本帖最后由 GreatMOLA 于 2023-8-13 21:59 编辑
Norton
Maybe blocked silent download.
htp:t//admin.hospetrack.com/bb.txthttp/s:/admin.hospetrack.com/aa.jpg
- Category: Norton Community Watch
- Date & Time,Risk,Activity,Status,Recommended Action,Date Updated,Submitted By,Description,Submission Details
- 8/13/2023 9:51:52 PM,Info,IPS Detection Statistical Submission,Submitted,No Action Required,8/13/2023 9:51:53 PM,Norton 360,IPS Detection Statistical Submission,"Signature ID: 12030 <br>Local or Remote Attacker: 2 <br>Remote Port: 80 <br>Local Port: 62961 <br>Protocol: 6 <br>Signature Set Version: 20230811.064 <br>Application Name: \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSTEM32\WSCRIPT.EXE <br>Offending URL: http://admin.hospetrack.com/bb.txt <br>Date Detected: Sun, 13 Aug 2023 13:51:52 GMT <br>Application File Checksum: A47CBE969EA935BDD3AB568BB126BC80 <br>Application File Information: 5.812.10240.16384 <br>Network Data: 434D50520014000078DAED924B4BC34010C727B4BEA816A156F0B6C77AD9C63E2CD25348B64DA049EA668B7A5AFA02837DD1062C7E163FABB84D62AD16BC7A991F4CB2FBDFFFEC6666E359A6710239284082B6F3CEA9F8A00019353B5471A0E6C7CA297C6174642038335CE9B75A0113956D5E5D5941451E4CDBE958B2E5749867B86C30A0D13A02AD0459B59E85337002D9E5FEE393EC05CC4A924FE3E40B3807CEEE7B2C10D2B6B8B4FD40F447D370469FE7ABC5385AF6872F74389F8266A79B5DEEF9A5E9F73C117F9556495DC57D57D7E7A21B9BAAE9D1856F13332CF6D7E9C538E51DAE7EA7A882B834DACC13EEFC2D9C4CFAE51AD54949252DFA5138988C9BC40D1C461A546F928770369ABFAE8827C88D9E0AB7B526596F1E62198EC6B3A81C3BA9C784DAC8DC8E5832226687930AD5695D6F541A3B5A556955A5DDFDD0EA89760D5A2E6D4C7E5B80CB84ED5BD9B8233C2E2FB3D3B6647573F38ED76E33015A26F61CA95FE5CBD3E34E39BD6B044110044110044110044110E4FFF9044A008037 <br>Sub-signature ID: 65539 <br>Signature Properties: 29714 <br>Referer URL: <br>Application File SHA256: 34008E2057DF8842DF210246995385A0441DC1E081D60AD15BD481E062E7F100 <br>Application File CreateTime: 0 <br>IPSSubmissionID: 505c462a-cded-11ee-9828-806e6f6e6963 <br>Application File Reputation: 0 <br>Application File Prevalence: 0 <br>Forwarded For: <br>Process ancestors: C:\Windows\explorer.exe|C:\Windows\System32\userinit.exe|C:\Windows\System32\winlogon.exe|C:\Windows\System32\smss.exe|C:\Windows\System32\smss.exe <br>Signature Response: 2 <br>Remote Address: 148.72.206.168 <br>Message Disposition: 1 <br> <br>OS-Country:86 <br>OS-Language:Chinese (Simplified) <br>Processor:Intel64 Family 6 Model 154 Stepping 3 <br>System:Windows 10 build 19045 <br>Platform-GUID:BE48A62E-59DC-4C9C-8A76-7D90B3DF5B9A <br>Telem-ID:C1D9E9D4-2660-4DF4-BB92-AB9ABAE8F9C8 <br>HWID:0B804B9D-5602-3659-A496-5AB46B85A8AC <br>Hostname-MD5:E947355724F38F3CA15F7AB2FE631C3B <br>DateSubmitted:Sun, 13 Aug 2023 13:51:52 GMT <br>Product:Norton Security 22.23.6.5"
|
楼主: petr0vic
发表于 2023-8-13 15:04:12
