| File name: | Simda Malware.zip |
| Full analysis: | https://app.any.run/tasks/00edb9b4-d572-45c5-8c47-2edbbdf4a67b |
| Verdict: | Malicious activity |
| Threats: | Trojans are a group of malicious programs distinguished by their ability to masquerade as benign software. Depending on their type, trojans possess a variety of capabilities, ranging from maintaining full remote control over the victim’s machine to stealing data and files, as well as dropping other malware. At the same time, the main functionality of each trojan family can differ significantly depending on its type. The most common trojan infection chain starts with a phishing email. |
| Analysis date: | November 01, 2023, 21:14:58 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/zip |
| File info: | Zip archive data, at least v2.0 to extract |
| MD5: | 5B4CA36DF85317FA81610ED420A34685 |
| SHA1: | FCC6C8EF65D4BFA37FC76680DF8137E8672672F5 |
| SHA256: | E95384608AEDC77778C580E37C1076AB957A033256E638BD8AC5BB328295A2E5 |
| SSDEEP: | 98304:oLnKpgk5bOejqjCzlHC5omwDAD9yOP6NSIJHP2j1b4AYmZ6yt97lmjOpnlVBO0M4:dlu9qkC71U |
MALICIOUS
Application was injected by another process
- explorer.exe (PID: 1400)
- ctfmon.exe (PID: 1708)
- dwm.exe (PID: 928)
- taskeng.exe (PID: 368)
- dllhost.exe (PID: 1244)
Runs injected code in another process
- c1805c2e5c5236abf7dfa8c1edb4306e5d0eb518688aba5f2a1c74bd4db53454.exe (PID: 884)
- explorer.exe (PID: 1400)
Changes the autorun value in the registry
- explorer.exe (PID: 1400)
- 90a23ff30cf40dbf180e2ca98360bbcecaf1a736f7bb118efe7fbff2db7dc82c.exe (PID: 2412)
- bc6bb84d6521d6dacbb323108af50cc6534b2ba88c6257f38e06fa4dc0d5d9d0.exe (PID: 1560)
SHIZ has been detected (SURICATA)
- explorer.exe (PID: 1400)
Drops the executable file immediately after the start
- 3f2d8ce5348c762aab4456cac3c656800ed0bb5864fd16024f3f3caa45f25c7f.exe (PID: 1016)
- Simda.exe (PID: 4060)
Connects to the CnC server
- explorer.exe (PID: 1400)
SIMDA has been detected (SURICATA)
- explorer.exe (PID: 1400)
Actions looks like stealing of personal data
- Simda.exe (PID: 4060)
SUSPICIOUS
The process verifies whether the antivirus software is installed
- c1805c2e5c5236abf7dfa8c1edb4306e5d0eb518688aba5f2a1c74bd4db53454.exe (PID: 884)
- 90a23ff30cf40dbf180e2ca98360bbcecaf1a736f7bb118efe7fbff2db7dc82c.exe (PID: 2412)
- b1a72877c41f16f08ed32ff3d01ed51489c5a2e358f2866bceefd0e60156ed0a.exe (PID: 3888)
- bc6bb84d6521d6dacbb323108af50cc6534b2ba88c6257f38e06fa4dc0d5d9d0.exe (PID: 1560)
The process checks if it is being run in the virtual environment
- c1805c2e5c5236abf7dfa8c1edb4306e5d0eb518688aba5f2a1c74bd4db53454.exe (PID: 884)
- explorer.exe (PID: 1400)
- 90a23ff30cf40dbf180e2ca98360bbcecaf1a736f7bb118efe7fbff2db7dc82c.exe (PID: 2412)
- b1a72877c41f16f08ed32ff3d01ed51489c5a2e358f2866bceefd0e60156ed0a.exe (PID: 3888)
Reads the Internet Settings
- 3f2d8ce5348c762aab4456cac3c656800ed0bb5864fd16024f3f3caa45f25c7f.exe (PID: 1016)
- Simda.exe (PID: 4060)
INFO
Reads the Internet Settings
- explorer.exe (PID: 1400)
Reads the computer name
- wmpnscfg.exe (PID: 128)
- c1805c2e5c5236abf7dfa8c1edb4306e5d0eb518688aba5f2a1c74bd4db53454.exe (PID: 884)
- b1a72877c41f16f08ed32ff3d01ed51489c5a2e358f2866bceefd0e60156ed0a.exe (PID: 3888)
- 90a23ff30cf40dbf180e2ca98360bbcecaf1a736f7bb118efe7fbff2db7dc82c.exe (PID: 2412)
- 3f2d8ce5348c762aab4456cac3c656800ed0bb5864fd16024f3f3caa45f25c7f.exe (PID: 1016)
- Simda.exe (PID: 4060)
- Tcpview.exe (PID: 1648)
- bc6bb84d6521d6dacbb323108af50cc6534b2ba88c6257f38e06fa4dc0d5d9d0.exe (PID: 1560)
- 931mY3.exe (PID: 2452)
- wmpnscfg.exe (PID: 1808)
- wmpnscfg.exe (PID: 3736)
Checks supported languages
- wmpnscfg.exe (PID: 128)
- c1805c2e5c5236abf7dfa8c1edb4306e5d0eb518688aba5f2a1c74bd4db53454.exe (PID: 884)
- b1a72877c41f16f08ed32ff3d01ed51489c5a2e358f2866bceefd0e60156ed0a.exe (PID: 3888)
- 90a23ff30cf40dbf180e2ca98360bbcecaf1a736f7bb118efe7fbff2db7dc82c.exe (PID: 2412)
- 3f2d8ce5348c762aab4456cac3c656800ed0bb5864fd16024f3f3caa45f25c7f.exe (PID: 1016)
- Simda.exe (PID: 4060)
- bc6bb84d6521d6dacbb323108af50cc6534b2ba88c6257f38e06fa4dc0d5d9d0.exe (PID: 1560)
- Tcpview.exe (PID: 1648)
- wmpnscfg.exe (PID: 1808)
- 931mY3.exe (PID: 2452)
- wmpnscfg.exe (PID: 3736)
Drops the executable file immediately after the start
- explorer.exe (PID: 1400)
- WinRAR.exe (PID: 3552)
Manual execution by a user
- wmpnscfg.exe (PID: 128)
- c1805c2e5c5236abf7dfa8c1edb4306e5d0eb518688aba5f2a1c74bd4db53454.exe (PID: 884)
- wmpnscfg.exe (PID: 3736)
- 931mY3.exe (PID: 2452)
- wmpnscfg.exe (PID: 1808)
Reads the machine GUID from the registry
- wmpnscfg.exe (PID: 128)
- 3f2d8ce5348c762aab4456cac3c656800ed0bb5864fd16024f3f3caa45f25c7f.exe (PID: 1016)
- Simda.exe (PID: 4060)
- Tcpview.exe (PID: 1648)
- wmpnscfg.exe (PID: 3736)
- wmpnscfg.exe (PID: 1808)
Creates files or folders in the user directory
- explorer.exe (PID: 1400)
- Simda.exe (PID: 4060)
Create files in a temporary directory
- explorer.exe (PID: 1400)
- 3f2d8ce5348c762aab4456cac3c656800ed0bb5864fd16024f3f3caa45f25c7f.exe (PID: 1016)
Reads security settings of Internet Explorer
- explorer.exe (PID: 1400)
Reads settings of System Certificates
- explorer.exe (PID: 1400)
Reads Windows Product ID
- Simda.exe (PID: 4060)
- 931mY3.exe (PID: 2452)
Reads CPU info
- Tcpview.exe (PID: 1648)
Checks proxy server information
- Simda.exe (PID: 4060)
- dllhost.exe (PID: 1244)
Reads the time zone
- Tcpview.exe (PID: 1648)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .zip | | | ZIP compressed archive (100) |
|---|
EXIF
ZIP
| ZipRequiredVersion: | 20 |
|---|---|
| ZipBitFlag: | 0x0008 |
| ZipCompression: | Deflated |
| ZipModifyDate: | 2023:11:01 15:59:18 |
| ZipCRC: | 0x2354e3fa |
| ZipCompressedSize: | 901349 |
| ZipUncompressedSize: | 1388544 |
| ZipFileName: | 3f2d8ce5348c762aab4456cac3c656800ed0bb5864fd16024f3f3caa45f25c7f.exe |
Total processes
71
Monitored processes
18
Malicious processes
5
Suspicious processes
4
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 128 | "C:\Program Files\Windows Media Player\wmpnscfg.exe" | C:\Program Files\Windows Media Player\wmpnscfg.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Media Player Network Sharing Service Configuration Application Exit code: 0 Version: 12.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 368 | taskeng.exe {A138C7FA-105D-4695-A941-2BE80CB32127} | C:\Windows\System32\taskeng.exe | svchost.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Task Scheduler Engine Exit code: 1073807364 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 884 | "C:\Users\admin\Desktop\c1805c2e5c5236abf7dfa8c1edb4306e5d0eb518688aba5f2a1c74bd4db53454.exe" | C:\Users\admin\Desktop\c1805c2e5c5236abf7dfa8c1edb4306e5d0eb518688aba5f2a1c74bd4db53454.exe | — | explorer.exe | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Modules
| |||||||||||||||
| 928 | "C:\Windows\system32\Dwm.exe" | C:\Windows\System32\dwm.exe | svchost.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Desktop Window Manager Exit code: 255 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1016 | "C:\Users\admin\Desktop\3f2d8ce5348c762aab4456cac3c656800ed0bb5864fd16024f3f3caa45f25c7f.exe" | C:\Users\admin\Desktop\3f2d8ce5348c762aab4456cac3c656800ed0bb5864fd16024f3f3caa45f25c7f.exe | — | explorer.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: Test NP Exit code: 0 Version: 1.0.0.0 Modules
| |||||||||||||||
| 1244 | C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF} | C:\Windows\System32\dllhost.exe | svchost.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1400 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 255 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1560 | "C:\Users\admin\Desktop\bc6bb84d6521d6dacbb323108af50cc6534b2ba88c6257f38e06fa4dc0d5d9d0.exe" | C:\Users\admin\Desktop\bc6bb84d6521d6dacbb323108af50cc6534b2ba88c6257f38e06fa4dc0d5d9d0.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Modules
| |||||||||||||||
| 1648 | "C:\Users\admin\AppData\Local\Temp\Tcpview.exe" | C:\Users\admin\AppData\Local\Temp\Tcpview.exe | 3f2d8ce5348c762aab4456cac3c656800ed0bb5864fd16024f3f3caa45f25c7f.exe | ||||||||||||
User: admin Company: Sysinternals - www.sysinternals.com Integrity Level: HIGH Description: TCP/UDP endpoint viewer Exit code: 0 Version: 3.05 Modules
| |||||||||||||||
| 1708 | C:\Windows\System32\ctfmon.exe | C:\Windows\System32\ctfmon.exe | taskeng.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: CTF Loader Exit code: 3221225477 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
Total events
42 668
Read events
38 608
Write events
4 050
Delete events
10
Modification events
| (PID) Process: | (3552) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (3552) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
| (PID) Process: | (3552) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
| (PID) Process: | (3552) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\phacker.zip | |||
| (PID) Process: | (3552) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (3552) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (3552) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (3552) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (1400) explorer.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList |
| Operation: | write | Name: | MRUList |
Value: a | |||
| (PID) Process: | (1400) explorer.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.zip |
| Operation: | write | Name: | MRUListEx |
Value: 020000000100000000000000FFFFFFFF | |||
Executable files
20
Suspicious files
21
Text files
91
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3552 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3552.29798\3f2d8ce5348c762aab4456cac3c656800ed0bb5864fd16024f3f3caa45f25c7f.exe | executable | |
MD5:9E9B412358E61F51B4AC4D6BCE7E52FD | SHA256:3F2D8CE5348C762AAB4456CAC3C656800ED0BB5864FD16024F3F3CAA45F25C7F | |||
| 1400 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\290532160612e071.automaticDestinations-ms | binary | |
MD5:143813CD8E65F5B7878939C3722B7015 | SHA256:E357E1BDDDD469CEC09F810817363E6CBB581A44FDDE5A5C7716D2B334CB8345 | |||
| 1400 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\Simda Malware.zip.lnk | binary | |
MD5:D41447F2D8D475A352730D27FC41CF97 | SHA256:7D052C4ADF8AA58DAB9B69C343FC5351F9A0DB14E73880710DB482698C9F792A | |||
| 3552 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3552.29798\32e6d94faca82d6d7967fc96fbe1f14c59385218d222d15e6e1db04c9242c806.exe | executable | |
MD5:41772F673922776B63BAA54113CB01BE | SHA256:32E6D94FACA82D6D7967FC96FBE1F14C59385218D222D15E6E1DB04C9242C806 | |||
| 1400 | explorer.exe | C:\Users\admin\Desktop\32e6d94faca82d6d7967fc96fbe1f14c59385218d222d15e6e1db04c9242c806.exe | executable | |
MD5:41772F673922776B63BAA54113CB01BE | SHA256:32E6D94FACA82D6D7967FC96FBE1F14C59385218D222D15E6E1DB04C9242C806 | |||
| 1400 | explorer.exe | C:\Users\admin\Desktop\105d3b108f5bca363ea59346ff46ea0b0a67fc3beca67731b1add736cfe5fca9.exe | executable | |
MD5:F30F48049FA408D56E741DA760E113ED | SHA256:105D3B108F5BCA363EA59346FF46EA0B0A67FC3BECA67731B1ADD736CFE5FCA9 | |||
| 3552 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3552.29798\bc6bb84d6521d6dacbb323108af50cc6534b2ba88c6257f38e06fa4dc0d5d9d0.exe | executable | |
MD5:92A4B058739D17A5A33B0E994694F3D3 | SHA256:BC6BB84D6521D6DACBB323108AF50CC6534B2BA88C6257F38E06FA4DC0D5D9D0 | |||
| 3552 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3552.29798\b1a72877c41f16f08ed32ff3d01ed51489c5a2e358f2866bceefd0e60156ed0a.exe | executable | |
MD5:D4C75B5E4897BBFFFAF10EDDE3C468B7 | SHA256:B1A72877C41F16F08ED32FF3D01ED51489C5A2E358F2866BCEEFD0E60156ED0A | |||
| 1400 | explorer.exe | C:\Users\admin\Desktop\527a1e9dccaad2a9ae59f37512d2f1f61d636e251428785bb70dc56d543d9024.exe | executable | |
MD5:0D9FCE1F9DB03BE59D9265C480FB7363 | SHA256:527A1E9DCCAAD2A9AE59F37512D2F1F61D636E251428785BB70DC56D543D9024 | |||
| 1400 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms | binary | |
MD5:040473306FB66E20E8C4BCD0C06BA57B | SHA256:8E3C2296059DF8F794DDC023D5BFE309FCB826E00CD19D7011D6B090EF92FD6B | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
143
TCP/UDP connections
211
DNS requests
4 453
Threats
232
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
1400 | explorer.exe | GET | 400 | 91.195.240.19:80 | http://www.gahyqah.com/login.php | unknown | html | 90 b | unknown |
1400 | explorer.exe | GET | 200 | 34.174.61.199:80 | http://qetyfuv.com/login.php | unknown | — | — | unknown |
1400 | explorer.exe | GET | 200 | 142.251.141.35:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | unknown | binary | 1.41 Kb | unknown |
1400 | explorer.exe | GET | 200 | 142.251.141.35:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFCjJ1PwkYAi7fE%3D | unknown | binary | 724 b | unknown |
1400 | explorer.exe | GET | 200 | 34.174.61.199:80 | http://vocyzit.com/login.php | unknown | — | — | unknown |
1400 | explorer.exe | GET | 200 | 34.174.78.212:80 | http://vonypom.com/login.php | unknown | — | — | unknown |
1400 | explorer.exe | GET | 302 | 162.255.119.102:80 | http://gahyqah.com/login.php | unknown | html | 55 b | unknown |
1400 | explorer.exe | GET | 302 | 103.224.182.219:80 | http://puzylyp.com/login.php | unknown | text | 2 b | unknown |
1400 | explorer.exe | GET | 200 | 199.191.50.83:80 | http://galyqaz.com/login.php | unknown | html | 41.9 Kb | unknown |
1400 | explorer.exe | GET | 204 | 167.99.35.88:80 | http://vojyqem.com/login.php | unknown | — | — | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
2656 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
1088 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |
1400 | explorer.exe | 204.79.197.200:80 | www.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
1400 | explorer.exe | 167.99.35.88:80 | vojyqem.com | DIGITALOCEAN-ASN | NL | unknown |
1400 | explorer.exe | 162.249.66.86:80 | gatyfus.com | COMCAST-7922 | US | unknown |
1400 | explorer.exe | 162.255.119.102:80 | gahyqah.com | NAMECHEAP-NET | US | unknown |
1400 | explorer.exe | 34.174.206.7:80 | lymyxid.com | GOOGLE-CLOUD-PLATFORM | US | unknown |
1400 | explorer.exe | 95.211.219.66:80 | lysyfyj.com | LeaseWeb Netherlands B.V. | NL | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
www.bing.com |
| whitelisted |
gatyfus.com |
| malicious |
lyvyxor.com |
| unknown |
qetyfuv.com |
| unknown |
vojyqem.com |
| unknown |
purydyv.com |
| unknown |
gahyqah.com |
| unknown |
lyryfyd.com |
| unknown |
vowydef.com |
| unknown |
qexylup.com |
| unknown |
Threats
PID | Process | Class | Message |
|---|---|---|---|
1088 | svchost.exe | A Network Trojan was detected | ET MALWARE Wapack Labs Sinkhole DNS Reply |
1088 | svchost.exe | A Network Trojan was detected | ET MALWARE Wapack Labs Sinkhole DNS Reply |
1400 | explorer.exe | Potential Corporate Privacy Violation | ET POLICY Unsupported/Fake Internet Explorer Version MSIE 2. |
1400 | explorer.exe | Potential Corporate Privacy Violation | ET POLICY Unsupported/Fake Windows NT Version 5.0 |
1400 | explorer.exe | A Network Trojan was detected | ET MALWARE Known Sinkhole Response Header |
1400 | explorer.exe | Potential Corporate Privacy Violation | ET POLICY Unsupported/Fake Windows NT Version 5.0 |
1400 | explorer.exe | Potential Corporate Privacy Violation | ET POLICY Unsupported/Fake Internet Explorer Version MSIE 2. |
1400 | explorer.exe | A Network Trojan was detected | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz |
1400 | explorer.exe | A Network Trojan was detected | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst |
1400 | explorer.exe | A Network Trojan was detected | ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst |
199 ETPRO signatures available at the full report