AdminLTE.css| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6403_us | April 19, 2025, 8:24 p.m. | April 19, 2025, 8:26 p.m. |
-
cmd.exe "C:\Windows\System32\cmd.exe" /c start /wait "FLhEY" C:\Users\test22\AppData\Local\Temp\AdminLTE.css
652-
notepad.exe "C:\Windows\system32\NOTEPAD.EXE" C:\Users\test22\AppData\Local\Temp\AdminLTE.css
2136
-
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| No hosts contacted. | ||
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| description | Take ScreenShot | rule | ScreenShot | ||||||
| description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
| description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
| description | (no description) | rule | DebuggerHiding__Thread | ||||||
| description | (no description) | rule | DebuggerHiding__Active | ||||||
| description | (no description) | rule | ThreadControl__Context | ||||||
| description | (no description) | rule | SEH__vectored | ||||||
| description | Checks if being debugged | rule | anti_dbg | ||||||
| description | Bypass DEP | rule | disable_dep | ||||||