"is-PK33S.tmp" wrote bytes "69926a6a" to virtual address "0x75B6DF08" (part of module "SHEL元2.DLL") "is-PK33S.tmp" wrote bytes "a767696a" to virtual address "0x75B6DF4C" (part of module "SHEL元2.DLL") "is-PK33S.tmp" wrote bytes "69926a6a" to virtual address "0x75B976F0" (part of module "SHEL元2.DLL")
"is-PK33S.tmp" wrote bytes "84916a6a" to virtual address "0x75B976F8" (part of module "SHEL元2.DLL") Spawned process "Webshots.scr" with commandline "/t" ( Show Process)
Spawned process "Launcher.exe" with commandline "/t" ( Show Process) Spawned process "Webshots.scr" ( Show Process) Spawned process "regsvr32.exe" with commandline ""/s" "%PROGRAMFILES%\Webshots\WSToolbar4IE.dll"" ( Show Process) Spawned process "regsvr32.exe" with commandline ""/s" "%PROGRAMFILES%\Webshots\wsaxmediauploader.ocx"" ( Show Process)
Spawned process "regsvr32.exe" with commandline ""/s" "%PROGRAMFILES%\Webshots\wsaxcontrol.ocx"" ( Show Process) Spawned process "regsvr32.exe" with commandline ""/s" "%PROGRAMFILES%\Webshots\WSVersionATX.ocx"" ( Show Process) Spawned process "Launcher.exe" ( Show Process) Malicious artifacts seen in the context of a contacted host "Webshots.scr" wrote 52 bytes to a remote process "C:\Program Files\Webshots\Launcher.exe" (Handle: 544) "Webshots.scr" wrote 32 bytes to a remote process "C:\Program Files\Webshots\Launcher.exe" (Handle: 544) "Webshots.scr" wrote 4 bytes to a remote process "C:\Program Files\Webshots\Launcher.exe" (Handle: 544) "Webshots.scr" wrote 1500 bytes to a remote process "C:\Program Files\Webshots\Launcher.exe" (Handle: 544) "Launcher.exe" wrote 52 bytes to a remote process "C:\Program Files\Webshots\Webshots.scr" (Handle: 240) "Launcher.exe" wrote 32 bytes to a remote process "C:\Program Files\Webshots\Webshots.scr" (Handle: 240) "Launcher.exe" wrote 4 bytes to a remote process "C:\Program Files\Webshots\Webshots.scr" (Handle: 240) "Launcher.exe" wrote 1500 bytes to a remote process "C:\Program Files\Webshots\Webshots.scr" (Handle: 240) "" wrote 52 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\is-RJ0AO.tmp\is-PK33S.tmp" (Handle: 244) "" wrote 32 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\is-RJ0AO.tmp\is-PK33S.tmp" (Handle: 244) "" wrote 4 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\is-RJ0AO.tmp\is-PK33S.tmp" (Handle: 244) "" wrote 1500 bytes to a remote process "%TEMP%\is-RJ0AO.tmp\is-PK33S.tmp" (Handle: 244)
0 kommentar(er)
