Neo23x0
commented
3 weeks ago I don't know if I mentioned this before but please consider using THOR Lite because - as the README states - this project is not actively maintained anymore
Open newrealforce9499 opened 3 weeks ago
executing the following command loki.exe -p "Q:\pid" --force --csv --logfolder "C:\Users\xxxxx\Downloads\loki_0.51.0\loki\loggy" --onlyrelevant --allreasons --intense --vulnchecks --scriptanalysis --noprocscan > C:\Users\xxxxx\Downloads\loki_0.51.0\loki\loggy\scan_results.csv and appended data to the csv is weird with this command but some warning data is valid as follows �-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-20241030T09:22:00Z,DESKTOP-C8NKLVR,WARNING,FILE: Q:\pid\4\vmemd\0xffffb001f4980000.vmem SCORE: 60 TYPE: UNKNOWN SIZE: 524288 FIRST_BYTES: 75794d4c305a060a2b06010401823702010c314c / <filter object at 0x000002D4AA7C8EE0> MD5: 9220b0b1206a00b875e593fafe43db42 SHA1: ec60207104188d62e91e529b2cb6ab17f822b96f SHA256: c08470cfc55ba1737ceb806d5c9e983537b11a4ccc33eee7e618a034f9bff670 CREATED: Wed Oct 30 09:23:02 2024 MODIFIED: Wed Oct 30 09:23:02 2024 ACCESSED: Wed Oct 30 09:23:02 2024 REASON_1: Yara Rule MATCH: CoinMiner_Strings SUBSCORE: 60 DESCRIPTION: Detects mining pool protocol string in Executable REF: https://minergate.com/faq/what-pool-address AUTHOR: Florian Roth (Nextron Systems) MATCHES: $sa1: 'stratum+tcp://' �\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/�-�\�|�/
the weird characters are in the first column of the csv
thanks