Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
kuailian111.msi

Overview

General Information

Sample name:kuailian111.msi
Analysis ID:1594317
MD5:165d1b60e44fe237469bd5416f6dbd92
SHA1:52cf5ac77d694aec8c626390fdeb63d7b265907a
SHA256:29dbc7c2874c6922ad65ba4f9602e26f3463dc1aa2c29741e7836ef47cad2be1
Tags:msiuser-aachum
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Creates an undocumented autostart registry key
Drops executables to the windows directory (C:\Windows) and starts them
Found evasive API chain checking for user administrative privileges
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Changes image file execution options
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to delete services
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Disables exception chain validation (SEHOP)
Drops PE files
Drops PE files to the program root directory (C:\Program Files)
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
File is packed with WinRar
Found decision node followed by non-executed suspicious APIs
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
May use bcdedit to modify the Windows boot settings
One or more processes crash
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious MsiExec Embedding Parent
Stores large binary data to the registry
Uses Microsoft's Enhanced Cryptographic Provider
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w11x64_office
  • msiexec.exe (PID: 616 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\kuailian111.msi" MD5: C0D3BDDE74C1EC82F75681D4D5ED44C8)
  • msiexec.exe (PID: 7692 cmdline: C:\Windows\system32\msiexec.exe /V MD5: C0D3BDDE74C1EC82F75681D4D5ED44C8)
    • msiexec.exe (PID: 6844 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 92B61D458C26971E01F9E798C518FDC3 MD5: FE653E9A818C22D7E744320F65A91C09)
      • icacls.exe (PID: 6956 cmdline: "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\." /SETINTEGRITYLEVEL (CI)(OI)HIGH MD5: DF132308B964322137C3AA6CD2705D24)
        • conhost.exe (PID: 6960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
      • expand.exe (PID: 2324 cmdline: "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files MD5: 63860F134FE4705269CE653A673DBD88)
        • conhost.exe (PID: 6800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
      • 1111111111111.exe (PID: 2844 cmdline: "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exe" MD5: EE0CDB84DC5AD7DEC98C7BE76E4C5175)
        • JqnWzkidP.exe (PID: 6776 cmdline: "C:\Windows\SysWOW64\JqnWzkidP.exe" MD5: 63E47B3ED37F195F8F4696EB6D22DE50)
          • JqnWzkidP.exe (PID: 7976 cmdline: -auto MD5: 63E47B3ED37F195F8F4696EB6D22DE50)
          • cmd.exe (PID: 6164 cmdline: "C:\Windows\SysWOW64\cmd.exe" cmd/c ping -n 2 127.0.0.1 > nul && del C:\Users\user\AppData\Local\Temp\_@279F.tmp > nul MD5: 7B2C2B671D3F48A01B334A0070DEC0BD)
            • conhost.exe (PID: 2112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
            • PING.EXE (PID: 6460 cmdline: ping -n 2 127.0.0.1 MD5: 29C64F391E4C6EFAE9747C68D3F831E6)
        • ChromeSetup.exe (PID: 7472 cmdline: "C:\Windows\SysWOW64\ChromeSetup.exe" MD5: BB6992A0C47F0EF7AC5CBD34F6C3AFC2)
          • GoogleUpdate.exe (PID: 6912 cmdline: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={93D19599-0626-757C-805D-BBBE09121B4F}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty" MD5: 9D11650401D71CE469F70B4F93D0B6C5)
      • icacls.exe (PID: 4988 cmdline: "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\." /SETINTEGRITYLEVEL (CI)(OI)LOW MD5: DF132308B964322137C3AA6CD2705D24)
        • conhost.exe (PID: 5756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
      • cmd.exe (PID: 3780 cmdline: C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files" MD5: 7B2C2B671D3F48A01B334A0070DEC0BD)
        • conhost.exe (PID: 2788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
      • conhost.exe (PID: 4988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 9698384842DA735D80D278A427A229AB)
  • JqnWzkidP.exe (PID: 4156 cmdline: "C:\Program Files (x86)\JqnWzkidP.exe" Service 1 MD5: 63E47B3ED37F195F8F4696EB6D22DE50)
    • JqnWzkidP.exe (PID: 6472 cmdline: -a1 MD5: 63E47B3ED37F195F8F4696EB6D22DE50)
      • WerFault.exe (PID: 6880 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 916 MD5: AA47AAA34035C6EB09F8ACA062E66C9D)
  • svchost.exe (PID: 6604 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 8EC922C7A58A8701AB481B7BE9644536)
    • WerFault.exe (PID: 7976 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 6472 -ip 6472 MD5: AA47AAA34035C6EB09F8ACA062E66C9D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Suspicious MsiExec Embedding Parent
Source: Process startedAuthor: frack113: Data: Command: C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files", CommandLine: C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 92B61D458C26971E01F9E798C518FDC3, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 6844, ParentProcessName: msiexec.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files", ProcessId: 3780, ProcessName: cmd.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 712, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 6604, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: kuailian111.msiVirustotal: Detection: 20%Perma Link
Source: kuailian111.msiReversingLabs: Detection: 18%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.4% probability
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CCCA9AF CryptQueryObject,CertFindCertificateInStore,CertFindCertificateInStore,CertCloseStore,21_2_6CCCA9AF
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CCCA7AF CryptHashCertificate,21_2_6CCCA7AF
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CCC9587 CryptDecodeObjectEx,CryptImportPublicKeyInfo,CryptCreateHash,21_2_6CCC9587
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC4D7FC CryptReleaseContext,CryptDestroyKey,CryptDestroyHash,CryptReleaseContext,21_2_6CC4D7FC
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CCC97AC CryptVerifySignatureW,CryptDestroyHash,CryptDestroyKey,21_2_6CCC97AC
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD317AA CryptAcquireContextW,GetLastError,CryptReleaseContext,21_2_6CD317AA
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CCC9746 CryptHashData,21_2_6CCC9746
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CCA70D3 #20,CryptUnprotectData,GetLastError,LocalFree,21_2_6CCA70D3
Source: Binary string: TEST_goopdateres_unsigned_fa.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000295E000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12971425600.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleUpdateCore_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000002.14101962587.0000000000364000.00000004.00000010.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12965891196.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_lt.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003216000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A55000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12976833269.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_el.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000312F000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12969522062.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_sr.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032B1000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AEF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_mr.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003236000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12979157040.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_hr.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029F3000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12973216871.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_psuser_unsigned_64.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_bg.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.000000000292B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000030EC000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12967827770.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -BR.pdb source: GoogleUpdate.exe, 00000015.00000003.12986258645.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 2024-12-09 12:51:14, Info DPX Extraction of file: amd64_winappsdk-cbs_31bf3856ad364e35_10.0.22621.4391_none_a4e452c96f8713d0\WindowsAppSdk.AppxDeploymentExtensions.Desktop-EventLog-Instrumentation.pdb failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=). source: setupact.log.6.dr
Source: Binary string: -GB.pdb source: GoogleUpdate.exe, 00000015.00000003.12970077965.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ar.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002920000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12967552900.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ar.dll.21.dr
Source: Binary string: TEST_goopdateres_unsigned_tr.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B33000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032F4000.00000004.00000020.00020000.00000000.sdmp, goopdateres_tr.dll.21.dr
Source: Binary string: TEST_goopdateres_unsigned_hi.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029E8000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12972872497.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_pt-BR.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AAD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000326E000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12986258645.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_de.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003124000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002962000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12969253229.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleUpdateOnDemand_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12991094036.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12991169404.000000000138A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12991058588.000000000139A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ru.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002ACE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003290000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12987128420.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ru.dll.10.dr
Source: Binary string: TEST_goopdate_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000002.14104737593.000000006CD75000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ms.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003242000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A81000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12980170554.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_fr.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029D1000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.000000000297E000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12972276747.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 2024-12-09 12:51:14, Info DPX Extraction of file: amd64_winappsdk-cbs_31bf3856ad364e35_10.0.22621.4391_none_a4e452c96f8713d0\f\WindowsAppSdk.AppxDeploymentExtensions.Desktop-EventLog-Instrumentation.pdb failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=). source: setupact.log.6.dr
Source: Binary string: TEST_psuser_unsigned.pdbJ source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleCrashHandler64_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_gu.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002989000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029DC000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12972558793.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_gu.dll.10.dr
Source: Binary string: TEST_goopdateres_unsigned_no.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003258000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12985501165.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_no.dll.21.dr
Source: Binary string: TEST_goopdateres_unsigned_zh-CN.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B5E000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003320000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000002.14103689215.0000000001790000.00000002.00000001.00040000.00000011.sdmp
Source: Binary string: TEST_goopdateres_unsigned_kn.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A40000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12976218449.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_kn.dll.21.dr
Source: Binary string: TEST_mi_exe_stub.pdb source: ChromeSetup.exe, 0000000A.00000002.14101146193.00000000000C9000.00000002.00000001.01000000.0000000A.sdmp, ChromeSetup.exe, 0000000A.00000000.12919908074.00000000000C9000.00000002.00000001.01000000.0000000A.sdmp, kuailian111.msi
Source: Binary string: TEST_goopdateres_unsigned_ml.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A6A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12978354444.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_psmachine_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_fil.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029C6000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12971980559.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_sl.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032A6000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sl.dll.10.dr
Source: Binary string: TEST_goopdateres_unsigned_es-419.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.000000000299A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000315B000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12970707723.000000000139A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12970771946.0000000001389000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_pl.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003263000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AA2000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12985964571.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_is.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029C1000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A14000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12975030027.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ur.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000330A000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ur.dll.21.dr
Source: Binary string: TEST_psuser_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_th.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B27000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleCrashHandler_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966206280.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966172610.000000000139A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966267722.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_sv.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032BC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AFA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_en.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002979000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000313A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12969805904.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_uk.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B3D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, goopdateres_uk.dll.21.dr
Source: Binary string: TEST_goopdateres_unsigned_bn.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002936000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12968126631.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_bn.dll.10.dr
Source: Binary string: 2024-12-09 12:51:14, Info DPX Extraction of file: amd64_winappsdk-cbs_31bf3856ad364e35_10.0.22621.4391_none_a4e452c96f8713d0\r\WindowsAppSdk.AppxDeploymentExtensions.Desktop-EventLog-Instrumentation.pdb failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=). source: setupact.log.6.dr
Source: Binary string: TEST_goopdateres_unsigned_fi.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000317D000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12971706067.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleUpdateCore_unsigned.pdbV source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000002.14101962587.0000000000364000.00000004.00000010.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12965891196.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ko.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.000000000320B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A4A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12976512225.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_zh-TW.pdb source: ChromeSetup.exe, 0000000A.00000002.14101962587.000000000035E000.00000004.00000010.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000332B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: kuailian111.msi
Source: Binary string: -419.pdb source: GoogleUpdate.exe, 00000015.00000003.12970900123.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 1111111111111.exe, 00000008.00000000.12910999032.0000000000EEF000.00000002.00000001.01000000.00000006.sdmp, 1111111111111.exe, 00000008.00000002.12924164995.0000000000EEF000.00000002.00000001.01000000.00000006.sdmp, kuailian111.msi
Source: Binary string: TEST_goopdateres_unsigned_nl.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12982599207.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ca.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002941000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003102000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12968410873.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ca.dll.21.dr
Source: Binary string: GoogleUpdate_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, GoogleUpdate.exe, 00000015.00000000.12959987883.0000000000661000.00000020.00000001.01000000.0000000D.sdmp
Source: Binary string: -PT.pdb source: GoogleUpdate.exe, 00000015.00000003.12986556954.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleUpdateBroker_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12990843517.000000000138A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12990773563.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12990734643.000000000139A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ro.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AC3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003285000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12986849944.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_pt-PT.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AB8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000327A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12986556954.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_sw.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B05000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032C7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_psmachine_unsigned_64.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_am.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12967284617.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleCrashHandler64_unsigned.pdbl source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_hu.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031BF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12973617848.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleCrashHandler_unsigned.pdbp source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966206280.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966172610.000000000139A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966267722.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ta.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032D2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B10000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_psmachine_unsigned.pdbJ source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_cs.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000294C000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12968675287.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_da.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002957000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12968958630.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_it.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A1F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12975340956.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_en-GB.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002932000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002984000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12970077965.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_sk.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AD9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000329B000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12987417246.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_iw.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031EB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A2A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12975633309.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_iw.dll.10.dr
Source: Binary string: l.pdb source: GoogleUpdate.exe, 00000015.00000003.12971980559.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_te.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B1C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032DD000.00000004.00000020.00020000.00000000.sdmp, goopdateres_te.dll.21.dr
Source: Binary string: TEST_psmachine_unsigned_64.pdbF source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ja.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A35000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12975908423.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_psuser_unsigned_64.pdbF source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_id.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12974740849.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_id.dll.10.dr
Source: Binary string: TEST_goopdateres_unsigned_et.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003167000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12971123454.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\Desktop\bbtcp\Release\bbtcp.pdb source: JqnWzkidP.exe, JqnWzkidP.exe, 00000012.00000002.13145335578.0000000002A30000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: GoogleUpdateComRegisterShell64_unsigned.pdbR source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966878515.000000000139A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966912744.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966978834.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_lv.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003220000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A5F000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12977606637.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_vi.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003315000.00000004.00000020.00020000.00000000.sdmp, goopdateres_vi.dll.10.dr
Source: Binary string: GoogleUpdateComRegisterShell64_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966878515.000000000139A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966912744.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966978834.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_es.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000298F000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12970359380.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EC9C91 FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,8_2_00EC9C91
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ED994E SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,8_2_00ED994E
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EE7561 FindFirstFileExA,8_2_00EE7561
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000BCBAB FindFirstFileExW,10_2_000BCBAB
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_0066DB25 FindFirstFileExW,21_2_0066DB25
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC08E05 FindFirstFileW,GetLastError,DeleteFileW,FindNextFileW,GetLastError,FindClose,21_2_6CC08E05
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC08F4C GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindNextFileW,FindClose,RemoveDirectoryW,21_2_6CC08F4C
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD25DC3 FindFirstFileW,GetLastError,PathStripPathW,PathStripPathW,PathStripPathW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,FindNextFileW,GetLastError,FindClose,21_2_6CD25DC3
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC08CCE FindFirstFileW,FindNextFileW,GetLastError,FindClose,21_2_6CC08CCE
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC0ED32 FindFirstFileW,FindNextFileW,FindClose,21_2_6CC0ED32
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC0A9FF FindFirstFileW,FindNextFileW,FindClose,21_2_6CC0A9FF
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC14811 GetLogicalDriveStringsW,QueryDosDeviceW,21_2_6CC14811

Networking

barindex
Uses ping.exe to check the status of other devices and networks
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 127.0.0.1
Source: global trafficTCP traffic: 192.168.2.24:49787 -> 38.181.21.34:2022
Source: unknownTCP traffic detected without corresponding DNS query: 38.181.21.34
Source: unknownTCP traffic detected without corresponding DNS query: 38.181.21.34
Source: unknownTCP traffic detected without corresponding DNS query: 38.181.21.34
Source: unknownTCP traffic detected without corresponding DNS query: 38.181.21.34
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 18_2_02A33030 CloseHandle,setsockopt,setsockopt,WSARecv,WSAGetLastError,setsockopt,shutdown,closesocket,18_2_02A33030
Source: 1111111111111.exe, 00000008.00000003.12912723093.00000000057B7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: 1111111111111.exe, 00000008.00000003.12912723093.00000000057B7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 1111111111111.exe, 00000008.00000003.12912723093.00000000057B7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: GoogleUpdate.exe, 00000015.00000002.14104444207.0000000005114000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.13588042806.0000000005113000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: GoogleUpdate.exe, 00000015.00000003.12966594280.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966659701.000000000138A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.dig
Source: 1111111111111.exe, 00000008.00000003.12912723093.00000000057B7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: 1111111111111.exe, 00000008.00000003.12912723093.00000000057B7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: goopdateres_uk.dll.21.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: 1111111111111.exe, 00000008.00000003.12912723093.00000000057B7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: 1111111111111.exe, 00000008.00000003.12912723093.00000000057B7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: 1111111111111.exe, 00000008.00000003.12912723093.00000000057B7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: JqnWzkidP.exe, 00000009.00000002.12934842561.00000000004F2000.00000080.00000001.01000000.0000000C.sdmp, JqnWzkidP.exe, 0000000B.00000001.12925761089.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, JqnWzkidP.exe, 0000000C.00000001.12931188590.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, JqnWzkidP.exe, 00000012.00000001.12936406592.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, kuailian111.msiString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: JqnWzkidP.exe, 00000009.00000002.12934842561.00000000004F2000.00000080.00000001.01000000.0000000C.sdmp, JqnWzkidP.exe, 0000000B.00000001.12925761089.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, JqnWzkidP.exe, 0000000C.00000001.12931188590.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, JqnWzkidP.exe, 00000012.00000001.12936406592.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, kuailian111.msiString found in binary or memory: http://s.symcd.com06
Source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: GoogleUpdate.exeString found in binary or memory: https://clients2.google.com/cr/report
Source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000002.14104737593.000000006CD75000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://clients2.google.com/cr/reportGoogle
Source: GoogleUpdate.exeString found in binary or memory: https://clients2.google.com/service/check2?crx3=true
Source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000002.14104737593.000000006CD75000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://clients2.google.com/service/check2?crx3=true/recover/recover
Source: GoogleUpdate.exe, 00000015.00000002.14102839987.0000000001336000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1
Source: GoogleUpdate.exe, 00000015.00000002.14102839987.0000000001336000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/clientupdate-aus/1Persistent-AuthWWW-AuthenticateAccept-EncodingVaryS
Source: JqnWzkidP.exe, 00000009.00000002.12934842561.00000000004F2000.00000080.00000001.01000000.0000000C.sdmp, JqnWzkidP.exe, 0000000B.00000001.12925761089.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, JqnWzkidP.exe, 0000000C.00000001.12931188590.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, JqnWzkidP.exe, 00000012.00000001.12936406592.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, kuailian111.msiString found in binary or memory: https://d.symcb.com/cps0%
Source: JqnWzkidP.exe, 00000009.00000002.12934842561.00000000004F2000.00000080.00000001.01000000.0000000C.sdmp, JqnWzkidP.exe, 0000000B.00000001.12925761089.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, JqnWzkidP.exe, 0000000C.00000001.12931188590.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, JqnWzkidP.exe, 00000012.00000001.12936406592.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, kuailian111.msiString found in binary or memory: https://d.symcb.com/rpa0
Source: JqnWzkidP.exe, 00000009.00000002.12934842561.00000000004F2000.00000080.00000001.01000000.0000000C.sdmp, JqnWzkidP.exe, 0000000B.00000001.12925761089.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, JqnWzkidP.exe, 0000000C.00000001.12931188590.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, JqnWzkidP.exe, 00000012.00000001.12936406592.00000000004F2000.00000080.00000001.01000000.0000000B.sdmp, kuailian111.msiString found in binary or memory: https://d.symcb.com/rpa0.
Source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000002.14104737593.000000006CD75000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://dl.google.com/update2/installers/icons/https://m.google.com/devicemanagement/data/apihttps:/
Source: GoogleUpdate.exeString found in binary or memory: https://m.google.com/devicemanagement/data/api
Source: GoogleUpdate.exe, GoogleUpdate.exe, 00000015.00000002.14102839987.0000000001303000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://update.googleapis.com/service/update2
Source: GoogleUpdate.exeString found in binary or memory: https://www.google.com/support/installer/?
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC13DEF lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,21_2_6CC13DEF
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC13DEF lstrlenW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,GlobalFree,CloseClipboard,21_2_6CC13DEF
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC130A0 NtDeleteKey,21_2_6CC130A0
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EC6BC9: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,8_2_00EC6BC9
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC19C69 OpenSCManagerW,OpenServiceW,DeleteService,CloseServiceHandle,CloseServiceHandle,21_2_6CC19C69
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC10762 CreateProcessAsUserW,21_2_6CC10762
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\550dae.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{17AE145E-380C-439F-B394-3181AAC3A14B}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SystemTemp\~DF16244E11090C507A.TMPJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SystemTemp\~DFDE33FA7888825F04.TMPJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI11C5.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B3A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B4A.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C16.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SystemTemp\~DFFE87A2393C861F0E.TMPJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\SystemTemp\~DFF13CF0EC83B6E8BB.TMPJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeFile created: C:\Windows\SysWOW64\__tmp_rar_sfx_access_check_5579531Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeFile created: C:\Windows\SysWOW64\ChromeSetup.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeFile created: C:\Windows\SysWOW64\JqnWzkidP.exeJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25E9.tmpJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmpJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmpJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUT25EB.tmpJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleCrashHandler.exeJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdate.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateBroker.exeJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateOnDemand.exeJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateComRegisterShell64.exeJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\psmachine.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\psmachine_64.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\psuser.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\psuser_64.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleCrashHandler64.exeJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateCore.exeJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_am.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ar.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_bg.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_bn.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ca.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_cs.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_da.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_de.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_el.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_en.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_en-GB.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_es.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_es-419.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_et.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fa.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fi.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fil.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fr.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_gu.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_hi.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_hr.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_hu.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_id.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_is.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_it.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_iw.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ja.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_kn.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ko.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_lt.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_lv.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ml.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_mr.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ms.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_nl.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_no.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_pl.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_pt-BR.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_pt-PT.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ro.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ru.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sk.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sl.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sr.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sv.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sw.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ta.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_te.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_th.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_tr.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_uk.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ur.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_vi.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_zh-CN.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_zh-TW.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateSetup.exeJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Windows\SystemTemp\GUM35F7.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI11C5.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EC7E208_2_00EC7E20
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EDE88E8_2_00EDE88E
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EC30878_2_00EC3087
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EEE0648_2_00EEE064
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ED50718_2_00ED5071
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EDE0248_2_00EDE024
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ECD1BC8_2_00ECD1BC
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EE21688_2_00EE2168
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ECE2E18_2_00ECE2E1
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EE9ADE8_2_00EE9ADE
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ED5AA18_2_00ED5AA1
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ED22078_2_00ED2207
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ECB4F78_2_00ECB4F7
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ED54908_2_00ED5490
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ED246B8_2_00ED246B
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EC5C448_2_00EC5C44
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EDE4598_2_00EDE459
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ECDC248_2_00ECDC24
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EDDC0C8_2_00EDDC0C
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ECCDA48_2_00ECCDA4
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EC3D4C8_2_00EC3D4C
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ED06C58_2_00ED06C5
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ED46588_2_00ED4658
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EC263E8_2_00EC263E
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EE96308_2_00EE9630
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ECD7BA8_2_00ECD7BA
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ED27958_2_00ED2795
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EDD7108_2_00EDD710
Source: C:\Windows\SysWOW64\JqnWzkidP.exeCode function: 9_2_00485E2F9_2_00485E2F
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000C783410_2_000C7834
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000BB14410_2_000BB144
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000C016610_2_000C0166
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000C721810_2_000C7218
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000C7AFB10_2_000C7AFB
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000C2C7810_2_000C2C78
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000B448210_2_000B4482
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000C64EE10_2_000C64EE
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000C758A10_2_000C758A
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000C7DB610_2_000C7DB6
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000C27F010_2_000C27F0
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 11_2_00485E2F11_2_00485E2F
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 12_2_00485E2F12_2_00485E2F
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 18_2_00485E2F18_2_00485E2F
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_00668CF021_2_00668CF0
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_0066927221_2_00669272
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_00668A4621_2_00668A46
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_00673E2B21_2_00673E2B
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_006686D421_2_006686D4
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_00668FB721_2_00668FB7
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD4AD4021_2_6CD4AD40
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD50E6E21_2_6CD50E6E
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD6683821_2_6CD66838
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD50AE021_2_6CD50AE0
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD205E021_2_6CD205E0
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD5079821_2_6CD50798
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD2FDF221_2_6CD2FDF2
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD61F6B21_2_6CD61F6B
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD5948021_2_6CD59480
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD2167D21_2_6CD2167D
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD1F75D21_2_6CD1F75D
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD511D321_2_6CD511D3
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD5D1F721_2_6CD5D1F7
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC4F13821_2_6CC4F138
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD4934A21_2_6CD4934A
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: String function: 6CC06DD4 appears 184 times
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: String function: 6CD46630 appears 49 times
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: String function: 6CC041E3 appears 172 times
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: String function: 6CCA6987 appears 33 times
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: String function: 6CC0F299 appears 64 times
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: String function: 6CC16E1E appears 61 times
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: String function: 6CC0F26F appears 56 times
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: String function: 00667A10 appears 33 times
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: String function: 004809C8 appears 60 times
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: String function: 00484233 appears 39 times
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: String function: 000B5960 appears 33 times
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: String function: 00EDC16C appears 34 times
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: String function: 00EDCB60 appears 31 times
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: String function: 00EDC240 appears 52 times
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 6472 -ip 6472
Source: goopdateres_tr.dll.10.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV pure executable not stripped
Source: goopdateres_vi.dll.10.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
Source: goopdateres_ca.dll.10.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.10.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: goopdateres_hu.dll.10.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
Source: goopdateres_ms.dll.10.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
Source: goopdateres_ca.dll.21.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.114
Source: goopdateres_fil.dll.21.drStatic PE information: Resource name: RT_STRING type: VAX COFF executable, sections 80, created Wed Mar 25 10:31:05 1970, not stripped, version 108
Source: goopdateres_hu.dll.21.drStatic PE information: Resource name: RT_STRING type: MIPSEL MIPS-II ECOFF executable not stripped - version 0.101
Source: goopdateres_ms.dll.21.drStatic PE information: Resource name: RT_STRING type: 370 sysV executable not stripped
Source: kuailian111.msiBinary or memory string: OriginalFilenameGoogleUpdateSetup.exe< vs kuailian111.msi
Source: classification engineClassification label: mal72.troj.evad.winMSI@45/176@0/2
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000B3040 GetLastError,SetLastError,FormatMessageW,GetLastError,SetLastError,LocalFree,10_2_000B3040
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC109AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,21_2_6CC109AA
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: OpenSCManagerW,GetLastError,CreateServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,21_2_6CC1A486
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: OpenSCManagerW,GetLastError,CreateServiceW,GetLastError,CloseServiceHandle,CloseServiceHandle,21_2_6CC1A7CE
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC0F84B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,21_2_6CC0F84B
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CCBAA72 CoCreateInstance,21_2_6CCBAA72
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000B2005 FindResourceW,LoadResource,LockResource,CreateFileW,SizeofResource,SetFilePointerEx,CloseHandle,10_2_000B2005
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC1A6FE OpenSCManagerW,GetLastError,OpenServiceW,ChangeServiceConfigW,GetLastError,CloseServiceHandle,CloseServiceHandle,21_2_6CC1A6FE
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC19EE7 StartServiceCtrlDispatcherW,GetLastError,WaitForSingleObject,CloseHandle,21_2_6CC19EE7
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC19F8B StartServiceCtrlDispatcherW,GetLastError,WaitForSingleObject,CloseHandle,21_2_6CC19F8B
Source: C:\Windows\SysWOW64\JqnWzkidP.exeFile created: C:\Program Files (x86)\JqnWzkidP.exeJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6800:120:WilError_03
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\G{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6472
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:7976:64:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4988:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5756:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6960:120:WilError_03
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\GS-1-5-21-1366499904-3779542990-1865374188-1001{D19BAF17-7C87-467E-8D63-6C4B1C836373}
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\G{A9A86B93-B54E-4570-BE89-42418507707B}
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF80CBFD0882C30D1E.TMPJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCommand line argument: sfxname8_2_00EDB52F
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCommand line argument: sfxstime8_2_00EDB52F
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCommand line argument: STARTDLG8_2_00EDB52F
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCommand line argument: .8_2_00EEE680
Source: C:\Windows\SysWOW64\ChromeSetup.exeCommand line argument: kernel32.dll10_2_000B260C
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCommand line argument: kernel32.dll21_2_00666898
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCommand line argument: DllEntry21_2_00666898
Source: C:\Windows\SysWOW64\msiexec.exeFile read: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\msiwrapper.iniJump to behavior
Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: kuailian111.msiVirustotal: Detection: 20%
Source: kuailian111.msiReversingLabs: Detection: 18%
Source: GoogleUpdate.exeString found in binary or memory: Application update/install
Source: GoogleUpdate.exeString found in binary or memory: https://www.google.com/support/installer/?
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\kuailian111.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 92B61D458C26971E01F9E798C518FDC3
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* files
Source: C:\Windows\SysWOW64\expand.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exe "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exe"
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeProcess created: C:\Windows\SysWOW64\JqnWzkidP.exe "C:\Windows\SysWOW64\JqnWzkidP.exe"
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeProcess created: C:\Windows\SysWOW64\ChromeSetup.exe "C:\Windows\SysWOW64\ChromeSetup.exe"
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess created: C:\Program Files (x86)\JqnWzkidP.exe -auto
Source: unknownProcess created: C:\Program Files (x86)\JqnWzkidP.exe "C:\Program Files (x86)\JqnWzkidP.exe" Service 1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\." /SETINTEGRITYLEVEL (CI)(OI)LOW
Source: C:\Windows\SysWOW64\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\SysWOW64\cmd.exe" cmd/c ping -n 2 127.0.0.1 > nul && del C:\Users\user\AppData\Local\Temp\_@279F.tmp > nul
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 127.0.0.1
Source: C:\Program Files (x86)\JqnWzkidP.exeProcess created: C:\Program Files (x86)\JqnWzkidP.exe -a1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files"
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\ChromeSetup.exeProcess created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exe C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={93D19599-0626-757C-805D-BBBE09121B4F}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 6472 -ip 6472
Source: C:\Program Files (x86)\JqnWzkidP.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 916
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 92B61D458C26971E01F9E798C518FDC3Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\." /SETINTEGRITYLEVEL (CI)(OI)HIGHJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* filesJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exe "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exe" Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\." /SETINTEGRITYLEVEL (CI)(OI)LOWJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeProcess created: C:\Windows\SysWOW64\JqnWzkidP.exe "C:\Windows\SysWOW64\JqnWzkidP.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeProcess created: C:\Windows\SysWOW64\ChromeSetup.exe "C:\Windows\SysWOW64\ChromeSetup.exe" Jump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess created: C:\Program Files (x86)\JqnWzkidP.exe -autoJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\SysWOW64\cmd.exe" cmd/c ping -n 2 127.0.0.1 > nul && del C:\Users\user\AppData\Local\Temp\_@279F.tmp > nulJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeProcess created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exe C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={93D19599-0626-757C-805D-BBBE09121B4F}&lang=zh-CN&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"Jump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeProcess created: C:\Program Files (x86)\JqnWzkidP.exe -a1Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 127.0.0.1Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 6472 -ip 6472
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 916
Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknown
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: appidapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: appidapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_1_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: servicingcommon.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cfgmgr32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: virtdisk.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: smartscreenps.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: servicingcommon.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: dpx.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: wdscore.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\expand.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: dxgidebug.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: cfgmgr32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: virtdisk.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: smartscreenps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeSection loaded: servicingcommon.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: cfgmgr32.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: virtdisk.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: smartscreenps.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\icacls.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: nlansp_c.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: msxml3.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: taskschd.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: cfgmgr32.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: edputil.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exeSection loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exeSection loaded: weretw.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: diagnosticdatasettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coreprivacysettingsstore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
Source: C:\Windows\System32\svchost.exeSection loaded: diagnosticdatasettings.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: coreprivacysettingsstore.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile written: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\msiwrapper.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: kuailian111.msiStatic file information: File size 10285056 > 1048576
Source: Binary string: TEST_goopdateres_unsigned_fa.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000295E000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029B0000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12971425600.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleUpdateCore_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000002.14101962587.0000000000364000.00000004.00000010.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12965891196.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_lt.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003216000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A55000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12976833269.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_el.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.000000000296D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000312F000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12969522062.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_sr.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032B1000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AEF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_mr.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A75000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003236000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12979157040.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_hr.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031B4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029F3000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12973216871.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_psuser_unsigned_64.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_bg.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.000000000292B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000030EC000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12967827770.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: -BR.pdb source: GoogleUpdate.exe, 00000015.00000003.12986258645.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 2024-12-09 12:51:14, Info DPX Extraction of file: amd64_winappsdk-cbs_31bf3856ad364e35_10.0.22621.4391_none_a4e452c96f8713d0\WindowsAppSdk.AppxDeploymentExtensions.Desktop-EventLog-Instrumentation.pdb failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=). source: setupact.log.6.dr
Source: Binary string: -GB.pdb source: GoogleUpdate.exe, 00000015.00000003.12970077965.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ar.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028CE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002920000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12967552900.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ar.dll.21.dr
Source: Binary string: TEST_goopdateres_unsigned_tr.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B33000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032F4000.00000004.00000020.00020000.00000000.sdmp, goopdateres_tr.dll.21.dr
Source: Binary string: TEST_goopdateres_unsigned_hi.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031A9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029E8000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12972872497.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_pt-BR.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AAD000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000326E000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12986258645.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_de.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003124000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002962000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12969253229.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleUpdateOnDemand_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12991094036.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12991169404.000000000138A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12991058588.000000000139A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ru.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002ACE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003290000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12987128420.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ru.dll.10.dr
Source: Binary string: TEST_goopdate_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000002.14104737593.000000006CD75000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ms.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003242000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A81000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12980170554.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_fr.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029D1000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.000000000297E000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12972276747.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 2024-12-09 12:51:14, Info DPX Extraction of file: amd64_winappsdk-cbs_31bf3856ad364e35_10.0.22621.4391_none_a4e452c96f8713d0\f\WindowsAppSdk.AppxDeploymentExtensions.Desktop-EventLog-Instrumentation.pdb failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=). source: setupact.log.6.dr
Source: Binary string: TEST_psuser_unsigned.pdbJ source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleCrashHandler64_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_gu.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002989000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029DC000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12972558793.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_gu.dll.10.dr
Source: Binary string: TEST_goopdateres_unsigned_no.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003258000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A97000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12985501165.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_no.dll.21.dr
Source: Binary string: TEST_goopdateres_unsigned_zh-CN.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B5E000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003320000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000002.14103689215.0000000001790000.00000002.00000001.00040000.00000011.sdmp
Source: Binary string: TEST_goopdateres_unsigned_kn.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003201000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A40000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12976218449.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_kn.dll.21.dr
Source: Binary string: TEST_mi_exe_stub.pdb source: ChromeSetup.exe, 0000000A.00000002.14101146193.00000000000C9000.00000002.00000001.01000000.0000000A.sdmp, ChromeSetup.exe, 0000000A.00000000.12919908074.00000000000C9000.00000002.00000001.01000000.0000000A.sdmp, kuailian111.msi
Source: Binary string: TEST_goopdateres_unsigned_ml.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.000000000322B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A6A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12978354444.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_psmachine_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_fil.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003187000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029C6000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12971980559.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_sl.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AE4000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032A6000.00000004.00000020.00020000.00000000.sdmp, goopdateres_sl.dll.10.dr
Source: Binary string: TEST_goopdateres_unsigned_es-419.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.000000000299A000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000315B000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12970707723.000000000139A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12970771946.0000000001389000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_pl.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003263000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AA2000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12985964571.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_is.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029C1000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A14000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12975030027.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ur.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B48000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000330A000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ur.dll.21.dr
Source: Binary string: TEST_psuser_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_th.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032E9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B27000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleCrashHandler_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966206280.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966172610.000000000139A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966267722.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_sv.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032BC000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AFA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_en.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002979000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000313A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12969805904.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_uk.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B3D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, goopdateres_uk.dll.21.dr
Source: Binary string: TEST_goopdateres_unsigned_bn.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000030F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002936000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12968126631.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_bn.dll.10.dr
Source: Binary string: 2024-12-09 12:51:14, Info DPX Extraction of file: amd64_winappsdk-cbs_31bf3856ad364e35_10.0.22621.4391_none_a4e452c96f8713d0\r\WindowsAppSdk.AppxDeploymentExtensions.Desktop-EventLog-Instrumentation.pdb failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=). source: setupact.log.6.dr
Source: Binary string: TEST_goopdateres_unsigned_fi.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029BB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000317D000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12971706067.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleUpdateCore_unsigned.pdbV source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000002.14101962587.0000000000364000.00000004.00000010.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12965891196.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ko.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.000000000320B000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A4A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12976512225.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_zh-TW.pdb source: ChromeSetup.exe, 0000000A.00000002.14101962587.000000000035E000.00000004.00000010.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B69000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000332B000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\ss2\Projects\MsiWrapper\MsiCustomActions\Release\MsiCustomActions.pdb source: kuailian111.msi
Source: Binary string: -419.pdb source: GoogleUpdate.exe, 00000015.00000003.12970900123.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: 1111111111111.exe, 00000008.00000000.12910999032.0000000000EEF000.00000002.00000001.01000000.00000006.sdmp, 1111111111111.exe, 00000008.00000002.12924164995.0000000000EEF000.00000002.00000001.01000000.00000006.sdmp, kuailian111.msi
Source: Binary string: TEST_goopdateres_unsigned_nl.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.000000000324D000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A8C000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12982599207.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ca.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002941000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003102000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12968410873.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_ca.dll.21.dr
Source: Binary string: GoogleUpdate_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, GoogleUpdate.exe, 00000015.00000000.12959987883.0000000000661000.00000020.00000001.01000000.0000000D.sdmp
Source: Binary string: -PT.pdb source: GoogleUpdate.exe, 00000015.00000003.12986556954.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleUpdateBroker_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12990843517.000000000138A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12990773563.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12990734643.000000000139A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ro.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AC3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003285000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12986849944.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_pt-PT.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AB8000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000327A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12986556954.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_sw.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B05000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032C7000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_psmachine_unsigned_64.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_am.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12967284617.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleCrashHandler64_unsigned.pdbl source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_hu.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029FE000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031BF000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12973617848.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: GoogleCrashHandler_unsigned.pdbp source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966206280.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966172610.000000000139A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966267722.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ta.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032D2000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B10000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_psmachine_unsigned.pdbJ source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_cs.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.00000000028F9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000294C000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12968675287.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_da.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002905000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002957000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12968958630.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_it.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A1F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029CC000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12975340956.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_en-GB.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.0000000002932000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002984000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12970077965.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_sk.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002AD9000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.000000000329B000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12987417246.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_iw.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031EB000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A2A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12975633309.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_iw.dll.10.dr
Source: Binary string: l.pdb source: GoogleUpdate.exe, 00000015.00000003.12971980559.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_te.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B1C000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.00000000032DD000.00000004.00000020.00020000.00000000.sdmp, goopdateres_te.dll.21.dr
Source: Binary string: TEST_psmachine_unsigned_64.pdbF source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_ja.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.00000000031F7000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A35000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12975908423.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_psuser_unsigned_64.pdbF source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_id.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.00000000029B6000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12974740849.0000000001399000.00000004.00000020.00020000.00000000.sdmp, goopdateres_id.dll.10.dr
Source: Binary string: TEST_goopdateres_unsigned_et.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003167000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12971123454.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\Administrator\Desktop\bbtcp\Release\bbtcp.pdb source: JqnWzkidP.exe, JqnWzkidP.exe, 00000012.00000002.13145335578.0000000002A30000.00000040.00001000.00020000.00000000.sdmp
Source: Binary string: GoogleUpdateComRegisterShell64_unsigned.pdbR source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966878515.000000000139A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966912744.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966978834.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_lv.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003220000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002A5F000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12977606637.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_vi.pdb source: ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002B53000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003315000.00000004.00000020.00020000.00000000.sdmp, goopdateres_vi.dll.10.dr
Source: Binary string: GoogleUpdateComRegisterShell64_unsigned.pdb source: ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966878515.000000000139A000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966912744.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966978834.000000000138A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: TEST_goopdateres_unsigned_es.pdb source: ChromeSetup.exe, 0000000A.00000003.12939764591.0000000003150000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.000000000298F000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12970359380.0000000001399000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\SysWOW64\JqnWzkidP.exeCode function: 9_2_00489379 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,9_2_00489379
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeFile created: C:\Windows\SysWOW64\__tmp_rar_sfx_access_check_5579531Jump to behavior
Source: 0666f5d344fd1c42b6b2c9a19460ba1e.tmp.6.drStatic PE information: real checksum: 0x0 should be: 0x996883
Source: ChromeSetup.exe.8.drStatic PE information: real checksum: 0x15680b should be: 0x15879b
Source: JqnWzkidP.exe.8.drStatic PE information: real checksum: 0xe622d should be: 0x8036c7
Source: GoogleUpdateSetup.exe.10.drStatic PE information: real checksum: 0x15680b should be: 0x15879b
Source: JqnWzkidP.exe.9.drStatic PE information: real checksum: 0xe622d should be: 0x8036c7
Source: JqnWzkidP.exe.8.drStatic PE information: section name: 1
Source: JqnWzkidP.exe.8.drStatic PE information: section name: 1
Source: JqnWzkidP.exe.8.drStatic PE information: section name: 3
Source: JqnWzkidP.exe.8.drStatic PE information: section name: 5
Source: JqnWzkidP.exe.9.drStatic PE information: section name: 1
Source: JqnWzkidP.exe.9.drStatic PE information: section name: 1
Source: JqnWzkidP.exe.9.drStatic PE information: section name: 3
Source: JqnWzkidP.exe.9.drStatic PE information: section name: 5
Source: GoogleUpdateComRegisterShell64.exe.10.drStatic PE information: section name: _RDATA
Source: GoogleUpdateComRegisterShell64.exe.10.drStatic PE information: section name: .gxfg
Source: GoogleUpdateComRegisterShell64.exe.10.drStatic PE information: section name: .gehcont
Source: psmachine.dll.10.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.10.drStatic PE information: section name: .orpc
Source: psmachine_64.dll.10.drStatic PE information: section name: _RDATA
Source: psmachine_64.dll.10.drStatic PE information: section name: .gxfg
Source: psmachine_64.dll.10.drStatic PE information: section name: .gehcont
Source: psuser.dll.10.drStatic PE information: section name: .orpc
Source: psuser_64.dll.10.drStatic PE information: section name: .orpc
Source: psuser_64.dll.10.drStatic PE information: section name: _RDATA
Source: psuser_64.dll.10.drStatic PE information: section name: .gxfg
Source: psuser_64.dll.10.drStatic PE information: section name: .gehcont
Source: GoogleCrashHandler64.exe.10.drStatic PE information: section name: _RDATA
Source: GoogleCrashHandler64.exe.10.drStatic PE information: section name: .gxfg
Source: GoogleCrashHandler64.exe.10.drStatic PE information: section name: .gehcont
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EDC16C push eax; ret 8_2_00EDC18A
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EDCBA6 push ecx; ret 8_2_00EDCBB9
Source: C:\Windows\SysWOW64\JqnWzkidP.exeCode function: 9_2_00480A03 push ecx; ret 9_2_00480A13
Source: C:\Windows\SysWOW64\JqnWzkidP.exeCode function: 9_2_0047D2E0 push eax; ret 9_2_0047D2F4
Source: C:\Windows\SysWOW64\JqnWzkidP.exeCode function: 9_2_0047D2E0 push eax; ret 9_2_0047D31C
Source: C:\Windows\SysWOW64\JqnWzkidP.exeCode function: 9_2_0047EB90 push eax; ret 9_2_0047EBAE
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000B59A6 push ecx; ret 10_2_000B59B9
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000C6CF3 push ecx; ret 10_2_000C6D06
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 11_2_00480A03 push ecx; ret 11_2_00480A13
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 11_2_0047D2E0 push eax; ret 11_2_0047D2F4
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 11_2_0047D2E0 push eax; ret 11_2_0047D31C
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 11_2_0047EB90 push eax; ret 11_2_0047EBAE
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 12_2_00480A03 push ecx; ret 12_2_00480A13
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 12_2_0047D2E0 push eax; ret 12_2_0047D2F4
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 12_2_0047D2E0 push eax; ret 12_2_0047D31C
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 12_2_0047EB90 push eax; ret 12_2_0047EBAE
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 18_2_00480A03 push ecx; ret 18_2_00480A13
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 18_2_0047D2E0 push eax; ret 18_2_0047D2F4
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 18_2_0047D2E0 push eax; ret 18_2_0047D31C
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 18_2_0047EB90 push eax; ret 18_2_0047EBAE
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 18_2_02A31150 push eax; ret 18_2_02A3117E
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_00674543 push ecx; ret 21_2_00674556
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_00667A56 push ecx; ret 21_2_00667A69
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD6CD0D push ecx; ret 21_2_6CD6CD20

Persistence and Installation Behavior

barindex
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Windows\SysWOW64\ChromeSetup.exeExecutable created and started: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeExecutable created and started: C:\Windows\SysWOW64\JqnWzkidP.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeExecutable created and started: C:\Windows\SysWOW64\ChromeSetup.exeJump to behavior
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ms.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdate.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_hr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleCrashHandler.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_hi.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\GoogleUpdate.exeJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_iw.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_et.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdateOnDemand.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Windows\SysWOW64\JqnWzkidP.exeFile created: C:\Program Files (x86)\JqnWzkidP.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B4A.tmpJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdateBroker.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleCrashHandler.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\b296340bfc4846c8bd837c2ed4894dba$dpx$.tmp\0666f5d344fd1c42b6b2c9a19460ba1e.tmpJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_fil.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\psuser_64.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_uk.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_it.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ta.dllJump to dropped file
Source: C:\Windows\SysWOW64\expand.exeFile created: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exe (copy)Jump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_da.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\psuser.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleCrashHandler64.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\psmachine.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sw.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ja.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_no.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ur.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ko.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeFile created: C:\Windows\SysWOW64\JqnWzkidP.exeJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sl.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_fi.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_gu.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_fr.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\psmachine_64.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleCrashHandler64.exeJump to dropped file
Source: C:\Windows\SysWOW64\JqnWzkidP.exeFile created: C:\Users\user\AppData\Local\Temp\_@279F.tmp (copy)Jump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_en-GB.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdate.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_pl.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ml.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdateCore.exeJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_de.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_th.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ru.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\psmachine.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_fa.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateCore.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI11C5.tmpJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_bg.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_mr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\psmachine_64.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_lt.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_el.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_id.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_es.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_lv.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_es-419.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateOnDemand.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_vi.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateSetup.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ro.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ca.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_nl.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_hu.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C16.tmpJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_is.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateBroker.exeJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_cs.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_am.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_te.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_es.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\psuser.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sk.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sv.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeFile created: C:\Windows\SysWOW64\ChromeSetup.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_bn.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_kn.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdate.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\psuser_64.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeFile created: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_en.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Windows\SysWOW64\JqnWzkidP.exeFile created: C:\Program Files (x86)\JqnWzkidP.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleCrashHandler.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateCore.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI11C5.tmpJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\psmachine_64.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2B4A.tmpJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateOnDemand.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateSetup.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\psuser_64.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C16.tmpJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\psuser.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\psmachine.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateBroker.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_es.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeFile created: C:\Windows\SysWOW64\JqnWzkidP.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeFile created: C:\Windows\SysWOW64\ChromeSetup.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleCrashHandler64.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdate.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeFile created: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sr.dllJump to dropped file
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:28, Info DPX Extraction of file: amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_10.0.22621.4455_none_68154e4f20be6bbb\r\bcdedit.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:28, Info DPX Extraction of file: amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_10.0.22621.4455_none_68154e4f20be6bbb\n\bcdedit.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:28, Info DPX Extraction of file: amd64_microsoft-windows-b..iondata-cmdlinetool_31bf3856ad364e35_10.0.22621.4455_none_68154e4f20be6bbb\bcdedit.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC056EC GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,GetPrivateProfileIntW,21_2_6CC056EC

Boot Survival

barindex
Creates an undocumented autostart registry key
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe DisableExceptionChainValidationJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe DisableExceptionChainValidationJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe DisableExceptionChainValidationJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD24354 OpenSCManagerW,OpenServiceW,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,21_2_6CD24354
Source: C:\Windows\SysWOW64\msiexec.exeKey value created or modified: HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\TIP\AggregateResults dataJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\." /SETINTEGRITYLEVEL (CI)(OI)HIGH
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Found evasive API chain checking for user administrative privileges
Source: C:\Windows\SysWOW64\ChromeSetup.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_10-12085
Uses ping.exe to sleep
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 127.0.0.1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 127.0.0.1Jump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_hu.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ms.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ta.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_is.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_hr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sl.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleCrashHandler.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sw.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_am.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_hi.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_iw.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ru.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_et.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdateOnDemand.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_de.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_en.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2B4A.tmpJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdateBroker.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fa.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ko.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleCrashHandler.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_th.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_gu.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_fil.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\psuser_64.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_bg.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fi.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_pl.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_no.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_uk.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ta.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_it.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_da.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ms.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleCrashHandler64.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\psuser.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\psmachine.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_hr.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sw.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ja.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ur.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_no.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ko.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_da.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sl.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_fi.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ja.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_gu.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\psmachine_64.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_fr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_iw.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleCrashHandler64.exeJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_en-GB.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_et.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdate.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_pl.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateComRegisterShell64.exeJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ml.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sv.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdateCore.exeJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_de.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_fil.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_th.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ml.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_cs.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_zh-TW.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ru.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\psmachine.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_fa.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateCore.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI11C5.tmpJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_bg.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_mr.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\psmachine_64.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sk.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_it.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ur.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_lt.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_kn.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_el.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_hi.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_en-GB.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_bn.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_tr.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_id.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_pt-BR.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_es.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_lv.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_es-419.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_uk.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateOnDemand.exeJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ca.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_vi.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ar.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_es-419.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_mr.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ro.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_lt.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_nl.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ca.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_el.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_te.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_zh-CN.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_hu.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2C16.tmpJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_id.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_is.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdateBroker.exeJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_cs.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_am.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_te.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\psuser.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_es.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sk.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sv.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ar.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_vi.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_lv.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_nl.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_pt-PT.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_bn.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_kn.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdate.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\psuser_64.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_ro.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_en.dllJump to dropped file
Source: C:\Windows\SysWOW64\ChromeSetup.exeDropped PE file which has not been started: C:\Windows\SystemTemp\GUM25EA.tmp\goopdateres_sr.dllJump to dropped file
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
Source: C:\Program Files (x86)\JqnWzkidP.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\expand.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\SysWOW64\expand.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EC9C91 FindFirstFileW,FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,8_2_00EC9C91
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ED994E SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,8_2_00ED994E
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EE7561 FindFirstFileExA,8_2_00EE7561
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000BCBAB FindFirstFileExW,10_2_000BCBAB
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_0066DB25 FindFirstFileExW,21_2_0066DB25
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC08E05 FindFirstFileW,GetLastError,DeleteFileW,FindNextFileW,GetLastError,FindClose,21_2_6CC08E05
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC08F4C GetFileAttributesW,GetLastError,FindFirstFileW,GetLastError,FindNextFileW,FindClose,RemoveDirectoryW,21_2_6CC08F4C
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD25DC3 FindFirstFileW,GetLastError,PathStripPathW,PathStripPathW,PathStripPathW,FindFirstFileW,FindFirstFileW,FindClose,FindClose,FindNextFileW,GetLastError,FindClose,21_2_6CD25DC3
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC08CCE FindFirstFileW,FindNextFileW,GetLastError,FindClose,21_2_6CC08CCE
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC0ED32 FindFirstFileW,FindNextFileW,FindClose,21_2_6CC0ED32
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC0A9FF FindFirstFileW,FindNextFileW,FindClose,21_2_6CC0A9FF
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC14811 GetLogicalDriveStringsW,QueryDosDeviceW,21_2_6CC14811
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EDBCBF VirtualQuery,GetSystemInfo,8_2_00EDBCBF
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.22621.4455_none_e09fe6b467540ca5\n\vfpapi.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_18cbfe945e56ba0e\f\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_18cbfe945e56ba0e\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: GoogleUpdate.exe, 00000015.00000002.14102839987.000000000139E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWw
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.22621.4391_none_534a8b69d7eef238\n\vmbkmcl.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\r\Hyper-V.xsd failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.22621.4391_none_b25762bf3596fd70\n\vmbkmclr.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_d2e13bfa98c532ce\n\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:09, Info DPX Extraction of file: amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22621.4455_none_103ba4eae1181327\hvix64.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.22621.1_none_d147bdc6ff231ca1\r\WindowsVirtualization.V2.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.22621.4455_none_e09fe6b467540ca5\vfpctrl.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: GoogleUpdate.exe, 00000015.00000002.14104412762.0000000005110000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWf
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_c88c91a8646470d3\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: GoogleUpdate.exe, 00000015.00000002.14102839987.0000000001364000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:09, Info DPX Extraction of file: amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22621.4455_none_103ba4eae1181327\kdhvcom.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_d2e13bfa98c532ce\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.22621.4391_none_168f855dda736413\vmms.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.22621.4455_none_e09fe6b467540ca5\n\vfpctrl.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.22621.2506_none_cc9639774c54517a\r\WindowsHyperVCluster.V2.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.22621.4391_none_168f855dda736413\n\vmms.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_0e77544229f5f813\n\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_18cbfe945e56ba0e\n\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.22621.1_none_d147bdc6ff231ca1\WindowsVirtualization.V2.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\Hyper-V.xsd failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_d2e13bfa98c532ce\f\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.22621.4391_none_5ec0e79fbe36f3f1\n\vhdparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_0e77544229f5f813\r\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:02, Info DPX Extraction of file: amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.22621.1_en-us_7eb9b31b8d867279\n\SnapInAbout.dll.mui failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.22621.4455_none_64521d55d6df1d8c\r\vmswitch.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.22621.1_none_d147bdc6ff231ca1\n\WindowsVirtualizationUninstall.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.22621.2506_none_cc9639774c54517a\n\WindowsHyperVCluster.V2.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_c88c91a8646470d3\r\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:09, Info DPX Extraction of file: amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22621.4455_none_103ba4eae1181327\r\hvix64.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.22621.3527_none_719fb393b6872719\RemoteFileBrowse.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-eventscustomview_31bf3856ad364e35_10.0.22621.1_none_5614c25870ccb89c\n\Virtualization.Events.xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_c88c91a8646470d3\r\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.22621.3672_none_d521f62dd21bbe3b\r\vsconfig.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.22621.4455_none_64521d55d6df1d8c\r\VmsProxy.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_d2e13bfa98c532ce\r\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_d2e13bfa98c532ce\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.22621.1_none_8384728211c2baeb\f\passthruparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.22621.1_none_d147bdc6ff231ca1\n\WindowsVirtualization.V2.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:09, Info DPX Extraction of file: amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22621.4455_none_103ba4eae1181327\n\kdhvcom.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.22621.1_none_eb10290ace0b242d\n\pvhdparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_c88c91a8646470d3\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_d2e13bfa98c532ce\r\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.22621.3672_none_bb325c1302fe0011\r\VmEmulatedStorage.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.22621.1_none_d147bdc6ff231ca1\f\WindowsVirtualizationUninstall.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:09, Info DPX Extraction of file: amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22621.4455_none_103ba4eae1181327\r\hvax64.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.22621.4391_none_5ec0e79fbe36f3f1\r\vhdparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:09, Info DPX Extraction of file: amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22621.4455_none_103ba4eae1181327\n\hvix64.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-eventscustomview_31bf3856ad364e35_10.0.22621.1_none_5614c25870ccb89c\Virtualization.Events.xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:09, Info DPX Extraction of file: amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22621.4455_none_103ba4eae1181327\r\hvloader.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\f\Hyper-V.ps1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.22621.4455_none_64521d55d6df1d8c\n\VmsProxyHNic.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.22621.4455_none_64521d55d6df1d8c\VmsProxyHNic.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.22621.1_none_ef4dbfa79948d66c\r\SnapInAbout.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_c88c91a8646470d3\f\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.22621.3527_none_719fb393b6872719\r\RemoteFileBrowse.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_d2e13bfa98c532ce\r\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.22621.4391_none_d1c3c3ae425a13af\n\ramparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.22621.4455_none_64521d55d6df1d8c\vmswitch.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_18cbfe945e56ba0e\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_c88c91a8646470d3\f\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:09, Info DPX Extraction of file: amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22621.4455_none_103ba4eae1181327\r\kdhvcom.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_c88c91a8646470d3\n\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.22621.1_none_d147bdc6ff231ca1\r\WindowsVirtualizationUninstall.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:02, Info DPX Extraction of file: amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.22621.1_en-us_7eb9b31b8d867279\SnapInAbout.dll.mui failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.22621.1_none_fc5ace2c6927b976\Hyper-VReplicaMetadata_v1.xsd failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.22621.1_none_eb10290ace0b242d\r\pvhdparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_c88c91a8646470d3\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-eventscustomview_31bf3856ad364e35_10.0.22621.1_none_5614c25870ccb89c\f\Virtualization.Events.xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-vmms_31bf3856ad364e35_10.0.22621.4391_none_168f855dda736413\r\vmms.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_18cbfe945e56ba0e\f\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_c88c91a8646470d3\f\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.22621.4455_none_64521d55d6df1d8c\r\nvspinfo.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.22621.3672_none_d521f62dd21bbe3b\vsconfig.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\Hyper-V.ps1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.22621.4249_none_d28a5684fb537c15\r\virtmgmt.msc failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.22621.4391_none_534a8b69d7eef238\vmbkmcl.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.22621.4391_none_d1c3c3ae425a13af\r\ramparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.22621.4391_none_153a0c03db4f56c8\n\vmwp.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_0e77544229f5f813\n\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.22621.4455_none_64521d55d6df1d8c\r\VmsProxyHNic.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.22621.2506_none_cc9639774c54517a\r\WindowsHyperVClusterUninstall.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\r\Hyper-V.ps1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_0e77544229f5f813\n\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:02, Info DPX Extraction of file: amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.22621.1_en-us_7eb9b31b8d867279\r\SnapInAbout.dll.mui failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\f\Hyper-V.xsd failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_d2e13bfa98c532ce\f\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_0e77544229f5f813\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:09, Info DPX Extraction of file: amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22621.4455_none_103ba4eae1181327\n\hvloader.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\f\Hyper-V.sch failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.22621.2506_none_cc9639774c54517a\n\WindowsHyperVClusterUninstall.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.22621.1_none_d147bdc6ff231ca1\WindowsVirtualizationUninstall.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.22621.1_none_ef4dbfa79948d66c\SnapInAbout.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:09, Info DPX Extraction of file: amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22621.4455_none_103ba4eae1181327\hvax64.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-config_31bf3856ad364e35_10.0.22621.3672_none_d521f62dd21bbe3b\n\vsconfig.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_c88c91a8646470d3\n\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\Hyper-V.sch failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\n\Hyper-V.ps1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.22621.4455_none_e09fe6b467540ca5\r\vfpapi.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-m..t-remotefilebrowser_31bf3856ad364e35_10.0.22621.3527_none_719fb393b6872719\n\RemoteFileBrowse.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_18cbfe945e56ba0e\n\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_0e77544229f5f813\f\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.22621.4455_none_64521d55d6df1d8c\VmsProxy.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\f\Manifest.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.22621.4455_none_e09fe6b467540ca5\vfpapi.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_18cbfe945e56ba0e\f\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.22621.1_none_fc5ace2c6927b976\f\Hyper-VReplicaMetadata_v1.xsd failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-kmcl_31bf3856ad364e35_10.0.22621.4391_none_534a8b69d7eef238\r\vmbkmcl.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.22621.3672_none_bb325c1302fe0011\n\VmEmulatedStorage.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vhd-parser_31bf3856ad364e35_10.0.22621.4391_none_5ec0e79fbe36f3f1\vhdparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\Manifest.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.22621.4249_none_d28a5684fb537c15\r\Hyper-V Manager.lnk failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.22621.1_none_8384728211c2baeb\passthruparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.22621.4249_none_d28a5684fb537c15\Hyper-V Manager.lnk failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_c88c91a8646470d3\r\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.22621.1_none_fc5ace2c6927b976\n\Hyper-VReplicaMetadata_v1.xsd failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-v..ck-virtualizationv2_31bf3856ad364e35_10.0.22621.1_none_d147bdc6ff231ca1\f\WindowsVirtualization.V2.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.22621.1_none_ef4dbfa79948d66c\f\SnapInAbout.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.22621.4391_none_153a0c03db4f56c8\vmwp.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_18cbfe945e56ba0e\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-m..-client.snapinabout_31bf3856ad364e35_10.0.22621.1_none_ef4dbfa79948d66c\n\SnapInAbout.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.22621.4455_none_64521d55d6df1d8c\n\nvspinfo.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-v..failoverreplication_31bf3856ad364e35_10.0.22621.1_none_fc5ace2c6927b976\r\Hyper-VReplicaMetadata_v1.xsd failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\n\Hyper-V.xsd failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.22621.4455_none_e09fe6b467540ca5\r\vfpext.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_18cbfe945e56ba0e\n\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-vmwp_31bf3856ad364e35_10.0.22621.4391_none_153a0c03db4f56c8\r\vmwp.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.22621.4249_none_d28a5684fb537c15\n\virtmgmt.msc failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_d2e13bfa98c532ce\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.22621.1_none_eb10290ace0b242d\pvhdparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\n\Hyper-V.sch failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:09, Info DPX Extraction of file: amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22621.4455_none_103ba4eae1181327\n\hvax64.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.22621.1_none_8384728211c2baeb\r\passthruparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_0e77544229f5f813\r\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_d2e13bfa98c532ce\f\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_0e77544229f5f813\f\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.22621.4391_none_b25762bf3596fd70\vmbkmclr.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.22621.4455_none_64521d55d6df1d8c\n\vmswitch.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.22621.4249_none_d28a5684fb537c15\virtmgmt.msc failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\r\Hyper-V.sch failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\r\Manifest.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.22621.2506_none_cc9639774c54517a\WindowsHyperVCluster.V2.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.22621.4455_none_e09fe6b467540ca5\n\vfpext.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-ram-parser_31bf3856ad364e35_10.0.22621.4391_none_d1c3c3ae425a13af\ramparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_18cbfe945e56ba0e\r\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-kmclr_31bf3856ad364e35_10.0.22621.4391_none_b25762bf3596fd70\r\vmbkmclr.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: JqnWzkidP.exe, 00000012.00000002.13145120723.0000000000ED4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_0e77544229f5f813\f\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_18cbfe945e56ba0e\r\Hyper-V.Format.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:02, Info DPX Extraction of file: amd64_microsoft-hyper-v-m..apinabout.resources_31bf3856ad364e35_10.0.22621.1_en-us_7eb9b31b8d867279\f\SnapInAbout.dll.mui failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_0e77544229f5f813\r\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.22621.4455_none_64521d55d6df1d8c\n\VmsProxy.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-bpa_31bf3856ad364e35_10.0.22621.1_none_00f62e376f0345f0\n\Manifest.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:09, Info DPX Extraction of file: amd64_microsoft-hyper-v-drivers-hypervisor_31bf3856ad364e35_10.0.22621.4455_none_103ba4eae1181327\hvloader.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-hypervcluster_31bf3856ad364e35_10.0.22621.2506_none_cc9639774c54517a\WindowsHyperVClusterUninstall.mof failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_c88c91a8646470d3\n\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_18cbfe945e56ba0e\r\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_d2e13bfa98c532ce\n\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-vstack-emulatedstorage_31bf3856ad364e35_10.0.22621.3672_none_bb325c1302fe0011\VmEmulatedStorage.dll failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-passthru-parser_31bf3856ad364e35_10.0.22621.1_none_8384728211c2baeb\n\passthruparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.22621.4455_none_e09fe6b467540ca5\vfpext.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:03, Info DPX Extraction of file: wow64_microsoft.hyperv.powershell.misc_31bf3856ad364e35_10.0.22621.1_none_d2e13bfa98c532ce\n\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-eventscustomview_31bf3856ad364e35_10.0.22621.1_none_5614c25870ccb89c\r\Virtualization.Events.xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_0e77544229f5f813\Hyper-V.Types.ps1xml failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-d..s-vmswitch-netsetup_31bf3856ad364e35_10.0.22621.4455_none_64521d55d6df1d8c\nvspinfo.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-pvhd-parser_31bf3856ad364e35_10.0.22621.1_none_eb10290ace0b242d\f\pvhdparser.sys failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft.hyperv.powershell.cmdlets.misc_31bf3856ad364e35_10.0.22621.1_none_0e77544229f5f813\Hyper-V.psd1 failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-hyper-v-management-clients_31bf3856ad364e35_10.0.22621.4249_none_d28a5684fb537c15\n\Hyper-V Manager.lnk failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: setupact.log.6.drBinary or memory string: 2024-12-09 12:51:07, Info DPX Extraction of file: amd64_microsoft-windows-hyper-v-vfpext_31bf3856ad364e35_10.0.22621.4455_none_e09fe6b467540ca5\r\vfpctrl.exe failed because it is not present in the container (ZvBuB96Iz73yBM56FIY8znPhD908WdaOa8YAEm8NNpg=).
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeAPI call chain: ExitProcess graph end nodegraph_8-23417
Source: C:\Program Files (x86)\JqnWzkidP.exeAPI call chain: ExitProcess graph end node
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EE533D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00EE533D
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC0660A CreateFileW,GetFileAttributesExW,OutputDebugStringW,CloseHandle,GetLastError,WriteFile,21_2_6CC0660A
Source: C:\Windows\SysWOW64\JqnWzkidP.exeCode function: 9_2_00489379 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,9_2_00489379
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EE4299 mov eax, dword ptr fs:[00000030h]8_2_00EE4299
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000B900A mov ecx, dword ptr fs:[00000030h]10_2_000B900A
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000BDE65 mov eax, dword ptr fs:[00000030h]10_2_000BDE65
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_0066D8C7 mov eax, dword ptr fs:[00000030h]21_2_0066D8C7
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_0066C11B mov ecx, dword ptr fs:[00000030h]21_2_0066C11B
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD54DF4 mov ecx, dword ptr fs:[00000030h]21_2_6CD54DF4
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD6CB51 mov esi, dword ptr fs:[00000030h]21_2_6CD6CB51
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD5F4B3 mov eax, dword ptr fs:[00000030h]21_2_6CD5F4B3
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EE822F GetProcessHeap,8_2_00EE822F
Source: C:\Program Files (x86)\JqnWzkidP.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EDD0B7 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,8_2_00EDD0B7
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EE533D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00EE533D
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EDCD6C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,8_2_00EDCD6C
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EDCEFE SetUnhandledExceptionFilter,8_2_00EDCEFE
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000B58B2 SetUnhandledExceptionFilter,10_2_000B58B2
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000B5B6F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_000B5B6F
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000BC4FA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_000BC4FA
Source: C:\Windows\SysWOW64\ChromeSetup.exeCode function: 10_2_000B571F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_000B571F
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_00667825 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_00667825
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_0066755D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_0066755D
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_006679BB SetUnhandledExceptionFilter,21_2_006679BB
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_0066BA61 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_0066BA61
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD31912 CloseHandle,InitializeCriticalSection,CreateSemaphoreW,CreateSemaphoreW,CreateSemaphoreW,CreateThread,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,InitializeCriticalSection,EnterCriticalSection,SetUnhandledExceptionFilter,__set_purecall_handler,LeaveCriticalSection,21_2_6CD31912
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD31BB8 FreeLibrary,FreeLibrary,FreeLibrary,EnterCriticalSection,SetUnhandledExceptionFilter,__set_purecall_handler,_Deallocate,LeaveCriticalSection,DeleteCriticalSection,ReleaseSemaphore,WaitForSingleObject,CloseHandle,CloseHandle,DeleteCriticalSection,CloseHandle,CloseHandle,DeleteCriticalSection,21_2_6CD31BB8
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD4C8F9 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_6CD4C8F9
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD46506 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,21_2_6CD46506
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD4613C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,21_2_6CD4613C
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD31DDB EnterCriticalSection,SetUnhandledExceptionFilter,__set_purecall_handler,21_2_6CD31DDB
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CD31E48 SetUnhandledExceptionFilter,__set_purecall_handler,LeaveCriticalSection,21_2_6CD31E48
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC096ED SetForegroundWindow,ShellExecuteExW,AllowSetForegroundWindow,GetLastError,SetLastError,GetLastError,DestroyWindow,SetLastError,21_2_6CC096ED
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\." /SETINTEGRITYLEVEL (CI)(OI)HIGHJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\expand.exe "C:\Windows\system32\EXPAND.EXE" -R files.cab -F:* filesJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exe "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exe" Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\icacls.exe "C:\Windows\system32\ICACLS.EXE" "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\." /SETINTEGRITYLEVEL (CI)(OI)LOWJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c rd /s /q "C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeProcess created: C:\Windows\SysWOW64\JqnWzkidP.exe "C:\Windows\SysWOW64\JqnWzkidP.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeProcess created: C:\Windows\SysWOW64\ChromeSetup.exe "C:\Windows\SysWOW64\ChromeSetup.exe" Jump to behavior
Source: C:\Windows\SysWOW64\JqnWzkidP.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\SysWOW64\cmd.exe" cmd/c ping -n 2 127.0.0.1 > nul && del C:\Users\user\AppData\Local\Temp\_@279F.tmp > nulJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 2 127.0.0.1Jump to behavior
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 6472 -ip 6472
Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 916
Source: C:\Windows\SysWOW64\ChromeSetup.exeProcess created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exe c:\windows\systemtemp\gum25ea.tmp\googleupdate.exe /installsource taggedmi /install "appguid={8a69d345-d564-463c-aff1-a69d9e530f96}&iid={93d19599-0626-757c-805d-bbbe09121b4f}&lang=zh-cn&browser=4&usagestats=1&appname=google%20chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"
Source: C:\Windows\SysWOW64\ChromeSetup.exeProcess created: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exe c:\windows\systemtemp\gum25ea.tmp\googleupdate.exe /installsource taggedmi /install "appguid={8a69d345-d564-463c-aff1-a69d9e530f96}&iid={93d19599-0626-757c-805d-bbbe09121b4f}&lang=zh-cn&browser=4&usagestats=1&appname=google%20chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&installdataindex=empty"Jump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC07C0F GetSecurityDescriptorDacl,SetSecurityDescriptorDacl,21_2_6CC07C0F
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: 21_2_6CC13B87 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,21_2_6CC13B87
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ECE961 cpuid 8_2_00ECE961
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: GetLocaleInfoW,GetNumberFormatW,8_2_00ED8830
Source: C:\Windows\SysWOW64\JqnWzkidP.exeCode function: GetLocaleInfoA,9_2_0048AA1E
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: GetLocaleInfoA,11_2_0048AA1E
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: GetLocaleInfoA,12_2_0048AA1E
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: GetLocaleInfoA,18_2_0048AA1E
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: GetLocaleInfoW,21_2_6CD5EC7A
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,21_2_6CD664CB
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: EnumSystemLocalesW,21_2_6CD5E6FD
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: GetLocaleInfoW,21_2_6CD661CD
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,21_2_6CD662F6
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: GetLocaleInfoW,21_2_6CD663FC
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: GetLocaleInfoW,21_2_6CD65D62
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: EnumSystemLocalesW,21_2_6CD65EEF
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: EnumSystemLocalesW,21_2_6CD65E54
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: EnumSystemLocalesW,21_2_6CD65E09
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,21_2_6CD65F7A
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,21_2_6CD65B67
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00EDB52F OleInitialize,GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,LoadBitmapW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,DeleteObject,CloseHandle,CoUninitialize,8_2_00EDB52F
Source: C:\Users\user\AppData\Local\Temp\MW-7ca7cc47-fabe-4c83-9b2e-0ae75262b965\files\1111111111111.exeCode function: 8_2_00ECA2FA GetVersionExW,8_2_00ECA2FA
Source: C:\Windows\SysWOW64\expand.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe DisableExceptionChainValidationJump to behavior
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 18_2_02A32BE0 WSASocketW,CreateIoCompletionPort,GetLastError,bind,WSAGetLastError,gethostbyname,memcpy,inet_ntoa,inet_addr,htons,ioctlsocket,connect,select,setsockopt,shutdown,closesocket,gethostbyname,memcpy,inet_ntoa,inet_addr,htons,ioctlsocket,connect,select,setsockopt,shutdown,closesocket,setsockopt,setsockopt,setsockopt,WSAIoctl,setsockopt,shutdown,closesocket,setsockopt,shutdown,closesocket,??2@YAPAXI@Z,memset,PostQueuedCompletionStatus,18_2_02A32BE0
Source: C:\Program Files (x86)\JqnWzkidP.exeCode function: 18_2_02A31C60 WSASocketW,??2@YAPAXI@Z,LocalAlloc,LocalAlloc,inet_addr,htons,bind,listen,CreateIoCompletionPort,18_2_02A31C60

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		2
Windows Management Instrumentation		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomains1
Replication Through Removable Media		13
Native API		1
Image File Execution Options Injection		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol2
Clipboard Data		2
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts13
Command and Scripting Interpreter		1
Valid Accounts		1
Image File Execution Options Injection		2
Obfuscated Files or Information		Security Account Manager11
Peripheral Device Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts1
Scheduled Task/Job		14
Windows Service		1
Valid Accounts		1
Software Packing		NTDS4
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud Accounts12
Service Execution		1
Scheduled Task/Job		11
Access Token Manipulation		1
DLL Side-Loading		LSA Secrets56
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Registry Run Keys / Startup Folder		14
Windows Service		1
File Deletion		Cached Domain Credentials51
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd Timers1
Bootkit		11
Process Injection		131
Masquerading		DCSync2
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration Job1
Services File Permissions Weakness		1
Scheduled Task/Job		1
Valid Accounts		Proc Filesystem2
Process Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAt1
Registry Run Keys / Startup Folder		1
Modify Registry		/etc/passwd and /etc/shadow1
Remote System Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCron1
Services File Permissions Weakness		2
Virtualization/Sandbox Evasion		Network Sniffing1
System Network Configuration Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd11
Access Token Manipulation		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task11
Process Injection		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
Bootkit		GUI Input CapturePermission Groups DiscoveryReplication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service
Business RelationshipsServerTrusted RelationshipVisual BasicContainer Orchestration JobContainer Orchestration Job1
Services File Permissions Weakness		Web Portal CaptureLocal GroupsComponent Object Model and Distributed COMLocal Email CollectionInternal ProxyCommonly Used PortDirect Network Flood

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1594317 Sample: kuailian111.msi Startdate: 18/01/2025 Architecture: WINDOWS Score: 72 103 Multi AV Scanner detection for submitted file 2->103 105 AI detected suspicious sample 2->105 10 msiexec.exe 12 30 2->10         started        13 JqnWzkidP.exe 2->13         started        15 svchost.exe 2->15         started        17 msiexec.exe 7 2->17         started        process3 file4 85 C:\Windows\Installer\MSI2C16.tmp, PE32 10->85 dropped 87 C:\Windows\Installer\MSI2B4A.tmp, PE32 10->87 dropped 89 C:\Windows\Installer\MSI11C5.tmp, PE32 10->89 dropped 19 msiexec.exe 5 10->19         started        21 JqnWzkidP.exe 13->21         started        24 WerFault.exe 15->24         started        process5 dnsIp6 26 1111111111111.exe 6 19->26         started        30 expand.exe 4 19->30         started        32 icacls.exe 1 19->32         started        36 3 other processes 19->36 99 38.181.21.34, 2022, 49787 COGENT-174US United States 21->99 34 WerFault.exe 21->34         started        process7 file8 91 C:\Windows\SysWOW64\JqnWzkidP.exe, PE32 26->91 dropped 93 C:\Windows\SysWOW64\ChromeSetup.exe, PE32 26->93 dropped 117 Drops executables to the windows directory (C:\Windows) and starts them 26->117 38 ChromeSetup.exe 73 26->38         started        42 JqnWzkidP.exe 3 26->42         started        95 C:\Users\user\...\1111111111111.exe (copy), PE32 30->95 dropped 97 C:\...\0666f5d344fd1c42b6b2c9a19460ba1e.tmp, PE32 30->97 dropped 44 conhost.exe 30->44         started        46 conhost.exe 32->46         started        48 conhost.exe 36->48         started        50 conhost.exe 36->50         started        signatures9 process10 file11 73 C:\Windows\SystemTemp\...behaviorgraphoogleUpdate.exe, PE32 38->73 dropped 75 C:\Windows\SystemTemp\...\psuser_64.dll, PE32+ 38->75 dropped 77 C:\Windows\SystemTemp\...\psuser.dll, PE32 38->77 dropped 83 65 other files (none is malicious) 38->83 dropped 113 Drops executables to the windows directory (C:\Windows) and starts them 38->113 115 Found evasive API chain checking for user administrative privileges 38->115 52 GoogleUpdate.exe 20 72 38->52         started        79 C:\Users\user\AppData\...\_@279F.tmp (copy), PE32 42->79 dropped 81 C:\Program Files (x86)\JqnWzkidP.exe, PE32 42->81 dropped 56 cmd.exe 1 42->56         started        58 JqnWzkidP.exe 42->58         started        signatures12 process13 file14 65 C:\Program Files (x86)\...behaviorgraphoogleUpdate.exe, PE32 52->65 dropped 67 C:\Program Files (x86)\...\psuser_64.dll, PE32+ 52->67 dropped 69 C:\Program Files (x86)behaviorgraphoogle\...\psuser.dll, PE32 52->69 dropped 71 65 other files (none is malicious) 52->71 dropped 107 Creates an undocumented autostart registry key 52->107 109 Uses ping.exe to sleep 56->109 111 Uses ping.exe to check the status of other devices and networks 56->111 60 PING.EXE 1 56->60         started        63 conhost.exe 56->63         started        signatures15 process16 dnsIp17 101 127.0.0.1 unknown unknown 60->101

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
kuailian111.msi20%VirustotalBrowse
kuailian111.msi18%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleCrashHandler.exe0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleCrashHandler64.exe0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdate.exe0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdateBroker.exe0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdateComRegisterShell64.exe0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdateCore.exe0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdateOnDemand.exe0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdate.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_am.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ar.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_bg.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_bn.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ca.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_cs.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_da.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_de.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_el.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_en-GB.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_en.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_es-419.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_es.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_et.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_fa.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_fi.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_fil.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_fr.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_gu.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_hi.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_hr.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_hu.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_id.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_is.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_it.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_iw.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ja.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_kn.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ko.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_lt.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_lv.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ml.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_mr.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ms.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_nl.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_no.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_pl.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_pt-BR.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_pt-PT.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ro.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ru.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sk.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sl.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sr.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sv.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_sw.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ta.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_te.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_th.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_tr.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_uk.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_ur.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_vi.dll0%ReversingLabs
C:\Program Files (x86)\Google\Update\1.3.36.342\goopdateres_zh-CN.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://crl3.dig0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://www.google.com/support/installer/?GoogleUpdate.exefalse
    		high
    https://csp.withgoogle.com/csp/clientupdate-aus/1GoogleUpdate.exe, 00000015.00000002.14102839987.0000000001336000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://m.google.com/devicemanagement/data/apiGoogleUpdate.exefalse
        		high
        https://csp.withgoogle.com/csp/clientupdate-aus/1Persistent-AuthWWW-AuthenticateAccept-EncodingVarySGoogleUpdate.exe, 00000015.00000002.14102839987.0000000001336000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://dl.google.com/update2/installers/icons/https://m.google.com/devicemanagement/data/apihttps:/ChromeSetup.exe, 0000000A.00000003.12923172564.000000000248F000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12939764591.0000000002CA3000.00000004.00000020.00020000.00000000.sdmp, ChromeSetup.exe, 0000000A.00000003.12933855548.0000000002486000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000002.14104737593.000000006CD75000.00000002.00000001.01000000.0000000E.sdmpfalse
            		high
            http://crl3.digGoogleUpdate.exe, 00000015.00000003.12966594280.0000000001389000.00000004.00000020.00020000.00000000.sdmp, GoogleUpdate.exe, 00000015.00000003.12966659701.000000000138A000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            38.181.21.34
            		unknownUnited States
            		174COGENT-174USfalse

            Private

            IP
            127.0.0.1

            General Information

            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1594317
            Start date and time:2025-01-18 19:55:24 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 10m 26s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsofficecookbook.jbs
            Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
            Run name:Potential for more IOCs and behavior
            Number of analysed new started processes analysed:42
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:kuailian111.msi
            Detection:MAL
            Classification:mal72.troj.evad.winMSI@45/176@0/2
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 73%
            • Number of executed functions: 252
            • Number of non-executed functions: 217
            Cookbook Comments:
            • Found application associated with file extension: .msi
            • Close Viewer

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe
            • Excluded IPs from analysis (whitelisted): 172.202.163.200, 142.250.185.195, 104.208.16.94
            • Excluded domains from analysis (whitelisted): x1.c.lencr.org, watson.events.data.microsoft.com, slscr.update.microsoft.com, blobcollectorcommon.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, c.pki.goog, glb.sls.prod.dcat.dsp.trafficmanager.net, onedsblobprdcus16.centralus.cloudapp.azure.com
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size exceeded maximum capacity and may have missing disassembly code.
            • Report size getting too big, too many NtCreateKey calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtProtectVirtualMemory calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtReadVirtualMemory calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            13:56:59API Interceptor1x Sleep call for process: WerFault.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            38.181.21.34JqnWzkidP.exeGet hashmaliciousUnknownBrowse
              JqnWzkidP.exeGet hashmaliciousUnknownBrowse

                Domains

                No context

                ASNs

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                COGENT-174USJqnWzkidP.exeGet hashmaliciousUnknownBrowse
                • 38.181.21.34
                JqnWzkidP.exeGet hashmaliciousUnknownBrowse
                • 38.181.21.34
                armv5l.elfGet hashmaliciousMiraiBrowse
                • 38.86.7.21
                armv6l.elfGet hashmaliciousMiraiBrowse
                • 38.228.28.245
                arm.elfGet hashmaliciousMiraiBrowse
                • 154.38.218.191
                mips.elfGet hashmaliciousMiraiBrowse
                • 38.129.241.250
                Ordine tubi 20225170..exeGet hashmaliciousFormBookBrowse
                • 154.39.239.237
                Ordine tubi 20225170.exeGet hashmaliciousFormBookBrowse
                • 154.39.239.237
                6z9bbueYC8.exeGet hashmaliciousMicroClipBrowse
                • 38.6.198.152

                JA3 Fingerprints

                No context

                Dropped Files

                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdate.exeSecuriteInfo.com.Trojan.Siggen25.6242.19475.17162.dllGet hashmaliciousUnknownBrowse
                  SecuriteInfo.com.Trojan.Siggen25.6242.19475.17162.dllGet hashmaliciousUnknownBrowse

                    Created / dropped Files

                    C:\Config.Msi\550daf.rbs

                    Download File
                    Process:C:\Windows\System32\msiexec.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):779
                    Entropy (8bit):5.56992613352
                    Encrypted:false
                    SSDEEP:12:EgLFBO/4A2lWiYfj//nGU255uhzWotPtnLxqb/IzGDhComOX98Yk/yV9exWUlGP:JBlvINjz+5Y6yQYGDho+I/AAx+
                    MD5:F68D91227365E41BEB4A24B5AFFF13FC
                    SHA1:7976F25CFC5FF8190C8780A1F1A99FAA0C473DAF
                    SHA-256:6A99CF9EBF6C98904FF4FDAFD18E565D2563CE02B423C30745F6E9CBBF4567D2
                    SHA-512:EF7C40478EB1C1E6D370D6FF4D2EEB78631EA7C7AC93BC67FC845A74C08656376A9E0A4F5B6858A4819C1D856B76059A448D5A80E903720275EE41E156000D62
                    Malicious:false
                    Preview:...@IXOS.@.....@.o2Z.@.....@.....@.....@.....@.....@......&.{17AE145E-380C-439F-B394-3181AAC3A14B}..11111111..kuailian111.msi.@.....@.....@.....@......ProductIcon..&.{92A2CD5F-880E-456D-92BD-FEAEF4126E5C}.....@.....@.....@.....@.......@.....@.....@.......@......11111111......Rollback..Rolling back action: [1]....RollbackCleanup..Removing backup files File: [1]....ProcessComponents..Updating component registration..&.{EDE10F6C-30F4-42CA-B5C7-ADB905E45BFC}&.{17AE145E-380C-439F-B394-3181AAC3A14B}.@........WriteRegistryValues>.Writing system registry values Key: [1], Name: [2], Value: [3]$..@....*.SOFTWARE\EXEMSI.COM\MSI Wrapper\Installed\...@....(.&...LogonUser..user'.&...USERNAME..user'.&...Date..18/01/2025'.&...Time..13:56:38'.&...WRAPPED_ARGUMENTS...@.....@.....@....

                    C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleCrashHandler.exe

                    Download File
                    Process:C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):301856
                    Entropy (8bit):6.652605054362545
                    Encrypted:false
                    SSDEEP:6144:9hPLlZpRkTpB8HHvBjruphfgesnAhAOQp2jwckjQx+S8P:HlnRklinJruphfg26p2jwix+S8P
                    MD5:C281EA9D8B6E02E9992A39F2EDCEFDDF
                    SHA1:02BCDC22D0666A3D4F882E2746BA5902435E5B7F
                    SHA-256:A9FFFF9A0636E35C0B0661A05705D3C74A2613BE52093F892EFDC370F2FB4453
                    SHA-512:C10A06CB88BBBF8E12DE3F94ABCC605C91D2D0EAE4350709ED8BC0202C9BE7F981747FC9627C0F84670BECE1676D9860D08CECC13DD2C59B3A9EA0B1028BCD83
                    Malicious:false
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 0%
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........|../../../L...../L...8./+...../+...../+...../L...../L...../../4./..../.s/../..../Rich../........................PE..L...@.We.............................s............@.................................-*....@.................................<........P...2...........r.. ).......(......T...........................8...@............................................text............................... ..`.rdata...%.......&..................@..@.data...d(... ......................@....rsrc....2...P...4..................@..@.reloc...(.......*...H..............@..B................................................................................................................................................................................................................................................................................................

                    C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleCrashHandler64.exe

                    Download File
                    Process:C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exe
                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                    Category:dropped
                    Size (bytes):402208
                    Entropy (8bit):6.360121201810154
                    Encrypted:false
                    SSDEEP:12288:4nW3gaHC2zUM2WJoROZVXk8hbodzbGw8x0Cx+4:4Wx5k8hb0HGw+x7
                    MD5:C9B7AF8CEAB51D99A8747EF7C2721D00
                    SHA1:085BB3746C1AEF6CB0CAED0FAB002A1755919020
                    SHA-256:BBAF147AB2631632FA6B40E5C42A753FDF08E23AC1A468CE6D61411C4E75CDAE
                    SHA-512:25582203966BAEC4A6F05796A0B06738D0C9291F1D079167E3635A80E19194A01A55D0BD19E792973E36BF5F1A8E0CFA150E77CFBE75D79762914FBD9C9BC7C9
                    Malicious:false
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 0%
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........v.s.%.s.%.s.%...$ms.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%...$.s.%.s.%xr.%...$.s.%...%.s.%...$.s.%Rich.s.%................PE..d...U.We.........."..........R......L..........@.............................p......Y.....`..................................................M....... ...2.......,...... )...`..8.... ..T............................ ..................(............................text............................... ..`.rdata..............................@..@.data....6...p.......X..............@....pdata...,...........j..............@..@_RDATA..............................@..@.gxfg...0...........................@..@.gehcont............................@..@.rsrc....2... ...4..................@..@.reloc..8....`......................@..B........................................................................................................................

                    C:\Program Files (x86)\Google\Update\1.3.36.342\GoogleUpdate.exe

                    Download File
                    Process:C:\Windows\SystemTemp\GUM25EA.tmp\GoogleUpdate.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):162080
                    Entropy (8bit):5.986062377797822
                    Encrypted:false
                    SSDEEP:3072:LwzvOYct5YP/aKavT/DvbEvK9aobNI2B++l4v/SHwil6LJDWNBUdJoSdgSmJJpem:BtiP/aK2h9H/B+f
                    MD5:9D11650401D71CE469F70B4F93D0B6C5
                    SHA1:D562BC3FF94D4C9ED3B4EA495522A0C9A7B71934
                    SHA-256:75DB49D5FE15F8AFFEE5E3C08AE191DB0839D34B54526EA1D9339897F99B48A3
                    SHA-512:22AC788F038B2E633A45B13A8EE672614D33EF94DD89FFDD60545C67100E01DB250431F6126805A149DFD25210EBAC14C53ADD5C69DCFC975CC60E18BCA04881
                    Malicious:false
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 0%
                    Joe Sandbox View:
                    • Filename: SecuriteInfo.com.Trojan.Siggen25.6242.19475.17162.dll, Detection: malicious, Browse
                    • Filename: SecuriteInfo.com.Trojan.Siggen25.6242.19475.17162.dll, Detection: malicious, Browse
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........;...U..U..U.M.V..U.M.P...U.M.Q..U.*.Q..U.*.V..U.*.P..U.M.T..U..T...U..\