Saw a message about a blocked exploit but really this doesn't really provide any useful info.
As the exploit is classified as "generic" and the exploit as far as I can tell was an echo command.... what process parent (chain of processes) ran this and why is an echo command an exploit? I have no idea what this was for as I did not run it myself so something else did but it doesn't seem like it was being | (pipped) or redirected or anything...
the hex in ascii is ã:ßÉ
and in decimal is 3812286409
Doesn't seem to be any MAC / hardware address of anything on my laptop.
If the message about the exploit wasn't so generic and I really can't think of a reason for this having been a command that was run and for what purpose it was run I would just let it go.
Thanks for any further insights on this anyone can think of.
Mario
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 2/19/19
Protection Event Time: 11:34 PM
Log File: f5eaa4a6-34e1-11e9-bbda-705ab6a6fa05.json
-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.538
Update Package Version: 1.0.9322
License: Premium
-System Information-
OS: Windows 10 (Build 17763.316)
CPU: x64
File System: NTFS
User: System
-Exploit Details-
File: 0
(No malicious items detected)
Exploit: 1
Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0
-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \S \D \c echo E33ADFC9
URL:
(end)