8671 |
2023-09-14 07:44
|
centralimac2.1.exe 3d0b5853a55bbeea47f1f6f82729e96f NSIS UPX Malicious Library PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware suspicious privilege Check memory Checks debugger Creates executable files unpack itself Check virtual network interfaces AppData folder IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger |
|
2
api.ipify.org(104.237.62.212) 104.237.62.212
|
4
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
8.2 |
M |
36 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8672 |
2023-09-14 07:44
|
get3.exe 55cd0ace56d09766e3a8e22f94815bd6 Malicious Library PE File PE64 VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
1.8 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8673 |
2023-09-14 07:42
|
1.exe e8eedfa9c23d565850e4b712c469dc96 UPX Admin Tool (Sysinternals etc ...) .NET framework(MSIL) Http API PWS HTTP ScreenShot Internet API AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware PDB suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself Windows DNS Cryptographic key |
|
1
|
|
|
10.0 |
|
41 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8674 |
2023-09-14 07:42
|
cryptedBB.exe 3dd01710d9d6f58e5588ad656f0441a1 UPX Malicious Library PE File PE32 OS Processor Check VirusTotal Malware WriteConsoleW |
|
|
|
|
2.0 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8675 |
2023-09-14 07:40
|
StealerClient_Sharp.exe 08bcf92194154a68f92533a9b7ebf0c4 Confuser .NET PE File PE32 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself WriteConsoleW ComputerName Remote Code Execution |
|
|
|
|
3.0 |
|
53 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8676 |
2023-09-14 07:39
|
StealerClient_Cpp.exe a2a68318da5737ff0327f6d53438be60 UPX Malicious Library Malicious Packer PE File PE32 OS Processor Check VirusTotal Malware |
|
|
|
|
1.2 |
|
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8677 |
2023-09-14 07:38
|
igccu.exe c233db256a3353f1b23b55b8a16662f8 Generic Malware .NET framework(MSIL) Antivirus PWS SMTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware powershell PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows Browser Email ComputerName Cryptographic key Software crashed |
|
|
|
|
12.0 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8678 |
2023-09-14 07:37
|
igccu.exe bbbddd889f262cf35677421c6bda3a75 .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware PDB Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
M |
27 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8679 |
2023-09-14 07:35
|
Gen.exe d0fa181e7c69e0b03b243c2190910ddd AgentTesla RedLine Infostealer UltraVNC UPX Malicious Library SMTP KeyLogger AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Cryptographic key Software crashed |
2
http://194.180.49.211/D/gerenciaa.txt http://194.180.49.211/D/DLLL.txt
|
3
api.ipify.org(104.237.62.212) 194.180.49.211 - malware 64.185.227.156
|
5
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET INFO TLS Handshake Failure ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET HUNTING EXE Base64 Encoded potential malware
|
|
11.8 |
M |
28 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8680 |
2023-09-14 07:35
|
smss.exe a7b72e56ebab2dfa91a8b738724506f7 Formbook .NET framework(MSIL) AntiDebug AntiVM PE File PE32 .NET EXE FormBook Malware download VirusTotal Malware PDB suspicious privilege Code Injection Malicious Traffic Check memory Checks debugger buffers extracted unpack itself |
2
http://www.holzleisten24.shop/ro12/?ATRlddq=YvLwEHT8dFuKpJLsd4JhBcwDYJ3uuNfwUz2wQ6/Fy2txHMel0oHlxc/BdHQb6Vhi/z8z67rB&DxoTK=VDKTtFOx_dip6pX http://www.one45.vip/ro12/?ATRlddq=Zg7IXJepYYHIcsKaQoHhL1/V4j4C4Pb3dF6fc4AkNYCnbF989AFVMYXREkmUQu75oh06LO4h&DxoTK=VDKTtFOx_dip6pX
|
4
www.one45.vip(172.67.168.52) www.holzleisten24.shop(130.185.109.77) 130.185.109.77 172.67.168.52
|
1
ET MALWARE FormBook CnC Checkin (GET)
|
|
9.4 |
|
31 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8681 |
2023-09-13 17:24
|
Ascend.exe 779e78a9daf5514cac0965855f8c364e UPX .NET framework(MSIL) PE File PE32 .NET EXE VirusTotal Malware Buffer PE PDB suspicious privilege Malicious Traffic Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces DNS |
1
http://ascend.macronator.biz/bot/hash.crc
|
2
ascend.macronator.biz(16.182.36.201) - mailcious 3.5.25.172
|
1
ET INFO Observed DNS Query to .biz TLD
|
|
5.2 |
M |
8 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8682 |
2023-09-13 17:24
|
z9lupld56bdv.exe 2c7463cfe3d7089951dde9eccdf037bf UPX Malicious Library PWS SMTP AntiDebug AntiVM PE File PE32 OS Processor Check Browser Info Stealer RedLine Malware download FTP Client Info Stealer VirusTotal Malware Microsoft Buffer PE PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Collect installed applications installed browsers check Stealer Windows Browser ComputerName DNS Cryptographic key Software crashed |
|
1
|
4
ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer Activity (Response)
|
|
11.0 |
M |
37 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8683 |
2023-09-13 17:06
|
Setup_pass1234.zip d6333d9f2326da7b78144d52fa20a05c PrivateLoader Stealc Amadey ZIP Format RedLine Malware download Amadey Dridex Malware c&c Microsoft Telegram Malicious Traffic ICMP traffic suspicious TLD IP Check PrivateLoader Tofsee Lumma Stealc Stealer Windows Browser RisePro Trojan DNS Downloader |
48
http://45.9.74.80/opaa37.exe http://hugersi.com/dl/6523.exe - rule_id: 32660 http://87.121.221.58/g.exe - rule_id: 35764 http://zexeq.com/test2/get.php?pid=CD20CF071BA7C05D5F5E6CAF42496E78&first=true - rule_id: 27911 http://worldtopnews.fun/ http://230907161118223.nmr.xrm42.top/f/fikim0907223.exe - rule_id: 36358 http://colisumy.com/dl/build2.exe - rule_id: 31026 http://45.9.74.80/super.exe - rule_id: 36063 http://45.15.156.229/api/tracemap.php - rule_id: 33783 http://5.42.92.211/loghub/master - rule_id: 36282 http://ji.alie3ksgbb.com/m/ela205.exe - rule_id: 36360 http://45.15.156.229/api/firegate.php - rule_id: 36052 http://zexeq.com/files/1/build3.exe - rule_id: 27913 http://116.203.7.16/7b01483643983171e949f923c5bc80e7 http://45.9.74.80/31839b57a4f11171d6abc8bbc4451ee4.exe - rule_id: 36201 http://116.203.7.16/ http://94.142.138.131/api/firegate.php - rule_id: 32650 http://charlesjones.top/e9c345fc99a4e67e.php - rule_id: 36283 http://77.91.68.238/love/no230.exe - rule_id: 36359 http://94.142.138.131/api/tracemap.php - rule_id: 28311 http://45.9.74.80/0bjdn2Z/index.php - rule_id: 26790 http://116.203.7.16/htdocs.zip http://171.22.28.208/download/Services.exe http://worldtopnews.fun/login http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=LHNMv561Ao9oyPaxqTAOF0Ae.exe&platform=0009&osver=5&isServer=0 http://176.113.115.84:8080/4.php - rule_id: 34795 http://45.9.74.80/ummaa.exe - rule_id: 36186 http://apps.identrust.com/roots/dstrootcax3.p7c http://45.9.74.80/toolspub2.exe - rule_id: 36066 http://worldtopnews.fun/c2conf http://williecampbell.top/calc2.exe - rule_id: 36362 https://sun6-23.userapi.com/c909328/u44017378/docs/d42/899872c35d72/BottClient.bmp?extra=7B_OrPq1kMJpKpU7Rrq-3WvxeXHPEz4A_JiKNweZAEbH6C3hrq8WC9Y6uww1t8xYlzYqcYdsDkXyICD53rigA_siFPMJTJC5COTUew0WnhO42M6ssRQgNTvC-a6uLFX3tMHI9cyZu49a-5Yt https://db-ip.com/demo/home.php?s=175.208.134.152 https://sun6-23.userapi.com/c909218/u17799268/docs/d56/c3e409803ba2/deluxe_crypted.bmp?extra=GRXXFXl5hs6qKc2oTNeNbZabyhRErvV9i7w4yu2Mor6fdrgHIzKkCogIMG6LyZkta06QOXjobPsItw5FUV_MCjbxh9Ezbijg7-6iXGOD57ERI0MdAdzyAYqyWSfRh7JIr3kt-a20Yh6GOLqB https://sun6-21.userapi.com/c236331/u44017378/docs/d17/0cb048202b81/test2.bmp?extra=1Z4SkXT15ewB-UA3sFqN7g8-pGRPBmHUxDc7mOUzzckJf0vnNywnckSgPgETcI68TPa1hHTz6venXZc0d25yILYNDtXVUYrb671M_1Q5gngn8dxEey7xbFXNAr9MzoXeWv8HqjRyqYSShMt7 https://steamcommunity.com/profiles/76561199550790047 https://preconcert.pw/setup294.exe - rule_id: 36162 https://sun6-20.userapi.com/c909628/u17799268/docs/d42/394ac12e1f34/asca1ex.bmp?extra=Nn4hYr7tnXNZZ7LDLvbU1rSSLUXCn-M157dB_N2zZbvxIJXU-s2CkT9fJsNnQ-wJKfLwlR45wy_ednBtypvZDvnn-i5cAyOHtd9nGm_2XJBLZcbe78raXMo9Yfh0VU3s7QrB7fG0cfxAPlvA https://vk.com/doc17799268_667301259?hash=mz2nLKvo6dt1uE06v4jRORCgXO1tbK1pSlJhEfMFJco&dl=vkt89M90dzWpJZ9hvFWUTeZuZHqaxeSpP8mP7ffY8Z0&api=1&no_preview=1 https://api.myip.com/ https://sun6-23.userapi.com/c235131/u44017378/docs/d30/967fe3fc2ef3/RisePro_0_6.bmp?extra=fCMNoFyOc7enNdFTnnGhjJ9jovfZ0mMROPwFREaAqWboltaIPZdcP_dIqrizV6yOjKq30uHvRMolq-F_2Hpyxg0TezcFJ8SSm0bMWdfNeg7hd0DvCAOl6OyNPRiOzrjGNYBVqtSlXKW8w2lx https://vk.com/doc17799268_667305233?hash=IwZ8VZSm1R6poDSVmCjMBWvPwtTOZjN00hLIt20AnZP&dl=X47BBpvy39XAmpGvpAPzZxZ3QV8ZssYZktFDfFk2wpg&api=1&no_preview=1#cryp https://sun6-21.userapi.com/c235131/u17799268/docs/d34/20a2f6c4d3f4/d3232adg.bmp?extra=suUcIL34C8tZuA415Q8lnsWylAKtf3SORQHWwTtRCAhor9Xh31vJ6M2BmK67YddRXGwiLAW0jvq_FoA4Id_CzGfizeXTtd7lsFd1NrUnyhtFzoxZ9_XyQPBa1ZY9ol22CvDvWfKJysaOOqpn https://sun6-23.userapi.com/c240331/u44017378/docs/d9/fa52acca0a25/PL_Client.bmp?extra=Gtk0NulK_t0Vg_w76xxYbYgKgQDrBcgCJoJgl3o3wL4Soyf9yXoN4y9JRWHxgfaYJkwVs046jyfvzE55PAyXiea2WR-q86s-1lM-sAnMQ1mOToUwfIvm5gd_Npnk_8d9vqhFfiSPARmxkQGX https://vk.com/doc17799268_667311648?hash=s3oUYZKI5aNSuInKy4BDLkFtjdygeDOMqfkbCpHaJtT&dl=3IzXh7BEz71lxp7j7y0p9JlCZth8IcFgVjQw3D577ks&api=1&no_preview=1#as https://transfer.sh/get/uTWorMyudp/hgjjhlkgkl.exe https://vk.com/doc17799268_667281004?hash=xOqcu1ZGarivubW5PP3sEBGynm7PLhU3P4kzSjNpUgz&dl=BDGaIhRFJdbZh0HkjSHVN3oPAh2dusZaaZGmKdcx4h8&api=1&no_preview=1#1 https://sun6-20.userapi.com/c237331/u17799268/docs/d32/20d06de2d171/crypted.bmp?extra=Ix6P6PHPTaU-Y3IcBr-4XYzVARL6dIIfwVgGD1PgAHnQ8YE8I6mxpzvBb8ZC-5spd3ReZ1Yx-dQbztud3MKZLNEYdKKzb49L34FiqbZHziCi8D6pAzz-wEYZ9qJs6eJrhDDttVXq_XHjBjXh
|
70
worldtopnews.fun(172.67.133.72) db-ip.com(172.67.75.166) agsnv.com(181.214.31.34) - malware vanaheim.cn(185.39.205.39) - mailcious t.me(149.154.167.99) - mailcious ipinfo.io(34.117.59.81) sun6-23.userapi.com(95.142.206.3) preconcert.pw(172.67.197.101) - malware charlesjones.top(51.250.21.16) - mailcious zexeq.com(175.119.10.231) - malware learn.microsoft.com(104.75.33.236) api.2ip.ua(162.0.217.254) steamcommunity.com(184.50.42.33) - mailcious iplogger.org(148.251.234.83) - mailcious z.nnnaajjjgc.com(156.236.72.121) - malware sun6-20.userapi.com(95.142.206.0) - mailcious sun6-21.userapi.com(95.142.206.1) - mailcious ji.alie3ksgbb.com(172.67.200.102) - mailcious bitbucket.org(104.192.141.1) - malware 230907161118223.nmr.xrm42.top(94.156.35.76) - malware williecampbell.top(51.250.21.16) - malware transfer.sh(144.76.136.153) - malware colisumy.com(189.186.80.218) - malware iplis.ru(148.251.234.93) - mailcious hugersi.com(91.215.85.147) - malware vk.com(87.240.132.78) - mailcious api.myip.com(172.67.75.163) 148.251.234.93 - mailcious 194.169.175.128 - mailcious 181.214.31.34 - malware 104.192.141.1 - mailcious 91.215.85.147 - malware 77.91.68.238 - malware 104.26.5.15 184.50.42.33 104.21.13.218 5.42.92.211 - mailcious 149.154.167.99 - mailcious 45.9.74.80 - malware 185.39.205.39 95.142.206.1 - mailcious 51.38.95.107 94.156.35.76 - malware 87.240.132.78 - mailcious 23.67.53.27 171.22.28.208 162.0.217.254 176.113.115.84 - mailcious 148.251.234.83 104.26.8.59 104.21.90.117 - malware 51.250.21.16 - malware 104.21.84.222 - malware 34.117.59.81 94.142.138.131 - mailcious 144.76.136.153 - mailcious 185.225.73.32 - mailcious 156.236.72.121 - mailcious 45.15.156.229 - mailcious 201.124.224.61 95.142.206.3 116.203.7.16 182.162.106.33 - malware 95.142.206.0 - mailcious 184.30.187.53 31.41.244.27 - mailcious 87.121.221.58 - malware 211.181.24.133 87.240.132.72 - mailcious 104.75.33.236
|
57
ET INFO Observed External IP Lookup Domain in TLS SNI (api .myip .com) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET MALWARE Win32/BeamWinHTTP CnC Activity M2 (GET) SURICATA Applayer Mismatch protocol both directions ET DNS Query to a *.pw domain - Likely Hostile ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET HUNTING Suspicious services.exe in URI ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 ET INFO HTTP Request to a *.top domain ET DNS Query to a *.top domain - Likely Hostile ET DROP Spamhaus DROP Listed Traffic Inbound group 19 ET MALWARE Single char EXE direct download likely trojan (multiple families) ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO TLS Handshake Failure ET DROP Spamhaus DROP Listed Traffic Inbound group 7 ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io) ET INFO EXE - Served Attached HTTP ET HUNTING Possible EXE Download From Suspicious TLD ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token) ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity) ET INFO Microsoft net.tcp Connection Initialization Activity ET MALWARE Redline Stealer TCP CnC Activity ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) ET MALWARE Redline Stealer TCP CnC - Id1Response ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP) ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration) ET MALWARE [ANY.RUN] Win32/Lumma Stealer Configuration Request Attempt ET POLICY External IP Address Lookup DNS Query (2ip .ua) ET POLICY IP Check Domain (iplogger .org in DNS Lookup) ET INFO Observed External IP Lookup Domain (api .2ip .ua in TLS SNI) ET POLICY IP Check Domain (iplogger .org in TLS SNI) ET DROP Spamhaus DROP Listed Traffic Inbound group 1 ET MALWARE Redline Stealer Activity (Response) ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer) ET MALWARE Win32/Filecoder.STOP Variant Request for Public Key ET INFO Observed Telegram Domain (t .me in TLS SNI) ET MALWARE Win32/Filecoder.STOP Variant Public Key Download ET MALWARE Potential Dridex.Maldoc Minimal Executable Request ET MALWARE Win32/Vodkagats Loader Requesting Payload ET INFO Dotted Quad Host ZIP Request ET MALWARE Amadey CnC Check-In ET MALWARE Win32/Amadey Bot Activity (POST) M2 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Outbound) ET MALWARE Redline Stealer TCP CnC Activity - MSValue (Response) ET INFO Packed Executable Download ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup) ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI) ET POLICY Observed File Transfer Service SSL/TLS Certificate (transfer .sh) SURICATA HTTP unable to match response to request
|
22
http://hugersi.com/dl/6523.exe http://87.121.221.58/g.exe http://zexeq.com/test2/get.php http://230907161118223.nmr.xrm42.top/f/fikim0907223.exe http://colisumy.com/dl/build2.exe http://45.9.74.80/super.exe http://45.15.156.229/api/tracemap.php http://5.42.92.211/loghub/master http://ji.alie3ksgbb.com/m/ela205.exe http://45.15.156.229/api/firegate.php http://zexeq.com/files/1/build3.exe http://45.9.74.80/31839b57a4f11171d6abc8bbc4451ee4.exe http://94.142.138.131/api/firegate.php http://charlesjones.top/e9c345fc99a4e67e.php http://77.91.68.238/love/no230.exe http://94.142.138.131/api/tracemap.php http://45.9.74.80/0bjdn2Z/index.php http://176.113.115.84:8080/4.php http://45.9.74.80/ummaa.exe http://45.9.74.80/toolspub2.exe http://williecampbell.top/calc2.exe https://preconcert.pw/setup294.exe
|
5.0 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8684 |
2023-09-13 15:41
|
snake.exe a338043c6b5260df6b7ce4c4ec3d1b80 WhiteSnakeStealer Downloader .NET framework(MSIL) Create Service Socket P2P DGA Steal credential Http API Escalate priviledges PWS Sniff Audio HTTP DNS ScreenShot Code injection Internet API FTP KeyLogger AntiDebug AntiVM PE File PE32 .NET EXE VirusTotal Malware AutoRuns Code Injection Check memory Checks debugger unpack itself Windows utilities Check virtual network interfaces suspicious process AppData folder malicious URLs WriteConsoleW Ransomware Windows ComputerName |
|
|
|
|
7.6 |
|
55 |
r0d
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
8685 |
2023-09-13 14:05
|
KOREAN~1.LNK eaa5aa78668cfe6e6194fce6f2358ca8 Generic Malware Antivirus AntiDebug AntiVM Lnk Format GIF Format VirusTotal Malware powershell suspicious privilege Code Injection Check memory Checks debugger Creates shortcut unpack itself Windows utilities powershell.exe wrote suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
|
|
|
|
6.0 |
|
9 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|