![]() "ECDSA" (Indicator: "ecdsa" File: "00017126-00002380.00000002.")įound a dropped file containing the Windows username (possible fingerprint attempt) URL: $params=cmp=default$dwld=/ (AV positives: 2/66 scanned on 03:02:22) ![]() ![]() Malicious artifacts seen in the context of a contacted hostįound malicious artifacts related to "198.72.111.203". "" wrote 52 bytes to a remote process "%WINDIR%\System32\regsvr32.exe" (Handle: 1016) "" wrote 32 bytes to a remote process "%WINDIR%\System32\regsvr32.exe" (Handle: 1016) "" wrote 4 bytes to a remote process "%WINDIR%\System32\regsvr32.exe" (Handle: 1016) "" wrote 1500 bytes to a remote process "%WINDIR%\System32\regsvr32.exe" (Handle: 1016) "" wrote 52 bytes to a remote process "%ALLUSERSPROFILE%\PDFsam Enhanced 4\Installation\PDFsam_Enhanced_4_Installer.exe" (Handle: 1016) "" wrote 32 bytes to a remote process "%ALLUSERSPROFILE%\PDFsam Enhanced 4\Installation\PDFsam_Enhanced_4_Installer.exe" (Handle: 1016) "" wrote 4 bytes to a remote process "%ALLUSERSPROFILE%\PDFsam Enhanced 4\Installation\PDFsam_Enhanced_4_Installer.exe" (Handle: 1016) ![]() "" wrote 1500 bytes to a remote process "%ALLUSERSPROFILE%\PDFsam Enhanced 4\Installation\PDFsam_Enhanced_4_Installer.exe" (Handle: 1016)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |