Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | July 3, 2024, 9:27 a.m. | July 3, 2024, 9:29 a.m. |
-
-
FortectMain.exe "C:\Program Files\Fortect\FortectMain.exe" --lang=ko --firstRun --runId=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c
2548
-
-
MainDaemon.exe "C:\Program Files\Fortect\bin\MainDaemon.exe" --install
2788 -
MainService.exe "C:\Program Files\Fortect\MainService.exe" --install
2740 -
FortectTray.exe "C:\Program Files\Fortect\bin\FortectTray.exe"
3048
Name | Response | Post-Analysis Lookup |
---|---|---|
app.fortect.com | 104.26.2.16 | |
service.fortect.com | 104.26.3.16 | |
cloud.fortect.com | 172.67.75.40 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.102:49167 104.26.2.16:443 |
None | None | None |
TLSv1 192.168.56.102:49169 104.26.2.16:443 |
None | None | None |
TLSv1 192.168.56.102:49171 104.26.2.16:443 |
None | None | None |
TLSv1 192.168.56.102:49164 104.26.2.16:443 |
None | None | None |
TLSv1 192.168.56.102:49163 104.26.2.16:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=fortect.com | e1:5a:ec:76:ca:40:34:3d:d4:20:e8:4f:e7:70:c6:f4:db:f9:92:2e |
TLSv1 192.168.56.102:49172 172.67.75.40:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=fortect.com | e1:5a:ec:76:ca:40:34:3d:d4:20:e8:4f:e7:70:c6:f4:db:f9:92:2e |
TLSv1 192.168.56.102:49357 172.67.75.40:443 |
None | None | None |
TLS 1.3 192.168.56.102:49366 104.26.3.16:443 |
None | None | None |
TLS 1.3 192.168.56.102:49368 104.26.3.16:443 |
None | None | None |
TLS 1.3 192.168.56.102:49367 104.26.3.16:443 |
None | None | None |
TLS 1.3 192.168.56.102:49377 104.26.3.16:443 |
None | None | None |
TLSv1 192.168.56.102:49383 104.26.2.16:443 |
None | None | None |
TLSv1 192.168.56.102:49374 104.26.2.16:443 |
None | None | None |
TLS 1.3 192.168.56.102:49365 104.26.3.16:443 |
None | None | None |
TLSv1 192.168.56.102:49369 104.26.2.16:443 |
None | None | None |
TLS 1.3 192.168.56.102:49370 104.26.3.16:443 |
None | None | None |
TLS 1.3 192.168.56.102:49373 104.26.3.16:443 |
None | None | None |
TLSv1 192.168.56.102:49380 104.26.2.16:443 |
None | None | None |
registry | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid |
section | .ndata |
request | GET https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=INSST¶m=Downloader%20Started<*> |
request | GET https://app.fortect.com/ev-install-start/ev-install-start.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502 |
request | GET https://app.fortect.com/events/version.php?data=json&sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&installed= |
request | GET https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=LANG¶m=1042<*>ko<*> |
request | GET https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=INSVR¶m=6.5.0.2<*> |
request | GET https://cloud.fortect.com/app/installation/engine/6502/FortectSetup64.7z |
request | GET https://cloud.fortect.com/app/installation/service/6502/FortectProtection64.7z |
request | GET https://app.fortect.com/events/evt_scan.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=AUINS¶m=service%20installed<*>0<*>6.5.0.2<*> |
request | GET https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=PKAOK¶m=ServiceRunning<*> |
request | GET https://app.fortect.com/ev-install-end/ev-install-end.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502 |
request | GET https://app.fortect.com/events/events.php?sessionid=f1b9f267bedbe168cfcb3bfb1c77135727786305941307e07605b667634ea6d5&minorsessionid=1a01b5d2-41ab-4436-85e7-b2c4a1bb783c&os=7&build=7601&architecture=64&version=6502&id=INSRN¶m=6.5.0.2<*> |
file | C:\Users\Public\Desktop\Fortect.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fortect\Fortect.lnk |
file | C:\Users\test22\Desktop\Fortect.lnk |
file | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fortect\Uninstall.lnk |
file | C:\Users\test22\AppData\Local\Temp\Fortect\plugins\Banner.dll |
file | C:\Users\test22\AppData\Local\Temp\Fortect\plugins\nsDialogs.dll |
file | C:\Users\test22\AppData\Local\Temp\Fortect\plugins\INetC.dll |
file | C:\Users\test22\AppData\Local\Temp\Fortect\plugins\ExecDos.dll |
file | C:\Users\test22\AppData\Local\Temp\Fortect\plugins\nsProcess.dll |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\uninst.exe |
file | C:\Users\test22\AppData\Local\Temp\Fortect\plugins\LogEx.dll |
file | C:\Users\test22\AppData\Local\Temp\Fortect\plugins\EnVar.dll |
file | C:\Users\test22\AppData\Local\Temp\Fortect\plugins\Crypto.dll |
file | C:\Users\test22\AppData\Local\Temp\Fortect\plugins\nsJSON.dll |
file | C:\Users\test22\AppData\Local\Temp\nsf293F.tmp\UserInfo.dll |
file | C:\Users\test22\AppData\Local\Temp\Fortect\D2FA106B920C\programfiles\FortectUpdater.exe |
file | C:\Users\test22\AppData\Local\Temp\Fortect\plugins\ShellExecAsUser.dll |
file | C:\Users\test22\AppData\Local\Temp\Fortect\plugins\System.dll |
file | C:\Users\test22\AppData\Local\Temp\Fortect\plugins\nsis7z.dll |
wmi | ASSOCIATORS OF{Win32_LogicalDisk.DeviceID='C:'} WHERE AssocClass = Win32_LogicalDiskToPartition |
wmi | SELECT * FROM Win32_ComputerSystemProduct |
wmi | SELECT * FROM Win32_BIOS |
wmi | SELECT * FROM Win32_DiskDrive WHERE DeviceID like '%PHYSICALDRIVE0' |
ESET-NOD32 | Win32/Fortect.A potentially unwanted |
wmi | ASSOCIATORS OF{Win32_LogicalDisk.DeviceID='C:'} WHERE AssocClass = Win32_LogicalDiskToPartition |
wmi | SELECT * FROM Win32_BIOS |
wmi | SELECT * FROM Win32_ComputerSystemProduct |
wmi | SELECT * FROM Win32_DiskDrive WHERE DeviceID like '%PHYSICALDRIVE0' |
service_name | FortectDaemon | service_path | C:\Program Files\Fortect\bin\"C:\Program Files\Fortect\bin\MainDaemon.exe" | ||||||
service_name | FortectService | service_path | C:\Program Files\Fortect\bin\"C:\Program Files\Fortect\MainService.exe" |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\es.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\resources\app.asar |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\bn.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\kn.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\ko.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\en-US.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\fi.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programdata\av\HBEDV.KEY |
file | C:\ProgramData\Fortect\url_settings.json |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\af.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\ru.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\am.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\it.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programdata\conf\settings.json |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\el.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\lv.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\icudtl.dat |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\ta.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\hr.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\nb.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\chrome_200_percent.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\snapshot_blob.bin |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\ms.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\sv.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\id.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\da.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\ca.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programdata\conf\cron_MainService.json |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\zh-TW.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\th.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programdata\conf\conf.json |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\v8_context_snapshot.bin |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\sw.pak |
file | C:\ProgramData\Fortect\conf\cron_MainService.json |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\nl.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\ja.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\he.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\bg.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\tr.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\te.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\ur.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\chrome_100_percent.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\en-GB.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\pt-PT.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\sk.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\gu.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programdata\av\avupdate_msg.avr |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\es-419.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programfiles\locales\pt-BR.pak |
file | C:\Users\test22\AppData\Local\Temp\Fortect\EBB2B7109925\programdata\conf\vp.json |