String found in binary or memory: stratum+tc Remotely Track Device Without AuthorizationĮxfiltration Over Command and Control Channelįile source: 00000002.0 0000003.43 38496485.0 00001E1D67 C4000.0000 0004.00000 001.sdmp, type: MEMO RYįile source: Process Me mory Space : MRT.exe PID: 5504, type: MEM ORY Report size getting too big, too many NtSetInformationFile calls found.Įavesdrop on Insecure Network Communication.Report size getting too big, too many NtReadVirtualMemory calls found.Report size getting too big, too many NtReadFile calls found.Report size getting too big, too many NtQueryVolumeInformationFile calls found.Report size getting too big, too many NtQueryValueKey calls found.Report size getting too big, too many NtProtectVirtualMemory calls found.Report size getting too big, too many NtOpenKeyEx calls found.Report size getting too big, too many NtFsControlFile calls found.Report size getting too big, too many NtEnumerateKey calls found.Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtAllocateVirtualMemory calls found.Execution Graph export aborted for target MRT.exe, PID 5504 because there are no executed function.Excluded domains from analysis (whitelisted): .,, ,, .,,.
0 kommentar(er)
