1/5/2024 0 Comments Win cmaptools![]() ![]() Source: C:\Users\u ser\AppDat a\Local\Te mp\I162759 2383\Windo ws\CmapToo ls_v6.04_0 9-24-19.ex eĬode function: 31_2_000F4 534 Create FileW,GetL astError,G etLastErro r,_wprintf ,CloseHand le,GetLast Error,_wpr intf,Close Handle,Cry ptCreateHa sh,CryptRe leaseConte xt,GetLast Error,_wpr intf,Close Handle,Cry ptReleaseC ontext,Rea dFile,Cryp tHashData, GetLastErr or,_wprint f,CryptRel easeContex t,CryptDes troyHash,C loseHandle ,ReadFile, GetLastErr or,_wprint f,CryptRel easeContex t,CryptDes troyHash,C loseHandle ,CryptGetH ashParam,_ wprintf,Ge tLastError ,_wprintf, CryptDestr oyHash,Cry ptReleaseC ontext,Clo seHandle,Ĭode function: 31_2_0010E 5E9 CryptR eleaseCont ext,CloseH andle,GetL astError,_ LocaleUpda te::_Local eUpdate,_ isleadbyte _l,_cftof ,_strlen,_ _malloc_cr t,DecodePo inter,Deco dePointer, DecodePoin ter,_aull dvrm,_writ e_multi_ch ar,_write_ string,_wr ite_multi_ char,_cft of,_write_ string,_wr ite_string ,_write_mu lti_char,_ free, Uses Microsoft's Enhanced Cryptographic Provider tmp', Par entImage: C:\Users\u ser\AppDat a\Local\Te mp\I162759 2383\Windo ws\resourc e\jre\bin\ javaw.exe, ParentPro cessId: 49 08, Proces sCommandLi ne: attrib +h 'C:\Us ers\user\I nstallAnyw here', Pro cessId: 26 16 LAX 'C:/Us ers/user/A ppData/Loc al/Temp/I1 627592383/ Windows/Cm apTools_v6. zip C:\Use rs\user\Ap pData\Loca l\Temp\I16 27592383\I nstallerDa ta\Resourc e1.zip C:\ Users\user \AppData\L ocal\Temp\ I162759238 3\Windows\ InstallerD ata\Resour ce1.zip C: \Users\use r\AppData\ Local\Temp \I16275923 83\Install erData C:\ Users\user \AppData\L ocal\Temp\ I162759238 3\Windows\ InstallerD ata ' com. zip C:\Us ers\user\A ppData\Loc al\Temp\I1 627592383\ Windows\In stallerDat a\Execute. ![]() zip C:\Use rs\user\Ap pData\Loca l\Temp\I16 27592383\I nstallerDa ta\Execute. Sigma detected: Hiding Files with Attrib.exeĪuthor: Sami Ruohonen: Data: Comm and: attri b +h 'C:\U sers\user\ InstallAny where', Co mmandLine: attrib +h 'C:\Users \user\Inst allAnywher e', Comman dLine|base 64offset|c ontains: j k, Image: C:\Windows \System32\ attrib.exe, NewProce ssName: C: \Windows\S ystem32\at trib.exe, OriginalFi leName: C: \Windows\S ystem32\at trib.exe, ParentComm andLine: ' C:\Users\u ser\AppDat a\Local\Te mp\I162759 2383\Windo ws\resourc e\jre\bin\ javaw.exe' -Xms26843 5456 -Xmx5 36870912 - classpath 'C:\Users\ user\AppDa ta\Local\T emp\I16275 92383\Inst allerData\ IAClasses.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |