| File name: | BonziBuddy432.exe |
| Full analysis: | https://app.any.run/tasks/484fb0d3-e502-4ab4-a9d1-44e297579190 |
| Verdict: | Malicious activity |
| Analysis date: | July 31, 2024, 22:21:23 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
| MD5: | 06D87D4C89C76CB1BCB2F5A5FC4097D1 |
| SHA1: | 657248F78ABFA9015B77C431F2FD8797481478FD |
| SHA256: | F1E859D99072E35F20E172D8458E3EA1BAF8BA86C8C9E311A0DEBCD2ACD5D0FC |
| SSDEEP: | 393216:57nfCfPI3z6/pu9rk+G1k7Nx6OcOXni2wEv9tjap0g9E0g9g/fhYSuK:5yPwu/Erk+eSNYOcGP/8N9m9gXhnuK |
MALICIOUS
Drops the executable file immediately after the start
- BonziBuddy432.exe (PID: 7024)
SUSPICIOUS
Executable content was dropped or overwritten
- BonziBuddy432.exe (PID: 7024)
Process drops legitimate windows executable
- BonziBuddy432.exe (PID: 7024)
Creates a software uninstall entry
- BonziBuddy432.exe (PID: 7024)
Creates/Modifies COM task schedule object
- BonziBuddy432.exe (PID: 7024)
Reads security settings of Internet Explorer
- BonziBuddy432.exe (PID: 7024)
INFO
Reads the computer name
- BonziBuddy432.exe (PID: 7024)
- BonziBDY_35.EXE (PID: 6456)
- BonziBDY_2.EXE (PID: 5992)
- identity_helper.exe (PID: 6168)
- identity_helper.exe (PID: 3076)
- TextInputHost.exe (PID: 5144)
- BonziBDY_2.EXE (PID: 2224)
Creates files in the program directory
- BonziBuddy432.exe (PID: 7024)
Create files in a temporary directory
- BonziBuddy432.exe (PID: 7024)
Checks supported languages
- BonziBuddy432.exe (PID: 7024)
- identity_helper.exe (PID: 6168)
- BonziBDY_2.EXE (PID: 5992)
- TextInputHost.exe (PID: 5144)
- BonziBDY_35.EXE (PID: 6456)
- identity_helper.exe (PID: 3076)
- BonziBDY_2.EXE (PID: 2224)
Creates files or folders in the user directory
- BonziBuddy432.exe (PID: 7024)
Reads Microsoft Office registry keys
- BonziBuddy432.exe (PID: 7024)
- msedge.exe (PID: 7136)
- msedge.exe (PID: 812)
- msedge.exe (PID: 6032)
Application launched itself
- msedge.exe (PID: 7136)
- msedge.exe (PID: 812)
- msedge.exe (PID: 6032)
Manual execution by a user
- msedge.exe (PID: 6032)
- BonziBDY_2.EXE (PID: 5992)
- BonziBDY_35.EXE (PID: 6456)
- BonziBDY_2.EXE (PID: 2224)
Reads Environment values
- identity_helper.exe (PID: 6168)
- identity_helper.exe (PID: 3076)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | InstallShield setup (49.2) |
|---|---|---|
| .exe | | | Win32 Executable Delphi generic (16.2) |
| .scr | | | Windows screen saver (14.9) |
| .dll | | | Win32 Dynamic Link Library (generic) (7.5) |
| .exe | | | Win32 Executable (generic) (5.1) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 1992:06:19 22:22:17+00:00 |
| ImageFileCharacteristics: | Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi |
| PEType: | PE32 |
| LinkerVersion: | 2.25 |
| CodeSize: | 101376 |
| InitializedDataSize: | 20480 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x19b64 |
| OSVersion: | 4 |
| ImageVersion: | - |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 4.0.0.0 |
| ProductVersionNumber: | 0.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | English (U.S.) |
| CharacterSet: | Windows, Latin1 |
| Comments: | - |
| CompanyName: | Bonzi Software |
| FileDescription: | BonziBuddy432 4 Installation |
| FileVersion: | 4 |
| LegalCopyright: | Bonzi Software |
Total processes
176
Monitored processes
56
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 304 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2332 --field-trial-handle=2328,i,510336077744247546,14211038112866045332,262144 --variations-seed-version /prefetch:2 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 420 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=788 --field-trial-handle=2356,i,15223133091440942465,10955052404592320104,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 532 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2532 --field-trial-handle=2404,i,8719529887726456607,12963316618280954746,262144 --variations-seed-version /prefetch:3 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 812 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | msedge.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Edge Version: 122.0.2365.59 Modules
| |||||||||||||||
| 904 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6844 --field-trial-handle=2328,i,510336077744247546,14211038112866045332,262144 --variations-seed-version /prefetch:1 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 904 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4088 --field-trial-handle=2356,i,15223133091440942465,10955052404592320104,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1104 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5524 --field-trial-handle=2356,i,15223133091440942465,10955052404592320104,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1236 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3992 --field-trial-handle=2356,i,15223133091440942465,10955052404592320104,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1640 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x324,0x328,0x32c,0x31c,0x334,0x7fffd4775fd8,0x7fffd4775fe4,0x7fffd4775ff0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
| 1644 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6524 --field-trial-handle=2328,i,510336077744247546,14211038112866045332,262144 --variations-seed-version /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 122.0.2365.59 Modules
| |||||||||||||||
Total events
18 943
Read events
18 650
Write events
291
Delete events
2
Modification events
| (PID) Process: | (7024) BonziBuddy432.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\BONZIBUDDY\Add-ons\StorybookReader |
| Operation: | write | Name: | Path |
Value: C:\Program Files (x86)\BonziBuddy432 | |||
| (PID) Process: | (7024) BonziBuddy432.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\BONZIBUDDY\Add-ons\StorybookReader\Books |
| Operation: | write | Name: | Bonz and the Polizoof |
Value: C:\Program Files (x86)\BonziBuddy432\Books\Bonz and the Polizoof\ | |||
| (PID) Process: | (7024) BonziBuddy432.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\BONZIBUDDY\Add-ons\StorybookReader\Books |
| Operation: | write | Name: | Bonzi and the Alpha-net |
Value: C:\Program Files (x86)\BonziBuddy432\BonziBuddy\Books\Bonzi and the Alpha-net\ | |||
| (PID) Process: | (7024) BonziBuddy432.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\BONZIBUDDY\Add-ons\StorybookReader\Books |
| Operation: | write | Name: | Bonz and the Treasure Chest |
Value: C:\Program Files (x86)\BonziBuddy432\BonziBuddy\Books\Bonz and the Treasure Chest\ | |||
| (PID) Process: | (7024) BonziBuddy432.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\BONZIBUDDY\Add-ons\StorybookReader\Books |
| Operation: | write | Name: | Bonzi and the Internet |
Value: C:\Program Files (x86)\BonziBuddy432\Books\BonziBuddy\Bonzi and the Internet\ | |||
| (PID) Process: | (7024) BonziBuddy432.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\BONZIBUDDY\Add-ons\StorybookReader\Options |
| Operation: | write | Name: | UseGlobalSettings |
Value: True | |||
| (PID) Process: | (7024) BonziBuddy432.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\BONZIBUDDY\Add-ons\StorybookReader\Options |
| Operation: | write | Name: | ActionBack |
Value: 1 | |||
| (PID) Process: | (7024) BonziBuddy432.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\BONZIBUDDY\Add-ons\StorybookReader\Options |
| Operation: | write | Name: | ActionGlobal |
Value: 1 | |||
| (PID) Process: | (7024) BonziBuddy432.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\BONZIBUDDY\Add-ons\StorybookReader\Options |
| Operation: | write | Name: | ActionNext |
Value: 1 | |||
| (PID) Process: | (7024) BonziBuddy432.exe | Key: | HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\BONZIBUDDY\Add-ons\StorybookReader\Options |
| Operation: | write | Name: | ActionOpen |
Value: 1 | |||
Executable files
12
Suspicious files
207
Text files
100
Unknown types
10
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7024 | BonziBuddy432.exe | C:\Users\admin\AppData\Local\Temp\$inst\temp_0.tmp | — | |
MD5:— | SHA256:— | |||
| 7024 | BonziBuddy432.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonziBuddy432\BonziBuddy3.lnk | binary | |
MD5:39FAF40DBD1AB6A06034BFD9C6342AA1 | SHA256:464D0FF8704E0468B2887E8C09E9AD0894798FACC01852DDFC4BD7CAB628127B | |||
| 7024 | BonziBuddy432.exe | C:\Program Files (x86)\BonziBuddy432\ActiveSkin.ocx | executable | |
MD5:3D225D8435666C14ADDF17C14806C355 | SHA256:2C8F92DC16CBF13542DDD3BF0A947CF84B00FED83A7124B830DDEFA92F939877 | |||
| 7024 | BonziBuddy432.exe | C:\Program Files (x86)\BonziBuddy432\BonziBUDDY_Killer.exe | executable | |
MD5:913D38CB9D132C8C92B21CFF05A7EB62 | SHA256:6D80BD5A3D5EC6630E9A411A978C8E2C196F530F6A5B580FA982C5AD1622BD0C | |||
| 7024 | BonziBuddy432.exe | C:\Users\admin\AppData\Local\Temp\$inst\2.tmp | compressed | |
MD5:4B332A1B235922A7870595ABEF346CB6 | SHA256:4690EA1B97998F45A2BD991085DFB08177DD074BEC58A9E07B61E3ED721BEDCE | |||
| 7024 | BonziBuddy432.exe | C:\Program Files (x86)\BonziBuddy432\BonziCTB.dll | executable | |
MD5:6A4C7D730AED29B0405B03E128C1655A | SHA256:F85525A3EBE334F7403F031EC47C2B32461650224223EE728107DCE0E879EA93 | |||
| 7024 | BonziBuddy432.exe | C:\Program Files (x86)\BonziBuddy432\BBReader.EXE | executable | |
MD5:EEA3608CB27995431165A2CAAAFB00A6 | SHA256:2836A35937AD987BD9DDBA33162136D71BCBABA0AD6D9B1930A412961B3A3523 | |||
| 7024 | BonziBuddy432.exe | C:\Program Files (x86)\BonziBuddy432\BonziBDY_35.EXE | executable | |
MD5:73FEEAB1C303DB39CBE35672AE049911 | SHA256:88C03817AE8DFC5FC9E6FFD1CFB5B829924988D01CD472C1E64952C5398866E8 | |||
| 7024 | BonziBuddy432.exe | C:\Program Files (x86)\BonziBuddy432\BonziCheckers.ocx | executable | |
MD5:66551C972574F86087032467AA6FEBB4 | SHA256:9028075603C66CA2E906ECAC3275E289D8857411A288C992E8EEF793ED71A75B | |||
| 7024 | BonziBuddy432.exe | C:\Program Files (x86)\BonziBuddy432\Bonzi's Beach Checkers.exe | executable | |
MD5:82F84459780B368F0F3D2189C3FDE304 | SHA256:4E0F8A61DC27E3470F77A06B488BD9CDFC2D470173BDFD4C593286259B78DA97 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
165
TCP/UDP connections
79
DNS requests
72
Threats
29
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 401 | 13.107.6.158:443 | https://business.bing.com/api/v1/user/token/microsoftgraph?&clienttype=edge-omnibox | unknown | — | — | unknown |
— | — | GET | — | 104.21.78.241:443 | https://bonzibuddy.tk/ | unknown | — | — | unknown |
5092 | msedge.exe | GET | 301 | 104.21.78.241:80 | http://bonzibuddy.tk/ | unknown | — | — | unknown |
— | — | GET | 304 | 13.107.21.239:443 | https://edge.microsoft.com/abusiveadblocking/api/v1/blocklist | unknown | — | — | unknown |
— | — | GET | 304 | 13.107.42.16:443 | https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeRuntime%2CEdgeRuntimeConfig%2CEdgeDomainActions&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=39&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1 | unknown | — | — | unknown |
— | — | GET | — | 104.21.78.241:443 | https://bonzibuddy.tk/ | unknown | — | — | unknown |
— | — | HEAD | 200 | 23.53.42.162:443 | https://assets.msn.com/statics/icons/favicon.ico | unknown | — | — | unknown |
— | — | GET | 200 | 13.107.42.16:443 | https://config.edge.skype.com/config/v1/Edge/122.0.2365.59?clientId=4489578223053569932&agents=EdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=39&mngd=0&installdate=1661339457&edu=0&bphint=2&soobedate=1504771245&fg=1 | unknown | binary | 735 b | unknown |
— | — | GET | 401 | 13.107.6.158:443 | https://business.bing.com/work/api/v2/tenant/my/settingswithflights?&clienttype=edge-omnibox | unknown | binary | 581 b | unknown |
— | — | GET | 200 | 204.79.197.239:443 | https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=122.0.2365.59&experimentationmode=2&scpguard=0&scpfull=0&scpver=0 | unknown | binary | 479 b | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 239.255.255.250:1900 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
5092 | msedge.exe | 13.107.42.16:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
6032 | msedge.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
5092 | msedge.exe | 13.107.246.67:443 | edge-mobile-static.azureedge.net | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
5092 | msedge.exe | 13.107.6.158:443 | business.bing.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
5092 | msedge.exe | 204.79.197.239:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
bonzibuddy.tk |
| unknown |
edge.microsoft.com |
| whitelisted |
business.bing.com |
| whitelisted |
edge-mobile-static.azureedge.net |
| whitelisted |
www.bing.com |
| whitelisted |
edgeservices.bing.com |
| whitelisted |
ntp.msn.com |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
5092 | msedge.exe | Potentially Bad Traffic | ET DNS Query to a .tk domain - Likely Hostile |
5092 | msedge.exe | Potentially Bad Traffic | ET DNS Query to a .tk domain - Likely Hostile |
5092 | msedge.exe | Potentially Bad Traffic | ET DNS Query to a .tk domain - Likely Hostile |
5092 | msedge.exe | Potentially Bad Traffic | ET DNS Query to a .tk domain - Likely Hostile |
— | — | Generic Protocol Command Decode | SURICATA HTTP Request abnormal Content-Encoding header |
— | — | Potentially Bad Traffic | ET POLICY HTTP Request to a *.tk domain |
— | — | Generic Protocol Command Decode | SURICATA HTTP Request abnormal Content-Encoding header |
— | — | Generic Protocol Command Decode | SURICATA HTTP Request abnormal Content-Encoding header |
— | — | Generic Protocol Command Decode | SURICATA HTTP Request abnormal Content-Encoding header |
5092 | msedge.exe | Potentially Bad Traffic | ET POLICY HTTP Request to a *.tk domain |
2 ETPRO signatures available at the full report