Process launched with changed environment "svchost.exe" touched "Sync Center Control" (Path: "HKCU\CLSID\") "svchost.exe" wrote 8 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 972) "svchost.exe" wrote 52 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 972) "svchost.exe" wrote 8 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 1228) "svchost.exe" wrote 52 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 1228) "svchost.exe" wrote 32 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 1228) "svchost.exe" wrote 8 bytes to a remote process "C:\Windows\System32\wbem\WmiPrvSE.exe" (Handle: 984) "svchost.exe" wrote 52 bytes to a remote process "C:\Windows\System32\wbem\WmiPrvSE.exe" (Handle: 984) "svchost.exe" wrote 32 bytes to a remote process "C:\Windows\System32\wbem\WmiPrvSE.exe" (Handle: 984) "svchost.exe" wrote 8 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 1404) "svchost.exe" wrote 52 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 1404) "svchost.exe" wrote 32 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 1404) "svchost.exe" wrote 8 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 1236) "svchost.exe" wrote 52 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 1236) "svchost.exe" wrote 32 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 1236) "svchost.exe" wrote 32 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 972) "svchost.exe" wrote 8 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 1420) "svchost.exe" wrote 52 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 1420) "svchost.exe" wrote 32 bytes to a remote process "C:\Windows\System32\dllhost.exe" (Handle: 1420) "svchost.exe" wrote 8 bytes to a remote process "C:\Windows\System32\mobsync.exe" (Handle: 764) "svchost.exe" wrote 52 bytes to a remote process "C:\Windows\System32\mobsync.exe" (Handle: 764) "svchost.exe" wrote 32 bytes to a remote process "%WINDIR%\System32\mobsync.exe" (Handle: 764) ( Show technique in the MITRE ATT
0 Comments
Leave a Reply. |