Malicious artifacts seen in the context of a contacted hostįound malicious artifacts related to "185.199.108.133". "PyScripter.exe" wrote 4 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Programs\Python\Python36-32\python.exe" (Handle: 1248) "PyScripter.exe" wrote 52 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Programs\Python\Python36-32\python.exe" (Handle: 1248) "PyScripter.exe" wrote 32 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Programs\Python\Python36-32\python.exe" (Handle: 1248) "PyScripter.exe" wrote 4 bytes to a remote process "C:\Windows\System32\ntvdm.exe" (Handle: 2304) "PyScripter.exe" wrote 52 bytes to a remote process "C:\Windows\System32\ntvdm.exe" (Handle: 2304) "PyScripter.exe" wrote 32 bytes to a remote process "C:\Windows\System32\ntvdm.exe" (Handle: 2304) "PyScripter-3.6.4-x86-Setup.tmp" wrote 32 bytes to a remote process "C:\Program Files\PyScripter\PyScripter.exe" (Handle: 744) "PyScripter-3.6.4-x86-Setup.tmp" wrote 4 bytes to a remote process "C:\Program Files\PyScripter\PyScripter.exe" (Handle: 744) "PyScripter-3.6.4-x86-Setup.tmp" wrote 52 bytes to a remote process "C:\Program Files\PyScripter\PyScripter.exe" (Handle: 744) "PyScripter-3.6.4-x86-Setup.exe" wrote 1500 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\is-5ULBE.tmp\PyScripter-3.6.4-x86-Setup.tmp" (Handle: 228) "PyScripter-3.6.4-x86-Setup.exe" wrote 4 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\is-5ULBE.tmp\PyScripter-3.6.4-x86-Setup.tmp" (Handle: 228)
"PyScripter-3.6.4-x86-Setup.exe" wrote 52 bytes to a remote process "C:\Users\%USERNAME%\AppData\Local\Temp\is-5ULBE.tmp\PyScripter-3.6.4-x86-Setup.tmp" (Handle: 228) "PyScripter-3.6.4-x86-Setup.exe" wrote 32 bytes to a remote process "%TEMP%\is-5ULBE.tmp\PyScripter-3.6.4-x86-Setup.tmp" (Handle: 228)