Resubmissions
15/04/2025, 17:34
250415-v5ylksypw9 1015/04/2025, 06:16
250415-g1p7ras1dw 1014/04/2025, 08:06
250414-jzpwpstxhx 1014/04/2025, 07:59
250414-jvg1assky4 1014/04/2025, 07:22
250414-h7g1dss1h1 1014/04/2025, 07:16
250414-h3xv2s1nv6 1011/04/2025, 21:39
250411-1h113szzaz 1001/04/2025, 21:24
250401-z8184awycs 10Analysis
-
max time kernel
148s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20250410-en -
resource tags
-
submitted
14/04/2025, 08:06
General
-
Target
oof.exe
-
Size
662KB
-
MD5
0760d43d4adebe20fa0b5e5a7bca1714
-
SHA1
a0a9dae5e9be39bca31021dd9cf565fcdefb8474
-
SHA256
8f9067f2bd4a374539a40fddb8915600c9fd6ba3e5db20cbddcb3c5f22d9da44
-
SHA512
7e60c2726711bb8e822375f93cfb9ced7d172f3f0ae07041cbeea8c4cdb45488d1de90ee77dfef52aa86722a5dcbe521d1affeace3aec8811e851f693d74ef77
-
SSDEEP
12288:9TEUsvsVEcwaFNaxr7IwFnm1p7BmC10sHo0AhHL:9oBvRcxuxrksqRNI0i
Score
10/10
Malware Config
Signatures
-
BetaBot
Beta Bot is a Trojan that infects computers and disables Antivirus.
-
Betabot family
-
Modifies firewall policy service 3 TTPs 64 IoCs
-
Event Triggered Execution: Image File Execution Options Injection 1 TTPs 34 IoCs
-
Checks BIOS information in registry 2 TTPs 16 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 64 IoCs
-
Adds Run key to start application 2 TTPs 32 IoCs
-
Checks whether UAC is enabled 1 TTPs 48 IoCs
-
Indicator Removal: Clear Persistence 1 TTPs 1 IoCs
remove IFEO.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
-
Suspicious use of SetThreadContext 48 IoCs
-
Program crash 16 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 64 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 32 IoCs
-
Modifies Internet Explorer Protected Mode 1 TTPs 64 IoCs
-
Modifies Internet Explorer Protected Mode Banner 1 TTPs 16 IoCs
-
Modifies Internet Explorer settings 1 TTPs 16 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: MapViewOfSection 64 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\oof.exe"C:\Users\Admin\AppData\Local\Temp\oof.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\oof.exe"C:\Users\Admin\AppData\Local\Temp\oof.exe"2⤵
- Event Triggered Execution: Image File Execution Options Injection
- Checks whether UAC is enabled
- Indicator Removal: Clear Persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: MapViewOfSection
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe3⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 11204⤵
- Program crash
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious behavior: MapViewOfSection
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 11125⤵
- Program crash
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3344 -ip 33441⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 11485⤵
- Program crash
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2144 -ip 21441⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 11205⤵
- Program crash
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 4056 -ip 40561⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 11245⤵
- Program crash
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2956 -ip 29561⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 11445⤵
- Program crash
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2752 -ip 27521⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 11485⤵
- Program crash
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4236 -ip 42361⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: MapViewOfSection
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 10845⤵
- Program crash
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 884 -ip 8841⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: MapViewOfSection
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 11485⤵
- Program crash
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1932 -ip 19321⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 11205⤵
- Program crash
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3536 -ip 35361⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Checks processor information in registry
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 10925⤵
- Program crash
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1360 -ip 13601⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 11485⤵
- Program crash
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3300 -ip 33001⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Checks processor information in registry
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 11205⤵
- Program crash
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5084 -ip 50841⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- Checks processor information in registry
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 232 -s 11485⤵
- Program crash
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1696 -ip 16961⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 11325⤵
- Program crash
-
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 232 -ip 2321⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe4⤵
- Modifies firewall policy service
- Event Triggered Execution: Image File Execution Options Injection
- Checks BIOS information in registry
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 11125⤵
- Program crash
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 940 -ip 9401⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"3⤵
- Checks whether UAC is enabled
- Checks processor information in registry
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"1⤵
-
C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"C:\ProgramData\Google Updater 2.0\3755q5i19mc.exe"2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1516 -ip 15161⤵
Network
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Image File Execution Options Injection
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Indicator Removal
1Clear Persistence
1Modify Registry
5Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
662KB
MD50760d43d4adebe20fa0b5e5a7bca1714
SHA1a0a9dae5e9be39bca31021dd9cf565fcdefb8474
SHA2568f9067f2bd4a374539a40fddb8915600c9fd6ba3e5db20cbddcb3c5f22d9da44
SHA5127e60c2726711bb8e822375f93cfb9ced7d172f3f0ae07041cbeea8c4cdb45488d1de90ee77dfef52aa86722a5dcbe521d1affeace3aec8811e851f693d74ef77
-
Filesize
408KB
-
Filesize
28KB
-
Filesize
688KB
-
Filesize
4KB
-
Filesize
408KB
-
Filesize
688KB
-
Filesize
4.2MB
-
Filesize
4.2MB
-
Filesize
1.1MB
-
Filesize
4.2MB
-
Filesize
408KB
-
Filesize
804KB
-
Filesize
4KB
-
Filesize
848KB
-
Filesize
408KB
-
Filesize
212KB
-
Filesize
212KB
-
Filesize
212KB
-
Filesize
212KB
-
Filesize
688KB
-
Filesize
4.2MB
-
Filesize
4.2MB
-
Filesize
1.1MB
-
Filesize
4.2MB
-
Filesize
408KB
-
Filesize
688KB
-
Filesize
212KB
-
Filesize
408KB
-
Filesize
212KB
-
Filesize
688KB
-
Filesize
688KB