Static PE information: TERMINAL_S ERVER_AWAR E, DYNAMIC _BASE, NX_ COMPATīinary string: WinTypes.p db source: WerFault. Static PE information: 32BIT_MACH INE, EXECU TABLE_IMAG EĬontains modern PE file flags such as dynamic base (ASLR) or NX 0.30319\Re gSvcs.exe, ParentCom mandLine: 'C:\Users\ user\Deskt op\loader extreme +I njektor.ex e', Paren tImage: C: \Users\use r\Desktop\ loader ext reme +Inje ktor.exe, ParentProc essId: 478 4, Process CommandLin e: C:\Wind ows\Micros oft.NET\Fr amework\v4. 30319\RegS vcs.exe, N ewProcessN ame: C:\Wi ndows\Micr osoft.NET\ Framework\ v9 \RegSvcs.e xe, Origin alFileName : C:\Windo ws\Microso ft.NET\Fra mework\v4.
exe, Comm andLine|ba se64offset |contains:, Image: C:\Windows \Microsoft. Sigma detected: Possible Applocker BypassĪuthor: juju4: Data: Comm and: C:\Wi ndows\Micr osoft.NET\ Framework\ v9 \RegSvcs.e xe, Comman dLine: C:\ Windows\Mi crosoft.NE T\Framewor k\v4.0.303 19\RegSvcs. Sigma detected: Suspicious Process Start Without DLLĪuthor: Florian Roth: Data: Comm and: C:\Wi ndows\Micr osoft.NET\ Framework\ v9 \RegSvcs.e xe, Comman dLine: C:\ Windows\Mi crosoft.NE T\Framewor k\v4.0.303 19\RegSvcs. 0.unpackĠ.0.loader extreme + Injektor.e xe.2d0000. 2.unpackĠ.0.loader extreme + Injektor.e xe.2d57a0. 1.unpackĠ.0.loader extreme + Injektor.e xe.2d57a0. 0.unpackĠ.2.loader extreme + Injektor.e xe.2d57a0. 4.unpackĠ.2.loader extreme + Injektor.e xe.2d0000.
1.unpackĠ.0.loader extreme + Injektor.e xe.2d0000. 0.0.loader extreme + Injektor.e xe.2d0000.
0 kommentar(er)
