remotectl_dumpstate.txt| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6403_us | May 28, 2024, 8:55 p.m. | May 28, 2024, 8:57 p.m. |
-
cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "sNeynIZda" C:\Users\test22\AppData\Local\Temp\remotectl_dumpstate.txt
1572-
notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\test22\AppData\Local\Temp\remotectl_dumpstate.txt
2148
-
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| No hosts contacted. | ||
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| description | Take ScreenShot | rule | ScreenShot | ||||||
| description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
| description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
| description | (no description) | rule | DebuggerHiding__Thread | ||||||
| description | (no description) | rule | DebuggerHiding__Active | ||||||
| description | (no description) | rule | ThreadControl__Context | ||||||
| description | (no description) | rule | SEH__vectored | ||||||
| description | Checks if being debugged | rule | anti_dbg | ||||||
| description | Bypass DEP | rule | disable_dep | ||||||