DWSHIN
Normal
- Device ID
b4ebfd0a1e2447bcb45b3b72c5794e0e- 호스트명
- DWSHIN
- Local IP
- 10.24.11.136
- External IP
- 211.198.135.5
- 플랫폼
- Windows
- OS 버전
- Windows 11
- Agent 버전
- 7.31.20309.0
- 처음 연결
- 2025-12-09 11:17:24
- 마지막 연결
- 2025-12-22 09:44:34
Tags
태그 없음
Related Alerts
전체 보기
| 심각도 | 설명 | 시간 |
|---|---|---|
| High | A process appears to be executing code with Rundll32, which can be used by attackers to evade detection. Investigate the command line and process tree. | 12-09 12:20 |
| High | A process appears to be executing code with Rundll32, which can be used by attackers to evade detection. Investigate the command line and process tree. | 12-09 12:19 |
| Low | A file written to the file-system was classified as Adware/PUP based on its SHA256 hash. | 12-09 11:49 |
| Low | A file written to the file-system was classified as Adware/PUP based on its SHA256 hash. | 12-09 11:49 |
| Medium | A suspicious process related to a likely malicious file was launched. Review any binaries involved as they might be related to malware. | 12-09 11:43 |
| High | A process has written a kernel driver to disk that CrowdStrike analysts have deemed vulnerable. Attackers can use vulnerable drivers to gain privileged access to a system. Review the process tree and file details. | 12-09 11:43 |
| High | A file written to the file system meets the on-sensor machine learning high confidence threshold for malicious files. Detection is based on a high degree of entropy, packing, anti-malware evasion, or other similarity to known malware. | 12-09 11:36 |
| High | A file written to the file system meets the on-sensor machine learning high confidence threshold for malicious files. Detection is based on a high degree of entropy, packing, anti-malware evasion, or other similarity to known malware. | 12-09 11:32 |
| High | A file written to the file system meets the on-sensor machine learning high confidence threshold for malicious files. Detection is based on a high degree of entropy, packing, anti-malware evasion, or other similarity to known malware. | 12-09 11:32 |
| Low | A file written to the file-system was classified as Adware/PUP based on its SHA256 hash. | 12-09 11:29 |
Raw JSON Data
{"device_id":"b4ebfd0a1e2447bcb45b3b72c5794e0e","cid":"84393bf974fd44bda943a25a6a7bc27f","agent_version":"7.31.20309.0","hostname":"DWSHIN","local_ip":"10.24.11.136","external_ip":"211.198.135.5","mac_address":"5c-b4-7e-be-8e-58","platform_name":"Windows","os_version":"Windows 11","system_product_name":"83JM","status":"normal","first_seen":"2025-12-09T02:17:24Z","last_seen":"2025-12-22T00:44:34Z","tags":[],"groups":["4f5aa5f1cdc6441982cf5c58e4b5d75a"],"group_hash":"fb152e9135984fe6b0778b98d0f86fd4060a555e6c7baa220904d1a05b5e7961","policies":[{"policy_type":"prevention","policy_id":"64c665c08ab745759d0a84d7db7a784d","applied":true,"applied_date":"2025-12-09T02:27:27.155219301Z"}],"reduced_functionality_mode":"no","is_online":false,"FirstSeenAt":"2025-12-09T11:17:24+09:00","LastSeenAt":"2025-12-22T09:44:34+09:00"}
Status
- Connection Offline
- Isolation Normal
- 관련 알림 10
Actions
Uninstall Token
센서 삭제 시 필요한 토큰입니다. Uninstall Protection이 활성화된 경우에만 필요합니다.