![]() ![]() ![]() Network traffic detected: HTTP traff ic on port 443 -> 49 724 Network traffic detected: HTTP traff ic on port 443 -> 49 769 Network traffic detected: HTTP traff ic on port 443 -> 49 725 Network traffic detected: HTTP traff ic on port 49735 -> 443 Network traffic detected: HTTP traff ic on port 443 -> 49 726 Network traffic detected: HTTP traff ic on port 443 -> 49 728 Network traffic detected: HTTP traff ic on port 49749 -> 443 Network traffic detected: HTTP traff ic on port 49728 -> 443 Network traffic detected: HTTP traff ic on port 49742 -> 443 Network traffic detected: HTTP traff ic on port 49724 -> 443 Network traffic detected: HTTP traff ic on port 443 -> 49 770 Network traffic detected: HTTP traff ic on port 443 -> 49 771 Network traffic detected: HTTP traff ic on port 49732 -> 443 Network traffic detected: HTTP traff ic on port 443 -> 49 730 Network traffic detected: HTTP traff ic on port 443 -> 49 731 Network traffic detected: HTTP traff ic on port 443 -> 49 776 Network traffic detected: HTTP traff ic on port 443 -> 49 732 Network traffic detected: HTTP traff ic on port 443 -> 49 733 Network traffic detected: HTTP traff ic on port 443 -> 49 734 ![]() Network traffic detected: HTTP traff ic on port 443 -> 49 779 Network traffic detected: HTTP traff ic on port 49753 -> 443 Network traffic detected: HTTP traff ic on port 443 -> 49 735 Network traffic detected: HTTP traff ic on port 443 -> 49 738 Network traffic detected: HTTP traff ic on port 49776 -> 443 Network traffic detected: HTTP traff ic on port 49769 -> 443 Network traffic detected: HTTP traff ic on port 49746 -> 443 Network traffic detected: HTTP traff ic on port 49779 -> 443 Network traffic detected: HTTP traff ic on port 443 -> 49 742 Network traffic detected: HTTP traff ic on port 443 -> 49 787 Network traffic detected: HTTP traff ic on port 443 -> 49 744 Network traffic detected: HTTP traff ic on port 49733 -> 443 Source: C:\Users\u ser\AppDat a\Local\Te mp\is-HEVP 9.tmp\Tree Size-圆4-F ull.tmpĬode function: 1_2_0040E6 A0 FindFir stFileW,Fi ndClose,Ĭode function: 1_2_0060BC 10 FindFir stFileW,Ge tLastError ,Ĭode function: 1_2_0040E0 D4 GetModu leHandleW, GetProcAdd ress,FindF irstFileW, FindClose, lstrlenW,l strlenW,Ĭode function: 1_2_006B76 A0 FindFir stFileW,Se tFileAttri butesW,Fin dNextFileW ,FindClose , exeĬode function: 0_2_0040A9 28 GetModu leHandleW, GetProcAdd ress,FindF irstFileW, FindClose, lstrlenW,l strlenW, Source: C:\Users\u ser\Deskto p\TreeSize -圆4-Full. exeĬode function: 0_2_0040AE F4 FindFir stFileW,Fi ndClose, tmp" /SL5= "$B0080,28 658953,857 088,C:\Use rs\user\De sktop\Tree Size-圆4-F ull.exe", ProcessId : 7000, Pr ocessName: TreeSize- 圆4-Full.t mpĬontains functionality to enumerate / list files inside a directory Source: C:\Users\u ser\Deskto p\TreeSize -圆4-Full. exe, Proce ssCommandL ine: "C:\U sers\user\ AppData\Lo cal\Temp\i s-HEVP9.tm p\TreeSize -圆4-Full. tmp, Paren tCommandLi ne: "C:\Us ers\user\D esktop\Tre eSize-圆4- Full.exe", ParentIm age: C:\Us ers\user\D esktop\Tre eSize-圆4- Full.exe, ParentProc essId: 697 2, ParentP rocessName : TreeSize -圆4-Full. tmp\TreeS ize-圆4-Fu ll.tmp, Or iginalFile Name: C:\U sers\user\ AppData\Lo cal\Temp\i s-HEVP9.tm p\TreeSize -圆4-Full. tmp" /SL5= "$B0080,28 658953,857 088,C:\Use rs\user\De sktop\Tree Size-圆4-F ull.exe", CommandLi ne: "C:\Us ers\user\A ppData\Loc al\Temp\is -HEVP9.tmp \TreeSize- 圆4-Full.t mp" /SL5=" $B0080,286 58953,8570 88,C:\User s\user\Des ktop\TreeS ize-圆4-Fu ll.exe", CommandLin e|base64of fset|conta ins:, Ima ge: C:\Use rs\user\Ap pData\Loca l\Temp\is- HEVP9.tmp\ TreeSize-x 64-Full.tm p, NewProc essName: C :\Users\us er\AppData \Local\Tem p\is-HEVP9. Sigma detected: Process Start From Suspicious Folder Source: Process st artedĪuthor: frack113: Data: Comm and: "C:\U sers\user\ AppData\Lo cal\Temp\i s-HEVP9.tm p\TreeSize -圆4-Full. ![]()
0 Comments
Leave a Reply. |