AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
"Setup.exe" read file "%APPDATA%\Microsoft\Windows\Start Menu\Programs\desktop.ini" "" read file "%APPDATA%\Microsoft\Windows\Start Menu\desktop.ini" All indicators are available only in the private webservice or standalone version.Spawned process "updater.exe" with commandline "C:\Program Files\VCE Player Negm Edition\ VCE Exam Simulator 1030 player.exe" ( Show Process) Spawned process "player.exe" with commandline "update_success" ( Show Process) Spawned process "updater.exe" with commandline "C:\Program Files\VCE Player Negm Edition\ VCE Exam Simulator 1030 Player.exe" ( Show Process) Spawned process "reg.exe" with commandline "REG ADD HKCR\VCEFile\Shell\Open\Command /ve /t REG_SZ /d "%PROGRAMFILES%\VCE Player Negm Edition\player.exe %1" /f" ( Show Process) Spawned process "reg.exe" with commandline "REG ADD HKCR\VCEFile\DefaultIcon /ve /t REG_SZ /d "%PROGRAMFILES%\VCE Player Negm Edition\designer.exe Spawned process "reg.exe" with commandline "REG ADD HKCR\VCEFile /ve /t REG_SZ /d "Visual CertExam Suite File" /f" ( Show Process) Spawned process "reg.exe" with commandline "REG ADD HKCR\.VCE /ve /t REG_SZ /d "VCEFile" /f" ( Show Process) Spawned process "cmd.exe" with commandline "cmd /c ""%TEMP%\4B76.tmp\Register.Bat" "" ( Show Process) Spawned process "Register.exe" ( Show Process) Spawned process "player.exe" ( Show Process) Spawned process "Setup.exe" ( Show Process) Found malicious artifacts related to "72.52.162.35" (ASN: 32244, Owner: Liquid Web, Inc.).
0 Comments
Read More
Leave a Reply. |