lazyfor.blogg.se

Spawned process "OfficeC2RClient.exe" with commandline "/WatchService" ( Show Process) Spawned process "SDXHelper.exe" with commandline "-Embedding" ( Show Process) Spawned process "SDXHelper.exe" with commandline "/onlogon" ( Show Process) Spawned process "msiexec.exe" with commandline "/V" ( Show Process)

Spawned process "OfficeClickToRun.exe" with commandline "deliverymechanism=492350f6-3a01-4f97-b9c0-c7c6ddf67d60 productreleaseid=ProfessionalRetail platform=x86 culture=es-es lcid=3082 b= prereleasebuild=4419 act=1 pidkeys=NKGG6-WBPCC-HXWMY-6DQGJ-CPQVG forcecentcheck= storeid= tx= totalclientcabsize=20981081 productstoadd=ProfessionalRetail.16_es-es_x-none scenario=unknown version.16=7.21104 ProfessionalRetail.excludedapps.16=groove updatesenabled.16=True cdnbaseurl.16= mediatype.16=CDN baseurl.16= sourcetype.16=CDN flt.downloadappvcab=unknown flt.useclientcabmanager=unknown flt.useexptransportinplacepl=unknown" ( Show Process) "SDXHelper.exe" wrote 52 bytes to a remote process "%PROGRAMFILES%\Microsoft Office\root\Office16\SDXHelper.exe" (Handle: 768)įound malicious artifacts related to "205.185.216.42". "SDXHelper.exe" wrote 32 bytes to a remote process "%PROGRAMFILES%\Microsoft Office\root\Office16\SDXHelper.exe" (Handle: 768) "SDXHelper.exe" wrote 4 bytes to a remote process "%PROGRAMFILES%\Microsoft Office\root\Office16\SDXHelper.exe" (Handle: 768) "-es_ProfessionalRetail_NKGG6-WBPCC-HXWMY-6DQGJ-CPQVG_act_1_.exe" wrote 4 bytes to a remote process "%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe" (Handle: 1396) "-es_ProfessionalRetail_NKGG6-WBPCC-HXWMY-6DQGJ-CPQVG_act_1_.exe" wrote 52 bytes to a remote process "%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe" (Handle: 1396) "-es_ProfessionalRetail_NKGG6-WBPCC-HXWMY-6DQGJ-CPQVG_act_1_.exe" wrote 32 bytes to a remote process "%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe" (Handle: 1396)