Considering the nature of what this is, I wont go in to too much detail. If you came across this post via Google or some other search engine, then you were specifically researching this executable. You can find specifics in:
C:\Program Files\Products\System Time
C:\Documents and Settings\All Users\Application Data\System Time
https://www.mandiant.com/
I am uncertain if this process has other names or masks itself in other ways. On our systems, this is how it showed itself. We were specifically having issues with this process taking too much CPU.
Poking at this executable some more, it appears to use this framework under the covers:
http://www.sleuthkit.org
No comments:
Post a Comment