Spawned process "cmd.exe" with commandline "/c %TEMP%\a.exe "%TEMP%\a.php"" ( Show Process) Spawned process "cmd.exe" with commandline "/c copy /y "%TEMP%\a.txt" "%USERPROFILE%\Desktop\DECRYPT.txt"" ( Show Process) Spawned process "cmd.exe" with commandline "/c copy /y "%APPDATA%\Desktop\DECRYPT.txt"" ( Show Process) Spawned process "cmd.exe" with commandline "/c REG ADD "HKCR\Crypted\shell\open\command" /ve /t REG_SZ /F /D "notepad.exe \"%TEMP%\a.txt\""" ( Show Process) Spawned process "cmd.exe" with commandline "/c REG ADD "HKCR\.crypted" /ve /t REG_SZ /F /D "Crypted"" ( Show Process) Spawned process "cmd.exe" with commandline "/c REG ADD "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Crypted" /t REG_SZ /F /D "%TEMP%\a.txt"" ( Show Process)
Spawned process "wscript.exe" with commandline ""C:\f"" ( Show Process) ĭetected text artifact in screenshot that indicate file is ransomware
0 kommentar(er)
