IP Address: 178.205.226.57Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
178.205.226.57​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker

Services Targeted

SMB

Tags

Access Suspicious Domain Download and Execute SMB Service Start SMB Null Session Login Outgoing Connection DNS Query Listening Malicious File HTTP Service Configuration Scheduled Task Creation Download File CMD

Connect Back Servers

www.download.windowsupdate.com fscked.org sec.nl fsroot.de 4711.se mit.edu ip-5-39-64.eu localdomain api.nuget.org archive.torproject.org cxx.rocks uni-erlangen.de rabbani.jp cacerts.digicert.com znx.cc torproject.org dizum.com

72.21.81.200 192.87.28.28 5.39.64.7 163.172.142.92 104.16.238.184 212.227.9.77 82.195.75.101 185.14.28.216 76.73.17.194 154.35.32.5 194.109.206.212 217.79.190.25 131.188.40.189 128.31.0.39 171.25.193.9 8.253.139.120

Basic Information

IP Address

178.205.226.57

Domain

-

ISP

Ojsc oao Tattelecom

Country

Russian Federation

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2017-05-25

Last seen in Guardicore Centra

2017-05-25

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

The file C:\WINDOWS\UpdateInstaller.exe was downloaded and executed

Download and Execute

C:\WINDOWS\UpdateInstaller.exe was identified as malicious by YARA according to rules: Packer, Antidebug Antivm, Peid and Packer Compiler Signatures

Malicious File

Process c:\windows\updateinstaller.exe attempted to access domains: api.nuget.org

DNS Query

Process c:\windows\updateinstaller.exe generated outgoing network traffic to: 72.21.81.200:80

Outgoing Connection

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net20\JetBrains.Annotations.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net20\JetBrains.Annotations.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net20\Microsoft.Win32.TaskScheduler.dll was identified as malicious by YARA according to rules: Packer, Antidebug Antivm and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net20\Microsoft.Win32.TaskScheduler.dll was identified as malicious by YARA according to rules: Packer, Antidebug Antivm and Packer Compiler Signatures

Malicious File

The file C:\Program Files\Microsoft Updates\svchost.exe was downloaded and executed

Download and Execute

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net20\Microsoft.Win32.TaskScheduler.XML was identified as malicious by YARA according to rules: Antidebug Antivm

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net20\Microsoft.Win32.TaskScheduler.XML was identified as malicious by YARA according to rules: Antidebug Antivm

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net20\de\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net20\de\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net20\es\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net20\es\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net20\fr\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net20\fr\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net20\it\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net20\it\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net20\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net20\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net35\JetBrains.Annotations.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net35\JetBrains.Annotations.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net35\Microsoft.Win32.TaskScheduler.dll was identified as malicious by YARA according to rules: Packer, Antidebug Antivm and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net35\Microsoft.Win32.TaskScheduler.dll was identified as malicious by YARA according to rules: Packer, Antidebug Antivm and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net35\Microsoft.Win32.TaskScheduler.XML was identified as malicious by YARA according to rules: Antidebug Antivm

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net35\Microsoft.Win32.TaskScheduler.XML was identified as malicious by YARA according to rules: Antidebug Antivm

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net35\de\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net35\de\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net35\es\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net35\es\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net35\fr\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net35\fr\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net35\it\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net35\it\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net35\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net35\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net40\JetBrains.Annotations.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net40\JetBrains.Annotations.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net40\Microsoft.Win32.TaskScheduler.dll was identified as malicious by YARA according to rules: Packer, Antidebug Antivm and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net40\Microsoft.Win32.TaskScheduler.dll was identified as malicious by YARA according to rules: Packer, Antidebug Antivm and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net40\Microsoft.Win32.TaskScheduler.XML was identified as malicious by YARA according to rules: Antidebug Antivm

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net40\Microsoft.Win32.TaskScheduler.XML was identified as malicious by YARA according to rules: Antidebug Antivm

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net40\de\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net40\de\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net40\es\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net40\es\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net40\fr\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net40\fr\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net40\it\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net40\it\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net40\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net40\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net452\JetBrains.Annotations.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net452\JetBrains.Annotations.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net452\Microsoft.Win32.TaskScheduler.dll was identified as malicious by YARA according to rules: Packer, Antidebug Antivm and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net452\Microsoft.Win32.TaskScheduler.dll was identified as malicious by YARA according to rules: Packer, Antidebug Antivm and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net452\Microsoft.Win32.TaskScheduler.XML was identified as malicious by YARA according to rules: Antidebug Antivm

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net452\Microsoft.Win32.TaskScheduler.XML was identified as malicious by YARA according to rules: Antidebug Antivm

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net452\de\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net452\de\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net452\es\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net452\es\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net452\fr\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net452\fr\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net452\it\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net452\it\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for TaskScheduler.zip\lib\net452\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\TaskScheduler\lib\net452\zh-CN\Microsoft.Win32.TaskScheduler.resources.dll was identified as malicious by YARA according to rules: Packer, Peid and Packer Compiler Signatures

Malicious File

C:\Program Files\Microsoft Updates\Microsoft.Win32.TaskScheduler.dll was identified as malicious by YARA according to rules: Packer, Antidebug Antivm and Packer Compiler Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for SharpZLib.zip\lib\11\ICSharpCode.SharpZipLib.dll was identified as malicious by YARA according to rules: Packer, Peid, Packer Compiler Signatures and Crypto Signatures

Malicious File

C:\Program Files\Microsoft Updates\SharpZLib\lib\11\ICSharpCode.SharpZipLib.dll was identified as malicious by YARA according to rules: Packer, Peid, Packer Compiler Signatures and Crypto Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for SharpZLib.zip\lib\20\ICSharpCode.SharpZipLib.dll was identified as malicious by YARA according to rules: Peid, Packer Compiler Signatures and Crypto Signatures

Malicious File

C:\Program Files\Microsoft Updates\SharpZLib\lib\20\ICSharpCode.SharpZipLib.dll was identified as malicious by YARA according to rules: Peid, Packer Compiler Signatures and Crypto Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for SharpZLib.zip\lib\SL3\SharpZipLib.Silverlight3.dll was identified as malicious by YARA according to rules: Packer, Peid, Packer Compiler Signatures and Crypto Signatures

Malicious File

C:\Program Files\Microsoft Updates\SharpZLib\lib\SL3\SharpZipLib.Silverlight3.dll was identified as malicious by YARA according to rules: Packer, Peid, Packer Compiler Signatures and Crypto Signatures

Malicious File

C:\WINDOWS\Temp\Temporary Directory 1 for SharpZLib.zip\lib\SL4\SharpZipLib.Silverlight4.dll was identified as malicious by YARA according to rules: Packer, Peid, Packer Compiler Signatures and Crypto Signatures

Malicious File

C:\Program Files\Microsoft Updates\SharpZLib\lib\SL4\SharpZipLib.Silverlight4.dll was identified as malicious by YARA according to rules: Packer, Peid, Packer Compiler Signatures and Crypto Signatures

Malicious File

C:\Program Files\Microsoft Updates\ICSharpCode.SharpZipLib.dll was identified as malicious by YARA according to rules: Peid, Packer Compiler Signatures and Crypto Signatures

Malicious File

C:\Program Files\Microsoft Updates\svchost.exe was identified as malicious by YARA according to rules: Antidebug Antivm, Peid and Packer Compiler Signatures

Malicious File

Service RasMan was started

Service Start

C:\Program Files\Microsoft Updates\taskhost.exe was identified as malicious by YARA according to rules: Packer Compiler Signatures

Malicious File

Process c:\program files\microsoft updates\svchost.exe attempted to access domains: archive.torproject.org, www.download.windowsupdate.com and cacerts.digicert.com

DNS Query

Process c:\program files\microsoft updates\svchost.exe generated outgoing network traffic to: 8.253.139.120:80, 82.195.75.101:443 and 104.16.238.184:80

Outgoing Connection

C:\Program Files\Microsoft Updates\temp\tor.zip was identified as malicious by YARA according to rules: Antidebug Antivm

Malicious File

The file C:\Program Files\Microsoft Updates\ICSharpCode.SharpZipLib.dll was downloaded and loaded by c:\program files\microsoft updates\svchost.exe

Download and Execute

Process c:\program files\microsoft updates\tor\tor.exe started listening on ports: 9050 2 times

Listening

Process c:\program files\microsoft updates\tor\tor.exe generated outgoing network traffic to: 5.39.64.7:9001, 128.31.0.39:9101, 212.227.9.77:9001, 185.14.28.216:22, 194.109.206.212:443 and 76.73.17.194:9090

Outgoing Connection

Process c:\program files\microsoft updates\tor\tor.exe attempted to access suspicious domains: fsroot.de, fscked.org, dizum.com, localdomain and ip-5-39-64.eu

Access Suspicious Domain Outgoing Connection

The file C:\Program Files\Microsoft Updates\Microsoft.Win32.TaskScheduler.dll was downloaded and loaded by c:\program files\microsoft updates\svchost.exe

Download and Execute

The command line C:\Program Files\Microsoft Updates\svchost.exe was scheduled to run by modifying C:\WINDOWS\Tasks\Microsoft Service Host.job

The command line C:\Program Files\Microsoft Updates\taskhost.exe was scheduled to run by modifying C:\WINDOWS\Tasks\Microsoft Task Host.job

The command line C:\Program Files\Microsoft Updates\Tor\tor.exe was scheduled to run by modifying C:\WINDOWS\Tasks\Microsoft Tor Host.job

The file C:\WINDOWS\system32\framedyn.dll was downloaded and loaded by c:\windows\system32\netsh.exe

Download and Execute

Service SharedAccess was started

Service Start

Service ALG was started

Service Start

Process c:\program files\microsoft updates\tor\tor.exe generated outgoing network traffic to: 192.87.28.28:9001, 163.172.142.92:443, 131.188.40.189:443, 154.35.32.5:443, 217.79.190.25:9090, 76.73.17.194:9090 and 171.25.193.9:80

Outgoing Connection

Process c:\program files\microsoft updates\tor\tor.exe attempted to access suspicious domains: cxx.rocks, sec.nl, fscked.org, rabbani.jp, znx.cc and 4711.se

Access Suspicious Domain Outgoing Connection

The file C:\Program Files\Microsoft Updates\taskhost.exe was downloaded and executed

Download and Execute

Associated Files

C:\Program Files\Microsoft Updates\TaskScheduler.zip

SHA256: 60eaf06eb6527d9aad26bbc27195b58e5a6f1368cd382b656ea6e3f10347ef1f

890401 bytes

C:\Program Files\Microsoft Updates\SharpZLib.zip

SHA256: 5906c248bb986d50489192f490f94d2331d04e7d34337bc3c0d64df6d0008207

454026 bytes

C:\WINDOWS\UpdateInstaller.exe

SHA256: 64442cceb7d618e70c62d461cfaafdb8e653b8d98ac4765a6b3d8fd1ea3bce15

344064 bytes

C:\Program Files\Microsoft Updates\svchost.exe

SHA256: c4762489488f797b4b33382c8b1b71c94a42c846f1f28e0e118c83fe032848f0

305152 bytes

C:\Program Files\Microsoft Updates\ICSharpCode.SharpZipLib.dll

SHA256: 40b3d590f95191f3e33e5d00e534fa40f823d9b1bb2a9afe05f139c4e0a3af8d

200704 bytes

C:\Program Files\Microsoft Updates\Microsoft.Win32.TaskScheduler.dll

SHA256: a5cedbb6a252c47d0f3d2828bb05a319e97ef9158f802a91723af9b19f4fbd30

348672 bytes

C:\Program Files\Microsoft Updates\taskhost.exe

SHA256: 20240431d6eb6816453651b58b37f53950fcc3f0929813806525c5fd97cdc0e1

61440 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 178.205.226.57​Previously Malicious