popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

1.exe

Emotet Generic Malware Malicious Library UPX Malicious Packer MSOffice File PE64 PE File DLL OS Processor Check PE32 CAB dll DllRegisterServer
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Nov. 3, 2023, 3:45 p.m. Nov. 3, 2023, 3:47 p.m.
Size 1.4MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 1819332f150048eed72a2d891390dad1
SHA256 bf6b7aa73550f381dc6f2b8cc3751cd0b76bdf8e6f7b6da1a94070efefc5004c
CRC32 E5DB2087
ssdeep 24576:Jw8KjKjGFygcc23L1/NVOmOSGb6E3ecS4fzrjxJh9UZXlpbPvC7xtYUrEmFlo+LT:PKjKWQc2b1FVgbjrjxPe1pbPSQm1FloS
PDB Path TEST_mi_exe_stub.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • OS_Processor_Check_Zero - OS Processor Check

Name Response Post-Analysis Lookup
www.google.com 142.250.76.132
clients2.googleusercontent.com
CNAME googlehosted.l.googleusercontent.com
A 142.250.207.65
142.250.206.225
edgedl.me.gvt1.com
A 34.104.35.123
34.104.35.123
accounts.google.com
A 142.250.199.77
142.250.206.205
r1---sn-3u-bh2ss.gvt1.com
A 211.114.64.12
CNAME r1.sn-3u-bh2ss.gvt1.com
211.114.64.12
clientservices.googleapis.com 142.251.42.195
www.gstatic.com 142.250.206.227
accounts.google.com 142.250.206.205
apis.google.com
A 216.58.203.78
CNAME plus.l.google.com
142.250.206.238
www.google.com
A 142.250.199.68
142.250.76.132
_googlecast._tcp.local
dns.google
A 8.8.8.8
A 8.8.4.4
8.8.4.4
dns.google 8.8.4.4
clientservices.googleapis.com
A 216.58.200.227
142.251.42.195
clients2.googleusercontent.com
CNAME googlehosted.l.googleusercontent.com
142.250.206.225
apis.google.com
CNAME plus.l.google.com
142.250.206.238
www.gstatic.com
A 142.250.204.131
142.250.206.227
r1---sn-3u-bh2ss.gvt1.com
CNAME r1.sn-3u-bh2ss.gvt1.com
211.114.64.12
IP Address Status Action
142.250.199.67 Active Moloch
142.250.199.68 Active Moloch
142.250.199.77 Active Moloch
142.250.204.110 Active Moloch
142.250.204.131 Active Moloch
142.250.206.225 Active Moloch
142.250.207.65 Active Moloch
142.250.66.99 Active Moloch
142.250.76.138 Active Moloch
142.250.76.142 Active Moloch
164.124.101.2 Active Moloch
172.217.161.202 Active Moloch
172.217.175.227 Active Moloch
172.217.25.174 Active Moloch
211.114.64.12 Active Moloch
216.58.200.227 Active Moloch
216.58.203.78 Active Moloch
34.104.35.123 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49247 -> 142.250.66.99:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49246 -> 142.250.66.99:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 34.104.35.123:80 -> 192.168.56.101:49253 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 34.104.35.123:80 -> 192.168.56.101:49253 2014520 ET INFO EXE - Served Attached HTTP Misc activity
TCP 192.168.56.101:49341 -> 142.250.66.99:443 906200022 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49347 -> 8.8.4.4:443 2047866 ET INFO Observed Google DNS over HTTPS Domain (dns .google in TLS SNI) Misc activity

Suricata TLS

Flow Issuer Subject Fingerprint
TLS 1.2
192.168.56.101:49247
142.250.66.99:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=upload.video.google.com fa:d7:68:e4:12:7d:fe:22:87:de:95:f1:1e:49:5a:49:fa:12:1e:b9
TLS 1.2
192.168.56.101:49246
142.250.66.99:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=upload.video.google.com fa:d7:68:e4:12:7d:fe:22:87:de:95:f1:1e:49:5a:49:fa:12:1e:b9
TLS 1.3
192.168.56.101:49331
142.250.204.110:443 		None None None
TLS 1.3
192.168.56.101:49329
142.250.199.68:443 		None None None
TLS 1.3
192.168.56.101:49332
142.250.199.67:443 		None None None
TLS 1.3
192.168.56.101:49333
142.250.199.77:443 		None None None
TLS 1.3
192.168.56.101:49334
211.114.64.12:443 		None None None
TLS 1.3
192.168.56.101:49335
142.250.199.68:443 		None None None
TLS 1.3
192.168.56.101:49338
142.250.204.131:443 		None None None
TLS 1.2
192.168.56.101:49341
142.250.66.99:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=upload.video.google.com fa:d7:68:e4:12:7d:fe:22:87:de:95:f1:1e:49:5a:49:fa:12:1e:b9
TLS 1.3
192.168.56.101:49343
216.58.203.78:443 		None None None
TLS 1.3
192.168.56.101:49344
142.250.207.65:443 		None None None
TLS 1.3
192.168.56.101:49350
142.250.76.142:443 		None None None
TLS 1.3
192.168.56.101:49351
172.217.25.174:443 		None None None
TLS 1.3
192.168.56.101:49346
8.8.8.8:443 		None None None
TLS 1.3
192.168.56.101:49347
8.8.4.4:443 		None None None
TLS 1.3
192.168.56.101:49349
142.250.76.138:443 		None None None
TLS 1.3
192.168.56.101:49330
216.58.200.227:443 		None None None
TLS 1.3
192.168.56.101:49345
8.8.4.4:443 		None None None
TLS 1.3
192.168.56.101:49352
172.217.161.202:443 		None None None
TLS 1.3
192.168.56.101:49353
172.217.175.227:443 		None None None
UNDETERMINED
192.168.56.101:49339
142.250.204.131:443 		None None None
UNDETERMINED
192.168.56.101:49340
142.250.204.131:443 		None None None
UNDETERMINED
192.168.56.101:49336
142.250.199.68:443 		None None None

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0
pdb_path TEST_mi_exe_stub.pdb
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
resource name B
resource name GOOGLEUPDATE
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2
suspicious_features POST method with no referer header suspicious_request POST https://update.googleapis.com/service/update2?cup2key=12:fiH-rpFmRD_9K6RrmjLJh__4TUMN6H9j0EsLvPpPbKw&cup2hreq=d0876e1be58e78f6be4d5e4f2cb7dd29f25148548a5a47d58e905d10712788fc
request HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome/czao2hrvpk5wgqrkz4kks5r734_109.0.5414.120/109.0.5414.120_chrome_installer.exe
request GET http://edgedl.me.gvt1.com/edgedl/release2/chrome/czao2hrvpk5wgqrkz4kks5r734_109.0.5414.120/109.0.5414.120_chrome_installer.exe
request HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwcdm4bj7lx4xbm2ireywxlhvca_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3
request GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwcdm4bj7lx4xbm2ireywxlhvca_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3
request POST https://update.googleapis.com/service/update2
request POST https://update.googleapis.com/service/update2?cup2key=12:fiH-rpFmRD_9K6RrmjLJh__4TUMN6H9j0EsLvPpPbKw&cup2hreq=d0876e1be58e78f6be4d5e4f2cb7dd29f25148548a5a47d58e905d10712788fc
request POST https://update.googleapis.com/service/update2
request POST https://update.googleapis.com/service/update2?cup2key=12:fiH-rpFmRD_9K6RrmjLJh__4TUMN6H9j0EsLvPpPbKw&cup2hreq=d0876e1be58e78f6be4d5e4f2cb7dd29f25148548a5a47d58e905d10712788fc
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2624
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73262000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2624
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00da0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 3064
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x01dd0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 3064
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73262000
process_handle: 0xffffffff
1 0 0
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
name RT_STRING language LANG_SERBIAN filetype data sublanguage SUBLANG_SERBIAN_CYRILLIC offset 0x001567f0 size 0x000001aa
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\GoogleUpdateCore.exe
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_zh-CN.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_lt.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\psmachine_64.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_am.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_de.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_th.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_iw.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_id.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_lv.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_hu.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_es-419.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_ms.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\GoogleUpdateBroker.exe
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\psuser.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_en.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_fil.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_da.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_pt-BR.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_et.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_tr.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\psuser_64.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_ja.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_hr.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_el.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_es.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_no.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\GoogleUpdateComRegisterShell64.exe
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_ro.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_te.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_sl.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_bn.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\psmachine.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_en-GB.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_sv.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_ur.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_is.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_uk.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_zh-TW.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_pl.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_sw.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\GoogleUpdateOnDemand.exe
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_fa.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_nl.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_bg.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdate.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_ml.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_pt-PT.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_vi.dll
file C:\Program Files (x86)\Google\Temp\GUMEF90.tmp\goopdateres_it.dll
Time & API Arguments Status Return Repeated

Process32NextW

 snapshot_handle: 0x000001cc
process_name: taskhost.exe
process_identifier: 2372
1 1 0

Process32NextW

 snapshot_handle: 0x000001cc
process_name: GoogleUpdate.exe
process_identifier: 2624
1 1 0
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
section {u'size_of_data': u'0x00135200', u'virtual_address': u'0x00022000', u'entropy': 7.988101199224517, u'name': u'.rsrc', u'virtual_size': u'0x001351b4'} entropy 7.98810119922 description A section with a high entropy has been found
entropy 0.906192744595 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
process googleupdate.exe
cmdline "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNi4xNTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zMy43IiBpc21hY2hpbmU9IjEiIHNlc3Npb25pZD0iezBDRTBEQkJCLUMwRTgtNEU4OC05RDI2LTk0Q0JCNjUwN0ZGNn0iIHVzZXJpZD0ie0NGMjYzODI5LTBFOTgtNDAxNC05NDJGLTcyRTNBQkMxNjY2RX0iIGluc3RhbGxzb3VyY2U9InRhZ2dlZG1pIiByZXF1ZXN0aWQ9IntGQkJENkNEQS03MzA0LTRCOUItODA2QS01RkYyMjZFQ0VDMjJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjUiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjYuMS43NjAxLjAiIHNwPSJTZXJ2aWNlIFBhY2sgMSIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezQzMEZENEQwLUI3MjktNEY2MS1BQTM0LTkxNTI2NDgxNzk5RH0iIHZlcnNpb249IjEuMy4zMy43IiBuZXh0dmVyc2lvbj0iMS4zLjM2LjE1MiIgbGFuZz0icHQtQlIiIGJyYW5kPSIiIGNsaWVudD0iIiBpaWQ9IntDNEJGNTA1RC0wODkxLTYzMkMtMkY0MC05NzZDMzQ5QzNDNzl9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjI3MTkiLz48L2FwcD48L3JlcXVlc3Q-
host 142.250.199.67
host 142.250.204.110
host 142.250.206.225
host 142.250.66.99
host 142.250.76.138
host 142.250.76.142
host 172.217.161.202
host 172.217.175.227
host 172.217.25.174
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\(Default) reg_value C:\Program Files (x86)\Google\Update\1.3.36.152\psmachine_64.dll
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\(Default) reg_value C:\Program Files (x86)\Google\Update\1.3.36.152\psmachine_64.dll
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BABC0FE1-E9B9-49A3-BBE6-3F16B71DC052}\InProcServer32\(Default) reg_value C:\Program Files (x86)\Google\Update\1.3.36.152\psmachine_64.dll
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\(Default) reg_value C:\Program Files (x86)\Google\Update\1.3.36.152\psmachine_64.dll
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\(Default) reg_value C:\Program Files (x86)\Google\Update\1.3.36.152\psmachine_64.dll
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BABC0FE1-E9B9-49A3-BBE6-3F16B71DC052}\InProcServer32\(Default) reg_value C:\Program Files (x86)\Google\Update\1.3.36.152\psmachine_64.dll
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32\(Default) reg_value C:\Program Files (x86)\Google\Update\1.3.36.152\psmachine_64.dll
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32\(Default) reg_value C:\Program Files (x86)\Google\Update\1.3.36.152\psmachine_64.dll
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BABC0FE1-E9B9-49A3-BBE6-3F16B71DC052}\InProcServer32\(Default) reg_value C:\Program Files (x86)\Google\Update\1.3.36.152\psmachine_64.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_ko.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_pt-BR.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_sw.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\psuser_64.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_is.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_de.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_ja.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_fr.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_fa.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_ur.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_zh-TW.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_iw.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_da.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_th.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_sv.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\psuser.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_am.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_ru.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_ar.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_ca.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_sl.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_hr.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleUpdateCore.exe
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_kn.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_ms.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_en.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_sr.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_pl.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_lt.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_ta.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleUpdate.exe
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_el.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_hi.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\psmachine.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleUpdateComRegisterShell64.exe
file C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleUpdateSetup.exe
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_et.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_id.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleUpdateOnDemand.exe
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_hu.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_zh-CN.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_en-GB.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_gu.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_vi.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_te.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_sk.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_es-419.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_it.dll
file C:\Program Files (x86)\Google\Update\1.3.33.7\goopdateres_tr.dll