DESKTOP-FNUMV3U
Normal
- Device ID
561559e2fcea400ba3601b74d64aa30b- 호스트명
- DESKTOP-FNUMV3U
- Local IP
- 172.26.224.1
- External IP
- 14.47.49.244
- 플랫폼
- Windows
- OS 버전
- Windows 10
- Agent 버전
- 7.31.20309.0
- 처음 연결
- 2025-12-20 14:32:15
- 마지막 연결
- 2025-12-22 09:05:48
Tags
태그 없음
Related Alerts
전체 보기
| 심각도 | 설명 | 시간 |
|---|---|---|
| Informational | A process has written a known EICAR test file. Review the files written by the triggered process. | 12-22 07:50 |
| High | A PowerShell script attempted to bypass Microsoft's AntiMalware Scan Interface (AMSI). PowerShell exploit kits often attempt to bypass AMSI to evade detection. Review the script. | 12-22 07:50 |
| High | A process attempted to download a file using bitsadmin in an unusual way. The file might be a malicious payload. Investigate the process tree. | 12-22 07:50 |
| Critical | A process saved the Security Account Manager SAM or SYSTEM hive to disk. If this is unexpected, it likely indicates credential theft. Investigate the process tree. | 12-22 07:50 |
| High | A command line indicates an attempt to hijack a remote desktop protocol session. Review the process tree. | 12-22 07:50 |
| High | A command line indicates an attempt to hijack a remote desktop protocol session. Review the process tree. | 12-22 07:50 |
| Informational | A process has written a known EICAR test file. Review the files written by the triggered process. | 12-22 07:38 |
| High | A process appears to be launching mimikatz, a password dumping utility. mimikatz's primary purpose is to steal passwords. If credentials were dumped, change your passwords and investigate further. | 12-22 07:38 |
| High | A process attempted to download a file using bitsadmin in an unusual way. The file might be a malicious payload. Investigate the process tree. | 12-22 07:38 |
| High | A CMSTP.exe process appears to have been supplied with a suspicious INF file. CMSTP.exe may be abused to load and execute DLLs andor COM scriptlets SCT from remote servers. Review the command line. | 12-22 07:38 |
Raw JSON Data
{"device_id":"561559e2fcea400ba3601b74d64aa30b","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.20309.0","hostname":"DESKTOP-FNUMV3U","local_ip":"172.26.224.1","external_ip":"14.47.49.244","mac_address":"00-15-5d-52-e9-ba","platform_name":"Windows","os_version":"Windows 10","system_product_name":"H110M-DS2V","status":"normal","first_seen":"2025-12-20T05:32:15Z","last_seen":"2025-12-22T00:05:48Z","tags":[],"groups":["4f5aa5f1cdc6441982cf5c58e4b5d75a"],"group_hash":"fb152e9135984fe6b0778b98d0f86fd4060a555e6c7baa220904d1a05b5e7961","policies":[{"policy_type":"prevention","policy_id":"64c665c08ab745759d0a84d7db7a784d","applied":true,"applied_date":"2025-12-20T05:39:48.433367156Z"}],"reduced_functionality_mode":"no","is_online":false,"FirstSeenAt":"2025-12-20T14:32:15+09:00","LastSeenAt":"2025-12-22T09:05:48+09:00"}
Status
- Connection Offline
- Isolation Normal
- 관련 알림 10
Actions
Uninstall Token
센서 삭제 시 필요한 토큰입니다. Uninstall Protection이 활성화된 경우에만 필요합니다.