![]() ![]() "value" : "%ProgramFiles(X86)%\\Adobe\\Acrobat Reader DC\\Reader\\Update\\Updater.exe" , ' C:\Program Files (x86)\Notepad \updater\gpup.exe 'ĭescription : OneDrive Standalone Updater Execution of tools named GUP.exe and located in folders different than Notepad \updater ' \Program Files (x86)\Notepad \updater\GUP.exe' ' \Program Files\Notepad \updater\GUP.exe' ![]() ' \Users\\*\AppData\Roaming\Notepad \updater\GUP.exe' ![]() ' \Users\\*\AppData\Local\Notepad \updater\GUP.exe' Proc_creation_win_susp_disable_raccine.ymlĭescription : Detects execution of the Notepad updater in a suspicious directory, which is often used in DLL side-loading attacks Proc_creation_win_powersploit_empire_schtasks.yml While updater.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes. The following table contains possible examples of updater.exe being misused.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |