The information for this sample will be updated shortly.
File Related Changes
It drops the following file(s) on the system:
- "c:\Users\Admin\AppData\Local\Temp\mepB687.tmp.exe"
- "c:\Users\Admin\AppData\Local\Temp\mepB669.tmp.exe"
Process Related Changes
It creates the following mutex(es):
- "WSearchIdxPi_Perf_Library_Lock_PID_cbc"
- ".NET Data Provider for SqlServer_Perf_Library_Lock_PID_cbc"
- "ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_cbc"
- "Spooler_Perf_Library_Lock_PID_cbc"
- "BITS_Perf_Library_Lock_PID_cbc"
- "ContentIndex_Perf_Library_Lock_PID_cbc"
- ".NET Data Provider for Oracle_Perf_Library_Lock_PID_cbc"
- "TapiSrv_Perf_Library_Lock_PID_cbc"
- "rdyboost_Perf_Library_Lock_PID_cbc"
- "ISAPISearch_Perf_Library_Lock_PID_cbc"
- "PerfNet_Perf_Library_Lock_PID_cbc"
- ".NET CLR Data_Perf_Library_Lock_PID_cbc"
- "RemoteAccess_Perf_Library_Lock_PID_cbc"
- "UGTHRSVC_Perf_Library_Lock_PID_cbc"
- "Lsa_Perf_Library_Lock_PID_cbc"
- ".NETFramework_Perf_Library_Lock_PID_cbc"
- "MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_cbc"
- "ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_cbc"
- "PerfProc_Perf_Library_Lock_PID_cbc"
- "PerfDisk_Perf_Library_Lock_PID_cbc"
- "MSSCNTRS_Perf_Library_Lock_PID_cbc"
- "usbhub_Perf_Library_Lock_PID_cbc"
- "SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_cbc"
- "ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_cbc"
- "UGatherer_Perf_Library_Lock_PID_cbc"
- "Tcpip_Perf_Library_Lock_PID_cbc"
- "PerfOS_Perf_Library_Lock_PID_cbc"
- "ContentFilter_Perf_Library_Lock_PID_cbc"
- "Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_cbc"
- "WmiApRpl_Perf_Library_Lock_PID_cbc"
- "fsdhqherwqi2001"
- ".NET CLR Networking_Perf_Library_Lock_PID_cbc"
- "ESENT_Perf_Library_Lock_PID_cbc"
- "TermService_Perf_Library_Lock_PID_cbc"
- "MSDTC_Perf_Library_Lock_PID_cbc"
- "InetInfo_Perf_Library_Lock_PID_cbc"
It creates the following process(es): - C:\Users\Admin\AppData\Local\Temp\mepB669.tmp.exe
- C:\Windows\system32\WerFault.exe
|
