Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | April 21, 2021, 10:28 a.m. | April 21, 2021, 10:30 a.m. |
-
-
is-PH6HD.tmp "C:\Users\test22\AppData\Local\Temp\is-EJ2IH.tmp\is-PH6HD.tmp" /SL4 $21032A "C:\Users\test22\AppData\Local\Temp\CamLiveSetup1.0.0.exe" 24695443 52736
7960-
-
iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3388 CREDAT:145409
4384
-
-
-
IP Address | Status | Action |
---|---|---|
104.75.0.209 | Active | Moloch |
117.18.232.200 | Active | Moloch |
121.254.136.48 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.217.25.14 | Active | Moloch |
182.162.106.48 | Active | Moloch |
182.162.106.8 | Active | Moloch |
184.25.17.153 | Active | Moloch |
184.25.25.207 | Active | Moloch |
20.190.163.18 | Active | Moloch |
23.201.37.168 | Active | Moloch |
23.212.13.232 | Active | Moloch |
23.61.77.47 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49823 184.25.25.207:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=*.prod.cms.rt.microsoft.com | 00:50:3f:3f:5b:4b:cb:b0:99:0e:01:59:97:6f:3d:52:eb:6f:0b:49 |
TLSv1 192.168.56.102:49821 23.201.37.168:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=www.microsoft.com | 9b:2b:8a:e6:51:69:aa:47:7c:57:83:d6:48:0f:29:6e:f4:8c:f1:4d |
TLSv1 192.168.56.102:49819 23.212.13.232:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=www.microsoft.com | 9b:2b:8a:e6:51:69:aa:47:7c:57:83:d6:48:0f:29:6e:f4:8c:f1:4d |
TLSv1 192.168.56.102:49856 182.162.106.8:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | 61:c7:67:3f:15:c5:93:b1:92:93:37:98:73:35:ca:ed:16:93:7e:50 |
TLSv1 192.168.56.102:49853 184.25.17.153:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=mem.gfx.ms | 58:8c:a5:8a:ed:d6:0a:d2:05:1d:ae:8c:23:2f:70:15:5e:00:c1:ae |
TLSv1 192.168.56.102:49854 184.25.17.153:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=mem.gfx.ms | 58:8c:a5:8a:ed:d6:0a:d2:05:1d:ae:8c:23:2f:70:15:5e:00:c1:ae |
TLSv1 192.168.56.102:49844 121.254.136.48:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | 61:c7:67:3f:15:c5:93:b1:92:93:37:98:73:35:ca:ed:16:93:7e:50 |
TLSv1 192.168.56.102:49855 182.162.106.8:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | 61:c7:67:3f:15:c5:93:b1:92:93:37:98:73:35:ca:ed:16:93:7e:50 |
TLSv1 192.168.56.102:49857 23.201.37.168:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=www.microsoft.com | 9b:2b:8a:e6:51:69:aa:47:7c:57:83:d6:48:0f:29:6e:f4:8c:f1:4d |
TLSv1 192.168.56.102:49858 23.201.37.168:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=www.microsoft.com | 9b:2b:8a:e6:51:69:aa:47:7c:57:83:d6:48:0f:29:6e:f4:8c:f1:4d |
TLSv1 192.168.56.102:49822 182.162.106.48:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | 61:c7:67:3f:15:c5:93:b1:92:93:37:98:73:35:ca:ed:16:93:7e:50 |
TLSv1 192.168.56.102:49843 121.254.136.48:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Massachusetts, L=Cambridge, O=Akamai Technologies, Inc., CN=a248.e.akamai.net | 61:c7:67:3f:15:c5:93:b1:92:93:37:98:73:35:ca:ed:16:93:7e:50 |
TLSv1 192.168.56.102:49862 23.61.77.47:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wildcard.onestore.ms | db:d2:75:89:29:28:3c:b5:b2:f6:08:30:7f:a0:85:f8:4d:e3:85:28 |
TLSv1 192.168.56.102:49860 23.201.37.168:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=www.microsoft.com | 9b:2b:8a:e6:51:69:aa:47:7c:57:83:d6:48:0f:29:6e:f4:8c:f1:4d |
TLSv1 192.168.56.102:49868 20.190.163.18:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=graph.windows.net | c0:19:16:55:0b:f2:03:96:59:14:97:b2:5b:a0:5d:fd:d6:4f:0d:9b |
TLSv1 192.168.56.102:49861 23.201.37.168:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=www.microsoft.com | 9b:2b:8a:e6:51:69:aa:47:7c:57:83:d6:48:0f:29:6e:f4:8c:f1:4d |
TLSv1 192.168.56.102:49871 20.190.163.18:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=stamp2.login.microsoftonline.com | a5:5a:69:13:a6:f1:03:ef:89:cf:ce:a6:c3:7d:07:dd:fa:e2:99:47 |
TLSv1 192.168.56.102:49863 23.61.77.47:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=wildcard.onestore.ms | db:d2:75:89:29:28:3c:b5:b2:f6:08:30:7f:a0:85:f8:4d:e3:85:28 |
TLSv1 192.168.56.102:49869 20.190.163.18:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=graph.windows.net | c0:19:16:55:0b:f2:03:96:59:14:97:b2:5b:a0:5d:fd:d6:4f:0d:9b |
TLSv1 192.168.56.102:49859 23.201.37.168:443 |
C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=www.microsoft.com | 9b:2b:8a:e6:51:69:aa:47:7c:57:83:d6:48:0f:29:6e:f4:8c:f1:4d |
TLSv1 192.168.56.102:49866 23.212.13.232:443 |
None | None | None |
TLSv1 192.168.56.102:49872 20.190.163.18:443 |
C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=stamp2.login.microsoftonline.com | a5:5a:69:13:a6:f1:03:ef:89:cf:ce:a6:c3:7d:07:dd:fa:e2:99:47 |
section | CODE |
section | DATA |
section | BSS |
request | GET http://www.microsoft.com/china/windows/IE/upgrade/index.aspx |
request | GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml |
request | GET https://www.microsoft.com/zh-cn/windows |
request | GET https://mwf-service.akamaized.net/mwf/css/bundle/1.58.0/chinese-simplified/default/mwf-main.min.css |
request | GET https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RWbRcX |
request | GET https://c.s-microsoft.com/zh-cn/CMSScripts/script.jsx?k=6bf79a08-9288-6cc8-1e9a-4bf9dbcb4f0b |
request | GET https://www.microsoft.com/videoplayer/js/oneplayeriframe.js |
request | GET https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/chinese-simplified/shell/_scrf/css/themes=default.device=uplevel_web_pc/ce-7fab8a/4d-a16e89/31-37543f/c8-dc213b/72-bc6e2e/1f-ae6216/7f-eaeb0a/45-279540?ver=2.0&_cf=20210415 |
request | GET https://statics-marketingsites-wcus-ms-com.akamaized.net/statics/override.css?c=7 |
request | GET https://c.s-microsoft.com/zh-cn/CMSStyles/style.csx?k=22361378-32d9-7605-f407-faf3915cc578_5db8aa42-94fc-25e1-b3cb-4c10fc9b3365_19eb7aac-f19d-5b0a-2597-917ab6f56948_6907ca6c-47d0-7fb2-f172-c697ac3fa1d4_c2f71a82-22a3-f26a-5030-ff5ef0258ba5_a681ceee-a34b-e130-8d81-b18ed7ae311c_9364d263-04e2-fa93-295f-ac95deef1b9e_f2c0a7de-c8b4-9ffd-3da8-507c03656f45_1355fc4b-ebb6-3206-623c-1d0bfa198078_4e47a659-c850-3b0e-9619-bf3f3883383f_38c4f8a1-9126-1ac0-fe7c-a6ce511e4d5d_a59217af-ef9a-e7a9-5d2d-3e7c29ec8c74_cadda335-6bb7-dd27-b21c-207becff7f0e_6c374194-c20d-b1fb-c660-cb265575e9f8_8537e4c1-e0c2-217e-35c8-368ff8695452_3a5d0f03-92af-f68f-4d54-9345fd0c450b_101e2959-bef8-bef3-9753-ec50a2e21e47_22f531fa-1ca1-1450-f51f-0ced3605391f_83f79b5f-072c-caff-6be3-fc1c19e6fc7d_38913389-fea5-7880-c2c9-8456eb4bc8b3_96e658dc-47b6-244e-2597-042a5f8f810c_9ec9714d-916b-3af1-3b2b-1319816e27f2_077fbb87-618f-dfeb-9d82-070977d8501e_fe5653f3-5634-2b70-6e35-7877f94f84bb_443818fe-bc64-cfef-48f0-a8818b7f445d_1601b05d-e715-cd85-403f-0320bd5ec7d8_a5c2a06f-7ed2-5a74-5ba9-483951164242_d21bd579-3ea5-f74c-45ef-69c9d1f07c47 |
request | GET https://www.microsoft.com/onerfstatics/marketingsites-wcus-prod/shell/_scrf/js/themes=default/54-af9f9f/c0-247156/de-099401/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/bb-d7480b/db-bc0148/dc-7e9864/6d-c07ea1/9d-b58f60/f6-aa5278/cd-23d3b0/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/92-10345d/79-499886/7e-cda2d3/69-13871c/b7-0ad59f/e0-3c9860/91-97a04f/1f-100dea/33-abe4df/17-f90ef1?ver=2.0&_cf=20210415&iife=1 |
request | GET https://mem.gfx.ms/meversion?partner=windows&market=zh-cn&uhf=1 |
request | GET https://c.s-microsoft.com/zh-cn/CMSScripts/script.jsx?k=a99b0db8-bfbf-545e-1fb8-9506657ef0a2_548ab34c-2019-5a40-159d-497aca0a31aa_681f815f-66fa-dd0d-337c-f122e5fbc441_03f654df-21f3-ee95-3e73-fff757267bc7_8b6e2c63-6927-7db5-8e32-7f3333da659e_336509cc-abc8-912e-9a27-74fc22d5e823_d05d04f0-2693-ec0c-01de-808f5ad22891_693cb7af-5841-0401-bf99-98f0d9ba4140_a42d7277-10a1-6935-b06a-ebeeb8815ba6_30431ce6-63a7-f889-dfb0-0df5e1561da0_a96731a9-c05d-ced4-6287-89c900b1ed4f_55f6f45b-01ff-8a72-87f2-aef7adb3c4ae_2d3684a3-f1a0-d1c4-8c01-8f5b22b0884d_bec3e8b8-6afd-a4da-0cb7-e3f0e65d6704_25785618-c6df-5018-c882-7493400f3937_3d6f4407-99a7-efc0-9273-2886b50fa823_544bfecd-07c5-9fff-20c9-9125b66a3749_cc850638-66c6-0dc0-e5df-a231bf28e478_551d8557-d7a9-ff79-b33c-444fc691a935_88257d23-e3fb-0deb-d967-418273373312_79c01e4e-6436-0168-278f-66f180dd4fdd_360dd1e2-0971-6b97-6b15-bebe0e7ed91e_548c8edb-b925-5700-12de-1fbe1e801b5e_e102ee4d-7772-ae41-a83e-3b7ad65995ca_d707f600-5853-342b-4975-ecd516bff797 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_SingleL_Lina.jpg?version=62faa73f-e14b-9432-b764-2a7cb102f396 |
request | GET https://www.microsoft.com/mwf/_h/v3.54/mwf.app/fonts/mwfmdl2-v3.54.woff |
request | GET https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31 |
request | GET https://mwf-service.akamaized.net/mwf/js/bundle/1.58.0/mwf-auto-init-main.var.min.js |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Apps_ROW.svg?version=fd5609cc-a2f9-94c5-1a66-94a80cd4daa5 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Support_Win10.svg?version=cd9f4a5f-0b3d-9251-c658-431441ccd316 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_DoubleR_Alfred.jpg?version=03a6c714-4847-7450-38fb-8324ca30eb0a |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel01_XMosaic_DoubleR_Jen.jpg?version=c3b7507b-c995-8007-0f0d-42e9479462c2 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Devices_Win10.svg?version=9edf105d-64f1-63ed-5722-088fa81cae60 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel2_LinkNav_Learn_Win10.svg?version=a74055d5-8ea6-b1a6-7ee2-be3e17e60335 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel04_FeatureGroup_Need.jpg?version=0403d7c9-4711-8f9a-cb4d-38274bf57476 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel05_FeatureGroup_Included.jpg?version=976539f8-3873-bee1-7def-175fd679d5e1 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel06_FeatureGroup_Gaming.jpg?version=67774c04-06d2-d24c-422f-d267d8c2963a |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Vision.jpg?version=2e286003-dc42-a343-06c7-a89bf41afc60 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Hearing.jpg?version=48d71b3d-1873-8a94-48cf-51b5004493b1 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Neurodiversity.jpg?version=dd9094cf-5aed-e3ec-4c49-2f0ffb0131d1 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Learning.jpg?version=dd0f5222-972f-3d6a-c4b1-8d1f3cf273c0 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel08_MultiFeature_Mobility.jpg?version=d6cee281-0b4a-7da7-45c1-9290b6842199 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Ideas.jpg?version=4aa4ad31-1581-9d76-ef2f-e9ebe3f8e42c |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Time.jpg?version=5b146a03-52cf-74f5-064d-eee060433c0b |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Together.jpg?version=f129679d-4e30-ff68-4e6f-246b4b6387be |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel10_4Up_Protect.jpg?version=74ddf6ec-e0f2-b1c0-68de-ae8073b23695 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel11_HighlightFeature_Apps.jpg?version=20838ec0-a03c-6daf-0748-1ae153da306c |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel13_2Up_Home.jpg?version=eac57ec1-493d-31c9-6134-0f496332edfd |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel13_2Up_Pro.jpg?version=6254e865-59d9-772e-b366-18c5a317c764 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item1_Gray.jpg?version=df68d82a-b81b-b310-e0da-f49a63a83107 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item2_Nocamera.jpg?version=71a410d4-1d20-bc8f-dc2e-36cc8a4a6c8a |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item3_Pen.jpg?version=d227593e-08df-4975-4733-7d1adef53088 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item4_Key.jpg?version=e4d63016-4779-72f1-e2d8-7bed327aec74 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item5_Stand.jpg?version=4cb1c4e3-e67f-5175-b325-d17b1ebffb42 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/1920_Panel15_Mosaic_Item6_Blue.jpg?version=838eebb7-ef23-731b-ee07-deea2ae49dc8 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-21_InsiderProgram.svg?version=8768bb27-2df7-f685-7e06-2732b420aa68 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-18_Support.svg?version=4a9a4c35-089f-e35e-f8db-f08df9dd53b2 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-20_BlogWin.svg?version=3b1d197c-2139-50c4-563f-360f55c40234 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/Prefooter_Icon-19_Community.svg?version=4a149663-0cd4-3657-a2e5-828f12093a87 |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/Windows-Consumer-QR-code-for-Wechat.jpg?version=5fa8e6f7-bd8d-d33c-9dbe-9d80f9fd1f1a |
request | GET https://c.s-microsoft.com/zh-cn/CMSImages/wechat-color.png?version=a0708e8c-0e68-a7c8-9ece-ad71f007821d |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\script[1].js |
file | C:\Users\test22\AppData\Local\Temp\is-PMF5C.tmp\_isetup\_shfoldr.dll |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\meversion[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\oneplayeriframe[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\mwf-auto-init-main.var.min[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\script[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\mwf-main.var[1].js |
file | C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\17-f90ef1[1].js |
file | C:\Users\test22\AppData\Local\Temp\is-EJ2IH.tmp\is-PH6HD.tmp |
file | C:\Users\test22\AppData\Local\Temp\is-PMF5C.tmp\_isetup\_RegDLL.tmp |
file | C:\Users\test22\AppData\Local\Temp\is-PMF5C.tmp\_isetup\_shfoldr.dll |
description | Affect system registries | rule | win_registry | ||||||
description | Affect system token | rule | win_token | ||||||
description | Affect private profile | rule | win_files_operation | ||||||
description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | DebuggerHiding__Active | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | SEH__vectored | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Bypass DEP | rule | disable_dep |
cmdline | "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:3388 CREDAT:145409 |
cmdline | "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome |
host | 172.217.25.14 |
Cylance | Unsafe |
Zillya | Adware.RelevantCRTD.Win32.925 |
K7AntiVirus | Trojan ( 00515b361 ) |
K7GW | Trojan ( 00515b361 ) |
Paloalto | generic.ml |
McAfee-GW-Edition | Artemis |
Sophos | Mal/Generic-S |
McAfee | Artemis!82AB12BCD640 |
Malwarebytes | Generic.Malware/Suspicious |
ESET-NOD32 | multiple detections |
Rising | Trojan.SunnyDigits!8.EC35 (TFE:5:1libuEvXm1Q) |
Yandex | Trojan.DownLoader!+VOeE7lBA58 |
Ikarus | Trojan.Win32.Sunnydigits |
Fortinet | W32/SunnyDigits.D!tr |