![]() ![]() Key value queried: HKEY_LOCAL _MACHINE\S OFTWARE\Cl asses\CLSI D\ \InprocSer ver32įile written: C:\Users\u ser\AppDat a\Local\MS free Inc\k msauto.ini Uses an in-process (OLE) Automation server Process created: C:\Windows \System32\ cmd.exe C: \Windows\S ystem32\cm d.exe /c e cho test> 'C:\Users\ user\Deskt op\test.te st' Process created: C:\Windows \System32\ cmd.exe cm d /c md 'C :\Users\us er\AppData \Local\MSf ree Inc' Source: C:\Users\user\Desktop\KMSAuto Net.exe Process created: C:\Windows \System32\ cmd.exe C: \Windows\S ystem32\cm d.exe /D / c del /F / Q 'test.te st' Sample file is different than original file name gathered from version infoīinary or memory string: OriginalFi lename7z.s fx.exe, vs KMSAuto N et.exeīinary or memory string: ***SPP.HI V"Internal NameSeShut downPrivil egeHong Ko ng SAR, PR CSlovenian GuatemalaG etProcessI mageFileNa meWInterfa ce (VI) by ptk911csc ript.exe" "%1"NetLoc alGroupGet Members> 'C:\Users\ user\Deskt op\test.te st' Static PE information: Resource n ame: RT_IC ON type: G LS_BINARY_ LSB_FIRST ![]() String found in binary or memory: o.gl/M2ThD 0KonkaniLa unch ![]() String found in binary or memory: emas.xmlso ap.org/ws/ 2005/05/id entity/cla ims/name String found in binary or memory: p.usertrus t.com0 String found in binary or memory: / post/19298 6/# String found in binary or memory: um.ru-boar d.comMarat hiWindows String found in binary or memory: um.ru-boar d.com String found in binary or memory: Source: KMSAuto Net.exe String found in binary or memory: file:///C: /Windows/M icrosoft.N et/assembl y/GAC_MSIL /System.Wi ndows.Form s/v4.0_4.0. String found in binary or memory: file:///C: /Windows/M icrosoft.N ET/Framewo rk/v4.0.30 319/ String found in binary or memory: file:///C: /Users/Her b Blackb urn/Deskto p/en/KMSAu to Net.r esources/K MSAuto N et.resourc es.EXEXEE String found in binary or memory: file:///C: /Users/Her b Blackb uB String found in binary or memory: file:///C: /Users/Her b String found in binary or memory: file:/// String found in binary or memory: file:// youtube.c om/results ?search_qu ery="KMS Auto Net 2015" KMS Log A nalyzer.xl sm equals (You tube) Facebook, equals w ww.faceboo k.com (Fac ebook) ![]() String found in binary or memory: Microsoft. com/watch ?v=niXf0ov 0S8I equal s (Y outube) dat5spp\st ore\cache\ cache.dat" spp\store \2.0\cache \cache.dat =spp\store \2.0\cache \cache.dat "U ww.youtube. String found in binary or memory: " /S /Q3sp p\store\ca che\cache. exeįound strings which match to known social media urls Found application associated with file extension.Correcting counters for adjusted boot time.Number of analysed new started processes analysed: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |