Managed XDR

c-users-user-appdata-l....rge-documentation.lnk — отчёт о динамическом анализе вредоносного файла

Информация о файле

Имя файла: c-users-user-appdata-local-temp-1shm4xy3.rge-documentation.lnk
Тип файла: MS Windows shortcut, Item id list present, Has Description string, Has Working directory, Has command line arguments, Icon number=1, ctime=Fri Nov 7 07:55:30 2025, mtime=Fri Nov 7 07:55:30 2025, atime=Fri Nov 7 07:55:30 2025, length=0, window=hide
Размер файла: 13.9 KB
Первое обнаружение: 2025-11-07 08:58
Последнее обнаружение: 2025-11-07 08:58

w10/x86 en

T1059.001 suspicious_powershell: Creates suspicious powershell process

T1059 powershell_cmd_longcommandline: Suspiciously long commandline

T1059.001 suspicious_process: Spawns a suspicious process

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

T1134 opens_thread_token: Opens the access token associated with a thread

T1134 opens_process_token: Opens the access token associated with a process

T1070 stealth_window: A process created a hidden window

T1518 locates_browser: Attempts to identify where browsers are installed

dead_host: Connects to IP addresses that do not respond to requests

no_graphical_activity: No graphic activity

creates_suspended_process: Creates suspended process

writes_data: Writes big amount of data to disk

yara_rules: Static rules

Managed XDR