jmkbird Posted March 15, 2022 ID:1507012 Share Posted March 15, 2022 Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/15/22 Protection Event Time: 9:54 PM Log File: 7a96af68-a467-11ec-9444-709cd13f9557.json -Software Information- Version: 4.5.5.175 Components Version: 1.0.1621 Update Package Version: 1.0.52379 License: Premium -System Information- OS: Windows 11 (Build 22000.556) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Users\JMK\AppData\Local\Programs\Clash for Windows\resources\static\files\win\x64\clash-win64.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: 16oszjxn.slt-dk.sched.tdnsv8.com IP Address: 112.17.54.141 Port: 443 Type: Outbound File: C:\Users\JMK\AppData\Local\Programs\Clash for Windows\resources\static\files\win\x64\clash-win64.exe (end) Link to post Share on other sites More sharing options...
Staff Solution BjelakovicL Posted March 15, 2022 Staff Solution ID:1507013 Share Posted March 15, 2022 The IP has been reported as a Cobalt Strike C2 but it appears that it has been cleaned up so the block will be removed. https://www.virustotal.com/gui/url/3c7768478578deaeb87bdb00d38bef19a7c5241e48058d11248ea0c48662b208/detection Link to post Share on other sites More sharing options...
Recommended Posts