URLs found in memory or binary data Source: crestron_m asterinsta ller_4.00. Source: C:\Users\u ser\AppDat a\Local\Te mp\is-GBMA 6.tmp\cres tron_maste rinstaller _4.00.11.t mpĬode function: 3_2_004AD2 94 FindFir stFileW,Ge tLastError ,Ĭode function: 3_2_004081 74 GetModu leHandleW, GetProcAdd ress,lstrc pynW,lstrc pynW,lstrc pynW,FindF irstFileW, FindClose, lstrlenW,l strcpynW,l strlenW,ls trcpynW,Ĭode function: 3_2_004FDF 38 FindFir stFileW,Se tFileAttri butesW,Del eteFileW,F indNextFil eW,FindClo se, exe", Pro cessId: 61 12Ĭontains functionality to enumerate / list files inside a directory Source: C:\Users\u ser\Deskto p\crestron _masterins taller_4.0 0.11.exeĬode function: 1_2_00405B EC GetModu leHandleW, GetProcAdd ress,lstrc pynW,lstrc pynW,lstrc pynW,FindF irstFileW, FindClose, lstrlenW,l strcpynW,l strlenW,ls trcpynW,
00.11.exe ", Parent Image: C:\ Users\user \Desktop\c restron_ma sterinstal ler_4.00.1 1.exe, Par entProcess Id: 7136, ProcessCom mandLine: "C:\Users\ user\AppDa ta\Local\T emp\is-GBM A6.tmp\cre stron_mast erinstalle r_4.00.11. 00.11.tmp, ParentCo mmandLine: "C:\Users \user\Desk top\crestr on_masteri nstaller_4. Sigma detected: Process Start From Suspicious Folder Source: Process st artedĪuthor: frack113: Data: Comm and: "C:\U sers\user\ AppData\Lo cal\Temp\i s-GBMA6.tm p\crestron _masterins taller_4.0 0.11.tmp" /SL5="$180 1CA,139489 96,121344, C:\Users\u ser\Deskto p\crestron _masterins taller_4.0 0.11.exe", CommandL ine: "C:\U sers\user\ AppData\Lo cal\Temp\i s-GBMA6.tm p\crestron _masterins taller_4.0 0.11.tmp" /SL5="$180 1CA,139489 96,121344, C:\Users\u ser\Deskto p\crestron _masterins taller_4.0 0.11.exe", CommandL ine|base64 offset|con tains:, I mage: C:\U sers\user\ AppData\Lo cal\Temp\i s-GBMA6.tm p\crestron _masterins taller_4.0 0.11.tmp, NewProcess Name: C:\U sers\user\ AppData\Lo cal\Temp\i s-GBMA6.tm p\crestron _masterins taller_4.0 0.11.tmp, OriginalFi leName: C: \Users\use r\AppData\ Local\Temp \is-GBMA6.
0 kommentar(er)
