File name:	google-chrome.exe
Full analysis:	https://app.any.run/tasks/cdce3bde-2837-4b63-830d-f1e130210a2c
Verdict:	Malicious activity
Threats:	A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. Malware Trends Tracker >>>
Analysis date:	November 07, 2024, 21:55:01
OS:	Windows 10 Professional (build: 19045, 64 bit)
Tags:	loader
Indicators:
MIME:	application/vnd.microsoft.portable-executable
File info:	PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:	6062C73C1ACF3AF27098BABAAECDCEEC
SHA1:	E8A59CCB05083DDA4D4C40E2DBDBB1EFB3FFB379
SHA256:	CBD53CD58F34F937F83CDFC0929E502ABF4253AB470800D6E3DDA68023F7539B
SSDEEP:	24576:pEj5DrfzXdaxgAOZGspkqLCVHpZktAIn1brR7ZHFGjbhDZloN:piNXdaxgAOZDp/Avkz1brR1HF69HA

.exe	\|	Win32 Executable (generic) (52.9)
.exe	\|	Generic Win/DOS Executable (23.5)
.exe	\|	DOS Executable Generic (23.5)

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2018:05:08 22:44:40+00:00
ImageFileCharacteristics:	Executable, 32-bit
PEType:	PE32
LinkerVersion:	14
CodeSize:	84480
InitializedDataSize:	1026048
UninitializedDataSize:	-
EntryPoint:	0x4e56
OSVersion:	5.1
ImageVersion:	-
SubsystemVersion:	5.1
Subsystem:	Windows GUI
FileVersionNumber:	1.3.33.17
ProductVersionNumber:	1.3.33.17
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Windows NT 32-bit
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	English (U.S.)
CharacterSet:	Unicode
CompanyName:	Google Inc.
FileDescription:	Google Update Setup
FileVersion:	1.3.33.17
InternalName:	Google Update Setup
LegalCopyright:	Copyright 2007-2010 Google Inc.
OriginalFileName:	GoogleUpdateSetup.exe
ProductName:	Google Update
ProductVersion:	1.3.33.17
LanguageId:	en


(PID) Process:	(6712) GoogleUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Google\Update
Operation:	delete value	Name:	uid
Value:
(PID) Process:	(6712) GoogleUpdate.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Google\Update
Operation:	delete value	Name:	old-uid
Value:
(PID) Process:	(1396) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:	delete value	Name:	usagestats
Value:
(PID) Process:	(1396) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:	delete value	Name:	UpdateAvailableCount
Value:
(PID) Process:	(1396) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:	delete value	Name:	UpdateAvailableSince
Value:
(PID) Process:	(1396) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
Operation:	write	Name:	iid
Value: {ADC5A877-2F2E-215F-6DAC-B2AB514017C7}
(PID) Process:	(1396) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\PersistedPings\{4C1E022C-DB6E-41F8-965C-617BDEC856D9}
Operation:	write	Name:	PersistedPingString
Value: <?xml version="1.0" encoding="UTF-8"?><request protocol="3.0" updater="Omaha" updaterversion="1.3.33.17" shell_version="1.3.36.51" ismachine="1" sessionid="{97BE4B41-69EB-4D08-855B-234FF3114546}" userid="{0BCB1C6D-6F44-4344-9A46-2F7E83EEF796}" installsource="taggedmi" requestid="{4C1E022C-DB6E-41F8-965C-617BDEC856D9}" dedup="cr" domainjoined="0"><hw physmemory="4" sse="1" sse2="1" sse3="1" ssse3="1" sse41="1" sse42="1" avx="1"/><os platform="win" version="10.0.19045.4046" sp="" arch="x64"/><app appid="{430FD4D0-B729-4F61-AA34-91526481799D}" version="1.3.36.372" nextversion="1.3.33.17" lang="en" brand="" client="" iid="{ADC5A877-2F2E-215F-6DAC-B2AB514017C7}"><event eventtype="2" eventresult="1" errorcode="0" extracode1="0" install_time_ms="374"/></app></request>
(PID) Process:	(1396) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\PersistedPings\{4C1E022C-DB6E-41F8-965C-617BDEC856D9}
Operation:	write	Name:	PersistedPingTime
Value: 133754901122066319
(PID) Process:	(2736) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\uid
Operation:	write	Name:	GPd4b5bu
Value:
(PID) Process:	(2736) GoogleUpdate.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\UsageStats\Daily\Counts
Operation:	write	Name:	opt_in_uid_generated
Value: 0100000000000000

PID	Process	Filename		Type
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\GoogleUpdate.exe		executable
		MD5:92EE791A630830452485E8E375F8DB35	SHA256:542294724926B0E156224B9EBD33E6354D79DA4C828FB52F7F4233DF45E3F624
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\psuser.dll		executable
		MD5:C2762290BB2ECE339D4C63F7A8A6ACC8	SHA256:68760944A6CEA1E479267F736C9F86DEE12939F854EDA406CCF80E43FC1594B7
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\GoogleUpdateHelper.msi		executable
		MD5:50EA7A4D9481B12A97070942F474D918	SHA256:E778FB14E723E5694B898F5016B9FF13F30B93098C5CBCF5F074CB949A131C28
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\GoogleCrashHandler.exe		executable
		MD5:6C718849D436A7CCEBED72538F8BD04B	SHA256:617DEF10FB5CD04434532E2803F07489A82494F76DC177E0CE7E8C70F66729C0
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\npGoogleUpdate3.dll		executable
		MD5:671E1E25F6F08809863BB9AED544E70E	SHA256:C3A1B9E661248AEC69B528CE967BE80E81B0FBEB42041F1FFB57B182FB59F5F3
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\GoogleUpdateWebPlugin.exe		executable
		MD5:063CA1017835923689C4957562EA2862	SHA256:45D3CB03ECE21C2F7A31F30395CD35CB3584FB30FE01B1B48065898ABB00CC5F
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\GoogleUpdateComRegisterShell64.exe		executable
		MD5:03B587BFAF6DD67B330CCB6FB99CA59A	SHA256:BB1C60E4F365C2A13DB9612DEE6D46CE9B6A6BD42A9A7E650BA3B2E911957419
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\psmachine.dll		executable
		MD5:CCA7A6B6C2BCE1E8AF12A95F69C4CC8F	SHA256:1536607010111956F1BB12DCE27802F9F254BCFE67DA58F528DE2D342EAF414E
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\goopdate.dll		executable
		MD5:463A426DA94FC2418A713CEEBB799E22	SHA256:EAF6EDE3CC4EFB047CEDAD32A9B3C2A138AD872991E3BEE4F66DD8FBE08133B2
608	google-chrome.exe	C:\Users\admin\AppData\Local\Temp\GUMC07A.tmp\goopdateres_ar.dll		executable
		MD5:9D85C8517DE4DB2380AA14593D8A899A	SHA256:B5E4B6BC7E821EC1C652557777E7F1A06156DA6C411752E1E66F47E8B6BFF3F5

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
5488	MoUsoCoreWorker.exe	GET	200	2.19.198.194:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
6944	svchost.exe	GET	200	2.19.198.194:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
3524	RUXIMICS.exe	GET	200	2.19.198.194:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
5488	MoUsoCoreWorker.exe	GET	200	23.218.209.163:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
6944	svchost.exe	GET	200	23.218.209.163:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
3524	RUXIMICS.exe	GET	200	23.218.209.163:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
1792	GoogleUpdate.exe	GET	200	34.104.35.123:80	http://edgedl.me.gvt1.com/edgedl/release2/chrome/acls6ht6xkxyme7kmypg2x2qa25a_130.0.6723.117/130.0.6723.117_chrome_installer.exe	unknown	—	—	whitelisted
—	—	GET	—	142.250.184.228:443	https://www.google.com/async/ddljson?async=ntp:2	unknown	—	—	unknown
—	—	OPTIONS	200	142.250.74.202:443	https://ogads-pa.googleapis.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/GetAsyncData	unknown	—	—	unknown
—	—	GET	200	142.250.181.238:443	https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0	unknown	—	—	unknown

PID	Process	IP	Domain	ASN	CN	Reputation
6944	svchost.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
5488	MoUsoCoreWorker.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
3524	RUXIMICS.exe	51.104.136.2:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
—	—	104.126.37.139:443	www.bing.com	Akamai International B.V.	DE	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
5488	MoUsoCoreWorker.exe	2.19.198.194:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
6944	svchost.exe	2.19.198.194:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
3524	RUXIMICS.exe	2.19.198.194:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted
4692	GoogleUpdate.exe	142.250.186.35:443	update.googleapis.com	GOOGLE	US	whitelisted

Domain	IP	Reputation
settings-win.data.microsoft.com	51.104.136.2 20.73.194.208	whitelisted
www.bing.com	104.126.37.139 104.126.37.137 104.126.37.160 104.126.37.155 104.126.37.153 104.126.37.171	whitelisted
google.com	142.250.186.174	whitelisted
crl.microsoft.com	2.19.198.194 23.32.238.34	whitelisted
update.googleapis.com	142.250.186.35	whitelisted
dl.google.com	142.250.186.78	whitelisted
www.microsoft.com	23.218.209.163	whitelisted
edgedl.me.gvt1.com	34.104.35.123	whitelisted
self.events.data.microsoft.com	52.182.143.215	whitelisted
www.google.com	142.250.185.100	whitelisted

PID	Process	Class	Message
1792	GoogleUpdate.exe	Misc activity	ET INFO EXE - Served Attached HTTP
1792	GoogleUpdate.exe	Potential Corporate Privacy Violation	ET POLICY PE EXE or DLL Windows file download HTTP

General Info

google-chrome.exe

6062C73C1ACF3AF27098BABAAECDCEEC

E8A59CCB05083DDA4D4C40E2DBDBB1EFB3FFB379

CBD53CD58F34F937F83CDFC0929E502ABF4253AB470800D6E3DDA68023F7539B

24576:pEj5DrfzXdaxgAOZGspkqLCVHpZktAIn1brR7ZHFGjbhDZloN:piNXdaxgAOZDp/Avkz1brR1HF69HA

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Reads security settings of Internet Explorer

Potential Corporate Privacy Violation

Executable content was dropped or overwritten

Process requests binary or script from the Internet

Application launched itself

INFO

Reads the computer name

Checks supported languages

Process checks computer location settings

Creates files in the program directory

Create files in a temporary directory

Executes as Windows Service

Application launched itself

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings