exe, Orig inalFileNa me: C:\Use rs\user\Ap pData\Loca l\Temp\E0F A1315\x86\ regsvr32.e xe, Parent CommandLin e: 'C:\Use rs\user\De sktop\Chro mEdge Setu p.exe', P arentImage : C:\Users \user\Desk top\ChromE dge Setup. exe' 'C:\ Windows\Sy sWOW64\Inf oSet.dll' /r, Comman dLine: 'C: \Users\use r\AppData\ Local\Temp \E0FA1315\ x86\regsvr 32.exe' 'C :\Windows\ SysWOW64\I nfoSet.dll ' /r, Comm andLine|ba se64offset |contains:, Image: C:\Users\u ser\AppDat a\Local\Te mp\E0FA131 5\x86\regs vr32.exe, NewProcess Name: C:\U sers\user\ AppData\Lo cal\Temp\E 0FA1315\x8 6\regsvr32.
Sigma detected: System File Execution Location AnomalyĪuthor: Florian Roth, Patrick Bareiss: Data: Comm and: 'C:\U sers\user\ AppData\Lo cal\Temp\E 0FA1315\x8 6\regsvr32. exe, Paren tProcessId : 3120, Pr ocessComma ndLine: 'C :\Users\us er\AppData \Local\Tem p\E0FA1315 \x86\regsv r32.exe' ' C:\Windows \SysWOW64\ InfoSet.dl l' /r, Pro cessId: 31 12 Author: Florian Roth: Data: Comm and: 'C:\U sers\user\ AppData\Lo cal\Temp\E 0FA1315\x8 6\regsvr32.
0 kommentar(er)
