![]() ![]() Key opened: HKEY_CURRE NT_USER\So ftware\Pol icies\Micr osoft\Wind ows\Safer\ CodeIdenti fiersįile read: C:\Windows \System32\ drivers\et c\hosts Mutant created: \Sessions\ 1\BaseName dObjects\L ocal\SM0:4 384:120:Wi lError_01įile created: C:\Users\u ser\AppDat a\Local\Te mp\~vis000 0 Source: C:\Windows \System32\ conhost.ex e debug / backup)įile created: C:\Users\u ser\Deskto p\cmdline. ![]() Network traffic detected: HTTP traff ic on port 443 -> 49 745Ĭontains functionality to shutdown / reboot the systemĬode function: 4_2_004019 D0 GetCurr entProcess ,OpenProce ssToken,Lo okupPrivil egeValueA, AdjustToke nPrivilege s,GetLastE rror,ExitW indowsEx,Ĭlassification label: clean5.win functionality to adjust token privileges (e.g. Network traffic detected: HTTP traff ic on port 49745 -> 443 ![]() String found in binary or memory: w.digicert. String found in binary or memory: p.digicert. String found in binary or memory: pxw.blogsp ot.com/200 8/12/remov e-watermar k-v03-buil d-20081210. String found in binary or memory: 4.digicert. ![]() String found in binary or memory: 3.digicert. String found in binary or memory: erts.digic ert.com/Di giCertSHA2 SecureServ erCA.crt0 String found in binary or memory: erts.digic ert.com/Di giCertSHA2 SecureServ erCA.crt xyzįile opened: C:\Users\u ser\AppDat a\Local\Te mp\įile opened: C:\Users\u ser\AppDat a\Local\ĭNS traffic detected: queries fo r: softped ia-secure- download.c om Source: C:\Users\u ser\Deskto p\download \dseo13b.e xeĬode function: 4_2_004010 C0 FindFir stFileA,Fi ndClose,Ĭode function: 4_2_004015 50 lstrlen A,lstrcatA ,_llseek,w sprintfA,w sprintfA,F indFirstFi leA,FindNe xtFileA,ws printfA,Fi ndNextFile A,FindClos e,Ĭode function: 4_2_004011 00 _llseek ,lstrcpyA, lstrlenA,_ llseek,lst rlenA,_lls eek,lstrle nA,_llseek ,FindFirst FileA,Find Close,Ĭode function: 4_2_004013 C0 FindNex tFileA,lst rcpyA,wspr intfA,lstr cpyA,lstrc atA,lstrca tA,FindFir stFileA,Se tFileAttri butesA,lst rcmpA,lstr cmpA,lstrc pyA,lstrca tA,lstrcat A,lstrcpyA ,lstrcatA, lstrcatA,S etFileAttr ibutesA,De leteFileA, FindNextFi leA,FindCl ose,Remove DirectoryA ,Ĭode function: 4_2_00405E D6 FindNex tFileA,wsp rintfA,Fin dFirstFile A,GetDrive TypeA,wspr intfA,File TimeToLoca lFileTime, FileTimeTo SystemTime ,wsprintfA ,FileTimeT oLocalFile Time,FileT imeToSyste mTime,wspr intfA,File TimeToLoca lFileTime, FileTimeTo SystemTime ,wsprintfA ,FindClose ,GetLastEr ror,FindCl ose,įile opened: C:\Users\u ser\AppDat a\Local\Te mp\~vis000 0\įile opened: C:\Users\u ser\AppDat a\Local\Te mp\~vis000 0\miscdata. Contains functionality to enumerate / list files inside a directory ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |