exe" "C:\ Users\user \Desktop\S upremo.exe " "/SYSRUN, ProcessI d: 7152, P rocessName : SupremoS ystem.exeĬontains functionality to enumerate / list files inside a directory Source: C:\Users\u ser\AppDat a\Local\Te mp\Supremo RemoteDesk top\Suprem oSystem.ex eĬode function: 10_2_00409 884 FindFi rstFileW,F indClose, exe" "/SY SRUN, Comm andLine|ba se64offset |contains:, Image: C:\Users\u ser\AppDat a\Local\Te mp\Supremo RemoteDesk top\Suprem oSystem.ex e, NewProc essName: C :\Users\us er\AppData \Local\Tem p\SupremoR emoteDeskt op\Supremo System.exe, Original FileName: C:\Users\u ser\AppDat a\Local\Te mp\Supremo RemoteDesk top\Suprem oSystem.ex e, ParentC ommandLine : "C:\User s\user\Des ktop\Supre mo.exe", ParentImag e: C:\User s\user\Des ktop\Supre mo.exe, Pa rentProces sId: 6444, ParentPro cessName: Supremo.ex e, Process CommandLin e: C:\User s\user\App Data\Local \Temp\Supr emoRemoteD esktop\Sup remoSystem. Sigma detected: Process Start From Suspicious Folder Source: Process st artedĪuthor: frack113: Data: Comm and: C:\Us ers\user\A ppData\Loc al\Temp\Su premoRemot eDesktop\S upremoSyst em.exe" "C :\Users\us er\Desktop \Supremo.e xe" "/SYSR UN, Comman dLine: C:\ Users\user \AppData\L ocal\Temp\ SupremoRem oteDesktop \SupremoSy stem.exe" "C:\Users\ user\Deskt op\Supremo.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |