| URL: | https://download.apowersoft.com/down.php?softid=streamingaudiorecorder-filehorse |
| Full analysis: | https://app.any.run/tasks/7763fd64-61b8-4757-b95e-90f612fad022 |
| Verdict: | Malicious activity |
| Analysis date: | May 26, 2024, 16:18:45 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MD5: | A8AAAEFAB128B177CD6B2CA87C3645E8 |
| SHA1: | C9D1D1EB1704E6CC836057090B34DC0EA691489D |
| SHA256: | E7E99CA5007994A22C7BACD2A3B1A39FDBB8EBF029C64C6DAE2EB8C1AFC76583 |
| SSDEEP: | 3:N8SEl22RLR8CNVd8bEN08dXCn:2SK2sR8CNVugm8dXCn |
MALICIOUS
Drops the executable file immediately after the start
- streamingaudiorecorder-setup-chn-filehorse.exe (PID: 1236)
- installer.exe (PID: 2364)
- installer.tmp (PID: 2284)
- Streaming Audio Recorder.exe (PID: 3524)
Registers / Runs the DLL via REGSVR32.EXE
- installer.tmp (PID: 2284)
SUSPICIOUS
Executable content was dropped or overwritten
- streamingaudiorecorder-setup-chn-filehorse.exe (PID: 1236)
- installer.exe (PID: 2364)
- installer.tmp (PID: 2284)
- Streaming Audio Recorder.exe (PID: 3524)
Reads the Internet Settings
- streamingaudiorecorder-setup-chn-filehorse.exe (PID: 1236)
- Streaming Audio Recorder.exe (PID: 3524)
Reads the Windows owner or organization settings
- installer.tmp (PID: 2284)
Changes Internet Explorer settings (feature browser emulation)
- installer.tmp (PID: 2284)
The process drops C-runtime libraries
- installer.tmp (PID: 2284)
Process drops legitimate windows executable
- installer.tmp (PID: 2284)
Creates/Modifies COM task schedule object
- regsvr32.exe (PID: 568)
- regsvr32.exe (PID: 1072)
- regsvr32.exe (PID: 1940)
- regsvr32.exe (PID: 2524)
- regsvr32.exe (PID: 2516)
- regsvr32.exe (PID: 2600)
- regsvr32.exe (PID: 2528)
- regsvr32.exe (PID: 1900)
- regsvr32.exe (PID: 2452)
- regsvr32.exe (PID: 2460)
- regsvr32.exe (PID: 992)
- regsvr32.exe (PID: 2328)
Uses NETSH.EXE to add a firewall rule or allowed programs
- installer.tmp (PID: 2284)
Uses NETSH.EXE to delete a firewall rule or allowed programs
- installer.tmp (PID: 2284)
Reads settings of System Certificates
- Streaming Audio Recorder.exe (PID: 3524)
Reads security settings of Internet Explorer
- streamingaudiorecorder-setup-chn-filehorse.exe (PID: 1236)
INFO
Application launched itself
- iexplore.exe (PID: 3980)
- msedge.exe (PID: 2812)
- msedge.exe (PID: 2788)
The process uses the downloaded file
- iexplore.exe (PID: 3980)
Drops the executable file immediately after the start
- iexplore.exe (PID: 4040)
- iexplore.exe (PID: 3980)
Checks supported languages
- installer.exe (PID: 2364)
- streamingaudiorecorder-setup-chn-filehorse.exe (PID: 1236)
- installer.tmp (PID: 2284)
- Streaming Audio Recorder.exe (PID: 3524)
- wmpnscfg.exe (PID: 1944)
Executable content was dropped or overwritten
- iexplore.exe (PID: 4040)
- iexplore.exe (PID: 3980)
Modifies the phishing filter of IE
- iexplore.exe (PID: 3980)
Create files in a temporary directory
- streamingaudiorecorder-setup-chn-filehorse.exe (PID: 1236)
- installer.exe (PID: 2364)
- installer.tmp (PID: 2284)
Reads the computer name
- streamingaudiorecorder-setup-chn-filehorse.exe (PID: 1236)
- installer.tmp (PID: 2284)
- Streaming Audio Recorder.exe (PID: 3524)
- wmpnscfg.exe (PID: 1944)
Creates files in the program directory
- installer.tmp (PID: 2284)
- Streaming Audio Recorder.exe (PID: 3524)
- streamingaudiorecorder-setup-chn-filehorse.exe (PID: 1236)
Creates files or folders in the user directory
- installer.tmp (PID: 2284)
- Streaming Audio Recorder.exe (PID: 3524)
Manual execution by a user
- msedge.exe (PID: 2788)
- Streaming Audio Recorder.exe (PID: 3524)
- wmpnscfg.exe (PID: 1944)
Reads the machine GUID from the registry
- Streaming Audio Recorder.exe (PID: 3524)
- streamingaudiorecorder-setup-chn-filehorse.exe (PID: 1236)
Creates a software uninstall entry
- installer.tmp (PID: 2284)
Reads Environment values
- Streaming Audio Recorder.exe (PID: 3524)
Disables trace logs
- Streaming Audio Recorder.exe (PID: 3524)
Reads the software policy settings
- Streaming Audio Recorder.exe (PID: 3524)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
97
Monitored processes
52
Malicious processes
5
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 304 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3668 --field-trial-handle=1268,i,14938283309395084192,9542524148400956123,131072 /prefetch:1 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 324 | "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule name="Streaming Audio Recorder" program="C:\Program Files\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe" | C:\Windows\System32\netsh.exe | — | installer.tmp | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Network Command Shell Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 568 | "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Apowersoft\Streaming Audio Recorder\wmpplugins\x86\dsfNativeFLACSource.dll" | C:\Windows\System32\regsvr32.exe | — | installer.tmp | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft(C) Register Server Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 728 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2456 --field-trial-handle=1268,i,14938283309395084192,9542524148400956123,131072 /prefetch:1 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 972 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6b2cf598,0x6b2cf5a8,0x6b2cf5b4 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
| 992 | "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Apowersoft\Streaming Audio Recorder\wmpplugins\aacpParser.dll" | C:\Windows\System32\regsvr32.exe | — | installer.tmp | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft(C) Register Server Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1044 | "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="Streaming Audio Recorder" dir=in action=allow program="C:\Program Files\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe" enable=yes | C:\Windows\System32\netsh.exe | — | installer.tmp | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Network Command Shell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1072 | "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Apowersoft\Streaming Audio Recorder\wmpplugins\x86\dsfOggDemux2.dll" | C:\Windows\System32\regsvr32.exe | — | installer.tmp | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft(C) Register Server Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1236 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\streamingaudiorecorder-setup-chn-filehorse.exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\streamingaudiorecorder-setup-chn-filehorse.exe | iexplore.exe | ||||||||||||
User: admin Company: Apowersoft Integrity Level: HIGH Description: Apowersoft Installer Exit code: 0 Version: 1.1.0.9 Modules
| |||||||||||||||
| 1440 | "C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2424 --field-trial-handle=1268,i,14938283309395084192,9542524148400956123,131072 /prefetch:8 | C:\Program Files\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 109.0.1518.115 Modules
| |||||||||||||||
Total events
46 317
Read events
45 575
Write events
694
Delete events
48
Modification events
| (PID) Process: | (3980) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
| Operation: | write | Name: | NTPDaysSinceLastAutoMigration |
Value: 1 | |||
| (PID) Process: | (3980) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
| Operation: | write | Name: | NTPLastLaunchLowDateTime |
Value: | |||
| (PID) Process: | (3980) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing |
| Operation: | write | Name: | NTPLastLaunchHighDateTime |
Value: 31109000 | |||
| (PID) Process: | (3980) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
| Operation: | write | Name: | NextCheckForUpdateLowDateTime |
Value: | |||
| (PID) Process: | (3980) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager |
| Operation: | write | Name: | NextCheckForUpdateHighDateTime |
Value: 31109000 | |||
| (PID) Process: | (3980) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (3980) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (3980) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (3980) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main |
| Operation: | write | Name: | CompatibilityFlags |
Value: 0 | |||
| (PID) Process: | (3980) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
Executable files
99
Suspicious files
157
Text files
121
Unknown types
6
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 4040 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AE5CBAD61AAAAA13CDE041EC2AC306F0_710A84CB2D8226B8A2AC1B219A338E14 | binary | |
MD5:FD505628422C641828BA5F957656B0A9 | SHA256:FFC1950C632DA6D981AA41EE5333FDDF9DA86320DBF569419C695428142AEFB0 | |||
| 4040 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\68FAF71AF355126BCA00CE2E73CC7374_9348905ADD4E6B2C7F47404EF1D88D59 | binary | |
MD5:428699BB2014646A2C0B0325945329D8 | SHA256:FE8FF0DFDF5349F8310D4498D2D3527BA402BA8E933FBA02DC0C98021DA7F125 | |||
| 4040 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:BE4516F3D1EF50CB3E1233B498086FF4 | SHA256:668A1F2CA35B1F2FA34C50191F598F2AEAC79D77BD4308F85247D3E482F62625 | |||
| 3980 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A | binary | |
MD5:8C367388A262CED7370C658A9A2064FF | SHA256:264881807CBB8881151C33A0816B176334CDA1472BEC1BDE90A101CFDD5CD6BD | |||
| 4040 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\68FAF71AF355126BCA00CE2E73CC7374_9348905ADD4E6B2C7F47404EF1D88D59 | binary | |
MD5:73A3D13AA4EDF572B51AFAADD92B92EF | SHA256:C0D24324571A24975EC2497EB700CF44F83FC67610A0D8A9344BEC150658D98E | |||
| 3980 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
| 3980 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\streamingaudiorecorder-setup-chn-filehorse.exe | executable | |
MD5:986B9F938372C2722A5A1CB6074417E4 | SHA256:82C7BD3C521D30D7AA7594CE2E09823256231AC5BCA50BA638E59383559873EB | |||
| 3980 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\streamingaudiorecorder-setup-chn-filehorse.exe.1e36fbs.partial:Zone.Identifier | text | |
MD5:FBCCF14D504B7B2DBCB5A5BDA75BD93B | SHA256:EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913 | |||
| 3980 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF036CC5B3FA3117CB.TMP | gmc | |
MD5:78DB593AD474BC3D592A05FEA7A238C1 | SHA256:968F14C6095DD2059BD736C2B8B93B3597D88AFA683DF9461F83C0EF8CE6419B | |||
| 3980 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A321A237-1B7B-11EF-9E36-12A9866C77DE}.dat | binary | |
MD5:BE35CC91DD165E5F31481EFE93BEB959 | SHA256:530606A3986390EE49E7CF8DB579247811E820C52EC13BA7268264DC98803C66 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
88
DNS requests
81
Threats
5
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
4040 | iexplore.exe | GET | 304 | 2.21.75.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9d16a895bffb80f6 | unknown | — | — | unknown |
4040 | iexplore.exe | GET | 304 | 2.21.75.229:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?068eb670bb243701 | unknown | — | — | unknown |
4040 | iexplore.exe | GET | 200 | 23.222.16.66:80 | http://subca.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTYOkzrrCGQj08njZXbUQQpkoUmuQQUCHbNywf%2FJPbFze27kLzihDdGdfcCEQDCt1Xbk71HLBjTUQvY7qDe | unknown | — | — | unknown |
4040 | iexplore.exe | GET | 200 | 23.222.16.18:80 | http://xinchacha2dv.ocsp-certum.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ4Sk6ZNdKzjsbcX9MfzVXSFJ9BPAQUoUOOADQJ5Xs1M651iQTyMmEPqOcCEHEJ92CRjwxFgi3MFfHPRsY%3D | unknown | — | — | unknown |
4040 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | unknown | — | — | unknown |
3980 | iexplore.exe | GET | 304 | 2.21.75.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0b6b604bdc20d08b | unknown | — | — | unknown |
3980 | iexplore.exe | GET | 304 | 2.21.75.240:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7de81c41146fafe0 | unknown | — | — | unknown |
3980 | iexplore.exe | GET | 200 | 192.229.221.95:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D | unknown | — | — | unknown |
1236 | streamingaudiorecorder-setup-chn-filehorse.exe | GET | 200 | 47.244.67.197:80 | http://wx-user-behavior.cn-hongkong.log.aliyuncs.com/logstores/webtrack/track?APIVersion=0.6.0&__topic__=win-launcher&unique_id=8287a29015fb0005117c3061d4580267&session_id=1716740341&app=Streaming%20Audio%20Recorder&appid=17&apptype=chn-filehorse&installer_version=1.1.0.9&is_old_user=-1&last_step_duration=0&os_available_memory=2595708000&os_culture=0409&os_dpi=100&os_fullname=Microsoft%20Windows%207%20Professional%20&os_lang=en-US&os_resolution=1280x720&os_total_memory=3145208000&os_version=6.1.7601&step=1 | unknown | — | — | unknown |
1236 | streamingaudiorecorder-setup-chn-filehorse.exe | GET | 404 | 163.181.92.245:80 | http://cdn.aoscdn.com/img/contact-group/installer-17-qq.jpg?19869 | unknown | — | — | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
1088 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |
4040 | iexplore.exe | 47.243.121.132:443 | download.apowersoft.com | Alibaba US Technology Co., Ltd. | HK | unknown |
4040 | iexplore.exe | 2.21.75.229:80 | ctldl.windowsupdate.com | Akamai International B.V. | GB | unknown |
4040 | iexplore.exe | 2.21.75.240:80 | ctldl.windowsupdate.com | Akamai International B.V. | GB | unknown |
4040 | iexplore.exe | 23.222.16.66:80 | subca.ocsp-certum.com | Akamai International B.V. | US | unknown |
4040 | iexplore.exe | 23.222.16.18:80 | subca.ocsp-certum.com | Akamai International B.V. | US | unknown |
4040 | iexplore.exe | 104.26.4.201:443 | download.apowersoft.info | CLOUDFLARENET | US | unknown |
4040 | iexplore.exe | 192.229.221.95:80 | ocsp.digicert.com | EDGECAST | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
download.apowersoft.com |
| unknown |
ctldl.windowsupdate.com |
| whitelisted |
subca.ocsp-certum.com |
| whitelisted |
xinchacha2dv.ocsp-certum.com |
| unknown |
download.apowersoft.info |
| unknown |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
wx-user-behavior.cn-hongkong.log.aliyuncs.com |
| unknown |
download.aoscdn.com |
| unknown |
Threats
PID | Process | Class | Message |
|---|---|---|---|
1088 | svchost.exe | Misc activity | ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com) |
2728 | msedge.exe | Misc activity | ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com) |
2728 | msedge.exe | Misc activity | ET INFO DNS Query to Alibaba Cloud CDN Domain (aliyuncs .com) |
— | — | Misc activity | ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI) |
— | — | Misc activity | ET INFO Observed Alibaba Cloud CDN Domain (aliyuncs .com in TLS SNI) |