Uses Microsoft's Enhanced Cryptographic Provider com/chrome -firefox-r ealvncserv er-realvnc viewer/nin ite.exe" > cmdline.o ut 2>&1, P arentImage : C:\Windo ws\SysWOW6 4\cmd.exe, ParentPro cessId: 71 00, Proces sCommandLi ne: wget - t 2 -v -T 60 -P "C:\ Users\user \Desktop\d ownload" -no-check- certificat e -conten t-disposit ion -user -agent="Mo zilla/5.0 (Windows N T 6.1 WOW 64 Triden t/7.0 AS rv:11.0) like Gecko " "https:/ / m/chrome-f irefox-rea lvncserver -realvncvi ewer/ninit e.exe", P rocessId: 7160 0 (Windows NT 6.1 W OW64 Trid ent/7.0 A S rv:11.0 ) like Gec ko" "https ://ninite. exe, Pare ntCommandL ine: C:\Wi ndows\syst em32\cmd.e xe /c wget -t 2 -v - T 60 -P "C :\Users\us er\Desktop \download" -no-chec k-certific ate -cont ent-dispos ition -us er-agent=" Mozilla/5. exe", Co mmandLine| base64offs et|contain s:, Image : C:\Windo ws\SysWOW6 4\wget.exe, NewProce ssName: C: \Windows\S ysWOW64\wg et.exe, Or iginalFile Name: C:\W indows\Sys WOW64\wget. Sigma detected: Windows Suspicious Use Of Web Request in CommandLineĪuthor: James Pemberton / Data: Comm and: wget -t 2 -v -T 60 -P "C: \Users\use r\Desktop\ download" -no-check -certifica te -conte nt-disposi tion -use r-agent="M ozilla/5.0 (Windows NT 6.1 WO W64 Tride nt/7.0 AS rv:11.0) like Geck o" "https: //ninite.c om/chrome- firefox-re alvncserve r-realvncv iewer/nini te.exe", CommandLin e: wget -t 2 -v -T 6 0 -P "C:\U sers\user\ Desktop\do wnload" - no-check-c ertificate -content -dispositi on -user- agent="Moz illa/5.0 ( Windows NT 6.1 WOW6 4 Trident /7.0 AS rv:11.0) l ike Gecko" " /chrome-fi refox-real vncserver- realvncvie wer/ninite.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |