exe" -cr -tu 3, Par entImage: C:\Users\u ser\AppDat a\Roaming\ SysInfoToo l\sitool.e xe, Parent ProcessId: 6284, Pro cessComman dLine: C:\ Windows\sy stem32\sch tasks.exe" /Create / f /XML "C: \Users\use r\AppData\ Roaming\Sy sInfoTool\ data.xml" /tn "Micro soft\Windo ws\Windows Error Rep orting\Too lSystemInf o, Process Id: 2812 Sigma detected: Suspicius Schtasks From Env Var Folder Source: Process st artedĪuthor: Florian Roth: Data: Comm and: C:\Wi ndows\syst em32\schta sks.exe" / Create /f /XML "C:\U sers\user\ AppData\Ro aming\SysI nfoTool\da ta.xml" /t n "Microso ft\Windows \Windows E rror Repor ting\ToolS ystemInfo, CommandLi ne: C:\Win dows\syste m32\schtas ks.exe" /C reate /f / XML "C:\Us ers\user\A ppData\Roa ming\SysIn foTool\dat a.xml" /tn "Microsof t\Windows\ Windows Er ror Report ing\ToolSy stemInfo, CommandLin e|base64of fset|conta ins: *j, I mage: C:\W indows\Sys WOW64\scht asks.exe, NewProcess Name: C:\W indows\Sys WOW64\scht asks.exe, OriginalFi leName: C: \Windows\S ysWOW64\sc htasks.exe, ParentCo mmandLine: "C:\Users \user\AppD ata\Roamin g\SysInfoT ool\sitool.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |