000
|
direct allocation
|
page read and write
|
||
19B000
|
stack
|
page read and write
|
||
4F8F000
|
stack
|
page read and write
|
||
DD6000
|
unkown
|
page read and write
|
||
41C0C000
|
direct allocation
|
page read and write
|
||
7F6000
|
unkown
|
page readonly
|
||
5275000
|
heap
|
page read and write
|
||
41C04000
|
direct allocation
|
page read and write
|
||
41C01000
|
direct allocation
|
page read and write
|
||
586FC000
|
direct allocation
|
page read and write
|
||
DE0000
|
unkown
|
page execute read
|
||
8AD000
|
unkown
|
page execute read
|
||
D43000
|
unkown
|
page readonly
|
||
940000
|
unkown
|
page readonly
|
||
5123000
|
heap
|
page read and write
|
||
586D4000
|
direct allocation
|
page read and write
|
||
74BC000
|
stack
|
page read and write
|
||
DE0000
|
unkown
|
page execute read
|
||
4FBE000
|
stack
|
page read and write
|
||
41C14000
|
direct allocation
|
page read and write
|
||
52608000
|
direct allocation
|
page read and write
|
||
41CE8000
|
direct allocation
|
page read and write
|
||
58648000
|
direct allocation
|
page read and write
|
||
DC2000
|
unkown
|
page read and write
|
||
54C0000
|
heap
|
page read and write
|
||
41CB8000
|
direct allocation
|
page read and write
|
||
6F2E000
|
stack
|
page read and write
|
||
58670000
|
direct allocation
|
page read and write
|
||
41C34000
|
direct allocation
|
page read and write
|
||
56288000
|
direct allocation
|
page read and write
|
||
41C5C000
|
direct allocation
|
page read and write
|
||
41C60000
|
direct allocation
|
page read and write
|
||
562AC000
|
direct allocation
|
page read and write
|
||
56224000
|
direct allocation
|
page read and write
|
||
562E8000
|
direct allocation
|
page read and write
|
||
D19000
|
unkown
|
page readonly
|
||
41CD4000
|
direct allocation
|
page read and write
|
||
562E8000
|
direct allocation
|
page read and write
|
||
58628000
|
direct allocation
|
page read and write
|
||
56240000
|
direct allocation
|
page read and write
|
||
DC2000
|
unkown
|
page read and write
|
||
998F000
|
heap
|
page read and write
|
||
DEC000
|
unkown
|
page readonly
|
||
984F000
|
stack
|
page read and write
|
||
940000
|
unkown
|
page readonly
|
||
90C000
|
stack
|
page read and write
|
||
960E000
|
stack
|
page read and write
|
||
D19000
|
unkown
|
page readonly
|
||
41C48000
|
direct allocation
|
page read and write
|
||
7D0C000
|
stack
|
page read and write
|
||
DC2000
|
unkown
|
page write copy
|
||
56314000
|
direct allocation
|
page read and write
|
||
5278000
|
heap
|
page read and write
|
||
58698000
|
direct allocation
|
page read and write
|
||
4C1000
|
unkown
|
page execute read
|
||
5000000
|
heap
|
page read and write
|
||
723F000
|
stack
|
page read and write
|
||
5329000
|
heap
|
page read and write
|
||
586BC000
|
direct allocation
|
page read and write
|
||
71EE000
|
stack
|
page read and write
|
||
DE1000
|
unkown
|
page readonly
|
||
DE0000
|
unkown
|
page execute read
|
||
6E7F000
|
stack
|
page read and write
|
||
79B0000
|
heap
|
page read and write
|
||
586AC000
|
direct allocation
|
page read and write
|
||
DC5000
|
unkown
|
page write copy
|
||
8A1000
|
unkown
|
page read and write
|
||
4A9000
|
heap
|
page read and write
|
||
58650000
|
direct allocation
|
page read and write
|
||
5865C000
|
direct allocation
|
page read and write
|
||
562C1000
|
direct allocation
|
page read and write
|
||
533F000
|
heap
|
page read and write
|
||
DE1000
|
unkown
|
page readonly
|
||
5900000
|
heap
|
page read and write
|
||
DE1000
|
unkown
|
page readonly
|
||
41C38000
|
direct allocation
|
page read and write
|
||
52A0000
|
heap
|
page read and write
|
||
4F9D000
|
stack
|
page read and write
|
||
4C1000
|
unkown
|
page execute read
|
||
4A6000
|
heap
|
page read and write
|
||
56278000
|
direct allocation
|
page read and write
|
||
529F000
|
heap
|
page read and write
|
||
5260C000
|
direct allocation
|
page read and write
|
||
5620C000
|
direct allocation
|
page read and write
|
||
DC5000
|
unkown
|
page write copy
|
||
58660000
|
direct allocation
|
page read and write
|
||
9980000
|
trusted library allocation
|
page read and write
|
||
562B8000
|
direct allocation
|
page read and write
|
||
529F000
|
heap
|
page read and write
|
||
88F000
|
unkown
|
page read and write
|
||
50E8000
|
heap
|
page read and write
|
||
4FD0000
|
heap
|
page read and write
|
||
52FC000
|
stack
|
page read and write
|
||
7240000
|
heap
|
page read and write
|
||
5320000
|
heap
|
page read and write
|
||
DC4000
|
unkown
|
page read and write
|
||
562FC000
|
direct allocation
|
page read and write
|
||
941000
|
unkown
|
page execute read
|
||
744F000
|
stack
|
page read and write
|
||
50A4000
|
heap
|
page read and write
|
||
7FAF000
|
stack
|
page read and write
|
||
7450000
|
trusted library allocation
|
page read and write
|
||
195000
|
stack
|
page read and write
|
||
7F6000
|
unkown
|
page readonly
|
||
4CA08000
|
direct allocation
|
page read and write
|
||
7D8F000
|
stack
|
page read and write
|
||
941000
|
unkown
|
page execute read
|
||
75E0000
|
heap
|
page read and write
|
||
4C0000
|
unkown
|
page readonly
|
||
41C98000
|
direct allocation
|
page read and write
|
||
58678000
|
direct allocation
|
page read and write
|
||
56201000
|
direct allocation
|
page read and write
|
||
DC6000
|
unkown
|
page read and write
|
||
562CC000
|
direct allocation
|
page read and write
|
||
9880000
|
heap
|
page read and write
|
||
88F000
|
unkown
|
page write copy
|
||
58624000
|
direct allocation
|
page read and write
|
||
5283000
|
heap
|
page read and write
|
||
5230000
|
heap
|
page read and write
|
||
DE0000
|
unkown
|
page execute read
|
||
890000
|
unkown
|
page write copy
|
||
504E000
|
stack
|
page read and write
|
||
586E0000
|
direct allocation
|
page read and write
|
||
713C000
|
stack
|
page read and write
|
||
941000
|
unkown
|
page execute read
|
||
58604000
|
direct allocation
|
page read and write
|
||
5700000
|
heap
|
page read and write
|
||
DC6000
|
unkown
|
page read and write
|
||
56204000
|
direct allocation
|
page read and write
|
||
5220000
|
heap
|
page readonly
|
||
56228000
|
direct allocation
|
page read and write
|
||
41CD0000
|
direct allocation
|
page read and write
|
||
19F000
|
stack
|
page read and write
|
||
4FE0000
|
heap
|
page read and write
|
||
58DE000
|
stack
|
page read and write
|
||
52618000
|
direct allocation
|
page read and write
|
||
56230000
|
direct allocation
|
page read and write
|
||
5238000
|
heap
|
page read and write
|
||
73B7000
|
stack
|
page read and write
|
||
6F30000
|
heap
|
page read and write
|
||
41CAC000
|
direct allocation
|
page read and write
|
||
DC2000
|
unkown
|
page write copy
|
||
D19000
|
unkown
|
page readonly
|
||
DE1000
|
unkown
|
page readonly
|
||
DCA000
|
unkown
|
page read and write
|
||
510C000
|
heap
|
page read and write
|
||
58601000
|
direct allocation
|
page read and write
|
||
D43000
|
unkown
|
page readonly
|
||
56298000
|
direct allocation
|
page read and write
|
||
758F000
|
stack
|
page read and write
|
||
DCA000
|
unkown
|
page read and write
|
||
41CC8000
|
direct allocation
|
page read and write
|
||
DC3000
|
unkown
|
page write copy
|
||
5623C000
|
direct allocation
|
page read and write
|
||
6D7E000
|
stack
|
page read and write
|
||
41CDC000
|
direct allocation
|
page read and write
|
||
7C0E000
|
stack
|
page read and write
|
||
5380000
|
heap
|
page read and write
|
There are 241 hidden memdumps, click here to show them.