"piso.exe" has type "PE32 executable (console) Intel 80386 for MS Windows" "InstOpt.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "PowerISO.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows" "MACDll.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "libvorbis.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "System.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "uninstall.exe" has type "PE32 executable (GUI) Intel 80386 for MS Windows" "PWRISOSH.DLL" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "libFLAC.dll" has type "PE32 executable (DLL) (GUI) Intel 80386 for MS Windows" "unrar.dll" has type "PE32 executable (DLL) (console) Intel 80386 for MS Windows" "PWRISOVM.EXE" has type "PE32 executable (GUI) Intel 80386 for MS Windows" Multiple malicious artifacts seen in the context of different hostsĬontains ability to reboot/shutdown the operating system Malicious artifacts seen in the context of a contacted hostįound malicious artifacts related to "66.102.1.93". "iexplore.exe" wrote 4 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 772) "iexplore.exe" wrote 52 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 772) "iexplore.exe" wrote 32 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 772) "" wrote 4 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 624) "" wrote 52 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 624) "" wrote 32 bytes to a remote process "C:\Program Files\Internet Explorer\iexplore.exe" (Handle: 624) "" wrote 4 bytes to a remote process "C:\Program Files\PowerISO\PWRISOVM.EXE" (Handle: 668) "" wrote 52 bytes to a remote process "C:\Program Files\PowerISO\PWRISOVM.EXE" (Handle: 668) "" wrote 32 bytes to a remote process "%PROGRAMFILES%\PowerISO\PWRISOVM.EXE" (Handle: 668) "" wrote 52 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 768) "" wrote 32 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 768) "" wrote 4 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 768) "" wrote 1500 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 768) "" wrote 52 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 416) "" wrote 32 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 416) "" wrote 4 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 416) "" wrote 1500 bytes to a remote process "C:\Windows\System32\regsvr32.exe" (Handle: 416)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |