Landis
Copyright © MegaSecurity
By ?
Informations
| Author | ? |
| Family | Landis |
| Category | Remote Access |
| Version | Landis |
Additional Information
dropped files:
c:\WINDOWS\system32\owxigcum\csrss.dat Size: 276 bytes
c:\WINDOWS\system32\owxigcum\csrss.exe Size: 112,970 bytes
c:\WINDOWS\system32\owxigcum\csrss.ini Size: 83 bytes
c:\WINDOWS\system32\drivers\etc\hosts
deleted file:
c:\WINDOWS\system32\Restore\MachineGuid.txt
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
data: 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "NoAdminPage"
data: 1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "csrss"
data:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run"
data: C:\WINDOWS\System32\owxigcum\csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "csrss"
data:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"
old data:
new data: C:\WINDOWS\System32\owxigcum\csrss.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore "DisableSR"
old data: 00, 00, 00, 00
new data: 01, 00, 00, 00
tested on Windows Xp
March 03, 2006If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.