活動
起 2024-02-10 迄 2024-02-19
2024-02-19
- 10:20 非法入侵 #687 (Closed-關閉): TAHOERP
- Description
User hashes from SAM hive accessed
Command line
"C:\Program Files\Cybereason ActiveProbe\minionhost.... - 10:19 非法入侵 #686 (Rejected-拒绝): DAVID-THINK
- Description
A process attempted to modify Falcon sensor related service binaries. This is indicative of an attempt t... - 10:18 非法入侵 #685 (Closed-關閉): TPHOLAP340(net.exe)
- Description
A process appears to be accessing credentials and might be dumping passwords. If this is unexpected, rev... - 10:17 非法入侵 #684 (Closed-關閉): ULPU-WG-PC-0019
- Description
A suspicious process read lsass memory. Adversaries often use this to steal credentials. If credentials ... - 10:16 非法入侵 #683 (Closed-關閉): TPHQ6WKS324
- Description
A suspicious process injected into another process in an unusual way. Investigate the process trees for ... - 10:15 非法入侵 #682 (Closed-關閉): ULPU-WG-PC-0019
- Description
A suspicious process read lsass memory. Adversaries often use this to steal credentials. If credentials ...
2024-02-15
- 11:20 非法入侵 #677 (Resolved-解决): FINANCE-1
- 1.移除 Lenovo 提供的工具 Vantage,
D:\Users\ProgramData\Lenovo 底下已經沒有 Vantage資料夾
2.電腦名稱:修正為TPHQ6WKS324 - 08:58 非法入侵 #677 (Closed-關閉): FINANCE-1
- Description
A suspicious process injected into another process in an unusual way. Investigate the process trees for ... - 08:59 非法入侵 #528 (Closed-關閉): tahoslad02(f_00ec57)
- 08:59 非法入侵 #540 (Closed-關閉): tarwplnwks010(transcend.lnk)
- 08:59 非法入侵 #504 (Closed-關閉): tahoslad02(f_0099c5)
- 08:59 非法入侵 #505 (Closed-關閉): tahoslad02(f_00b453)
匯出至 Atom