![]() Which is directly followed by "cmp dword ptr, 06h" and "jc 00402120h". "" read file "C:\Users\%USERNAME%\Pictures\desktop.ini"Ĭontains ability to create a remote thread (often used for process injection)įound API call (Target: "" Stream UID: "19585-5178-004020D0") "" read file "C:\Users\%USERNAME%\Documents\desktop.ini" "" read file "C:\Users\%USERNAME%\Videos\desktop.ini" "" read file "C:\Users\%USERNAME%\desktop.ini" "" read file "C:\Users\%USERNAME%\Music\desktop.ini" "" read file "C:\Users\%USERNAME%\Downloads\desktop.ini" "" read file "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini" "" read file "C:\Users\%USERNAME%\Links\desktop.ini" "" read file "C:\Users\%USERNAME%\Favorites\desktop.ini" "" read file "C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini" ![]() "" read file "%PROGRAMFILES%\desktop.ini" "" read file "C:\Users\%USERNAME%\Desktop\desktop.ini"
0 Comments
Leave a Reply. |