11/8/2022 0 Comments Vbsedit 9 license key![]() ![]() String found in binary or memory: it.org/hom e/getchann elyS String found in binary or memory: it.org/hom e/getchann el2 ![]() String found in binary or memory: it.org/hom e/getchann el URLs found in memory or binary data Source: VbsEdit 9. exeĬode function: 3_2_0040A2 74 _EH_pr olog,FindF irstFileW, FindFirstF ileW,FindF irstFileW, AreFileApi sANSI,Find FirstFileA , Source: C:\Users\u ser\AppDat a\Local\Te mp\is-TO95 C.tmp\7za. Source: C:\Users\u ser\AppDat a\Local\Te mp\is-D34A R.tmp\VbsE dit 9.08.6 8.tmpĬode function: 1_2_004AD6 00 FindFir stFileW,Ge tLastError ,Ĭode function: 1_2_004081 74 GetModu leHandleW, GetProcAdd ress,lstrc pynW,lstrc pynW,lstrc pynW,FindF irstFileW, FindClose, lstrlenW,l strcpynW,l strlenW,ls trcpynW,Ĭode function: 1_2_004FFC 74 FindFir stFileW,Se tFileAttri butesW,Del eteFileW,F indNextFil eW,FindClo se, ![]() 08.68.exe ", Proces sId: 7024Ĭontains functionality to enumerate / list files inside a directory Source: C:\Users\u ser\Deskto p\VbsEdit 9.08.68.ex eĬode function: 0_2_00405B EC GetModu leHandleW, GetProcAdd ress,lstrc pynW,lstrc pynW,lstrc pynW,FindF irstFileW, FindClose, lstrlenW,l strcpynW,l strlenW,ls trcpynW, 08.68.exe ", Parent Image: C:\ Users\user \Desktop\V bsEdit 9.0 8.68.exe, ParentProc essId: 699 2, Process CommandLin e: "C:\Use rs\user\Ap pData\Loca l\Temp\is- D34AR.tmp\ VbsEdit 9. 68.tmp, P arentComma ndLine: "C :\Users\us er\Desktop \VbsEdit 9. 08.68.tmp, NewProces sName: C:\ Users\user \AppData\L ocal\Temp\ is-D34AR.t mp\VbsEdit 9.08.68.t mp, Origin alFileName : C:\Users \user\AppD ata\Local\ Temp\is-D3 4AR.tmp\Vb sEdit 9.08. 68.exe", CommandLin e|base64of fset|conta ins:, Ima ge: C:\Use rs\user\Ap pData\Loca l\Temp\is- D34AR.tmp\ VbsEdit 9. #VBSEDIT 9 LICENSE KEY PRO#exe" -cr -tu 3, Par entImage: C:\Users\u ser\AppDat a\Roaming\ SysInfoToo l\sitool.e xe, Parent ProcessId: 6284, Pro cessComman dLine: C:\ Windows\sy stem32\sch tasks.exe" /Create / f /XML "C: \Users\use r\AppData\ Roaming\Sy sInfoTool\ data.xml" /tn "Micro soft\Windo ws\Windows Error Rep orting\Too lSystemInf o, Process Id: 2812 #VBSEDIT 9 LICENSE KEY WINDOWS#Sigma detected: Suspicius Schtasks From Env Var Folder Source: Process st artedĪuthor: Florian Roth: Data: Comm and: C:\Wi ndows\syst em32\schta sks.exe" / Create /f /XML "C:\U sers\user\ AppData\Ro aming\SysI nfoTool\da ta.xml" /t n "Microso ft\Windows \Windows E rror Repor ting\ToolS ystemInfo, CommandLi ne: C:\Win dows\syste m32\schtas ks.exe" /C reate /f / XML "C:\Us ers\user\A ppData\Roa ming\SysIn foTool\dat a.xml" /tn "Microsof t\Windows\ Windows Er ror Report ing\ToolSy stemInfo, CommandLin e|base64of fset|conta ins: *j, I mage: C:\W indows\Sys WOW64\scht asks.exe, NewProcess Name: C:\W indows\Sys WOW64\scht asks.exe, OriginalFi leName: C: \Windows\S ysWOW64\sc htasks.exe, ParentCo mmandLine: "C:\Users \user\AppD ata\Roamin g\SysInfoT ool\sitool. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |