Open kevross33 opened 9 years ago
Seen in cryptowall MD5 6daff56b1c5429b7460dcf836803bea3. Executed commands:
C:\Windows\System32\lsass.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\vssvc.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 308 -k netsvcs vssadmin.exe Delete Shadows /All /Quiet bcdedit /set {default} recoveryenabled No bcdedit /set {default} bootstatuspolicy ignoreallfailures
Seen in cryptowall MD5 6daff56b1c5429b7460dcf836803bea3. Executed commands:
C:\Windows\System32\lsass.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\vssvc.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 308 -k netsvcs vssadmin.exe Delete Shadows /All /Quiet bcdedit /set {default} recoveryenabled No bcdedit /set {default} bootstatuspolicy ignoreallfailures