0:[[["$","link","0",{"rel":"stylesheet","href":"/_next/static/css/3e6a55b47d2aed19.css","precedence":"next","crossOrigin":"$undefined"}]],["$","$L3",null,{"buildId":"aWGSQZ35YUbfCTXfMctyS","assetPrefix":"","initialCanonicalUrl":"/journal/2026-06-19-malware-incident-isolation/","initialTree":["",{"children":["journal",{"children":[["slug","2026-06-19-malware-incident-isolation","d"],{"children":["__PAGE__?{\"slug\":\"2026-06-19-malware-incident-isolation\"}",{}]}]}]},"$undefined","$undefined",true],"initialSeedData":["",{"children":["journal",{"children":[["slug","2026-06-19-malware-incident-isolation","d"],{"children":["__PAGE__",{},[["$L4",["$","article",null,{"className":"max-w-3xl mx-auto px-4 py-16","children":[["$","header",null,{"className":"mb-8 border-b border-slate-900 pb-8","children":[["$","div",null,{"className":"flex gap-4 text-xs font-mono text-slate-500 mb-2","children":[["$","span",null,{"children":"June 19, 2026"}],["$","span",null,{"children":"•"}],["$","span",null,{"className":"text-blue-400 uppercase","children":"Security"}]]}],["$","h1",null,{"className":"text-3xl md:text-4xl font-extrabold text-white tracking-tight","children":"Help Desk Incident Response: Isolating a Phishing Payload"}]]}],["$","div",null,{"className":"prose prose-invert max-w-none text-slate-300 leading-relaxed space-y-6 prose-headings:text-white prose-headings:font-bold prose-headings:mt-8 prose-headings:mb-4 prose-h1:text-2xl prose-h2:text-xl prose-code:font-mono prose-code:bg-slate-900 prose-code:text-blue-400 prose-code:px-1.5 prose-code:py-0.5 prose-code:rounded prose-code:text-sm","dangerouslySetInnerHTML":{"__html":"

Incident Timeline

09:14 AM EST: An operator clicked an unexpected invoice attachment link.
09:22 AM EST: Help desk received alerts noting unusual system execution spikes.

Triage Analysis

Leveraged Sysinternals Process Explorer to map parent-child application links. Discovered an active macro payload spawning an unauthorized sub-process out of a temporary storage directory:

explorer.exe -> excel.exe -> cmd.exe -> powershell.exe\n

\n"}}],["$","div",null,{"className":"mt-12 pt-6 border-t border-slate-900","children":["$","a",null,{"href":"/","className":"text-sm font-mono text-blue-500 hover:text-blue-400","children":"← Back to Dashboard"}]}]]}]],null],null]},["$","$L5",null,{"parallelRouterKey":"children","segmentPath":["children","journal","children","$6","children"],"error":"$undefined","errorStyles":"$undefined","errorScripts":"$undefined","template":["$","$L7",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":"$undefined","notFoundStyles":"$undefined","styles":null}],null]},["$","$L5",null,{"parallelRouterKey":"children","segmentPath":["children","journal","children"],"error":"$undefined","errorStyles":"$undefined","errorScripts":"$undefined","template":["$","$L7",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":"$undefined","notFoundStyles":"$undefined","styles":null}],null]},[["$","html",null,{"lang":"en","className":"bg-slate-950 text-slate-100 scroll-smooth","children":["$","body",null,{"className":"__className_f367f3 min-h-screen flex flex-col justify-between","children":[["$","header",null,{"className":"border-b border-slate-900 bg-slate-950/80 backdrop-blur sticky top-0 z-50","children":["$","div",null,{"className":"max-w-5xl mx-auto px-4 h-16 flex items-center justify-between","children":[["$","a",null,{"href":"/","className":"font-mono text-sm tracking-wider text-blue-400 hover:text-blue-300 font-bold","children":"Scott Diemer"}],["$","nav",null,{"className":"flex gap-6 text-sm font-medium text-slate-400","children":[["$","a",null,{"href":"/#about","className":"hover:text-white transition-colors","children":"About"}],["$","a",null,{"href":"/#skills","className":"hover:text-white transition-colors","children":"Skills"}],["$","a",null,{"href":"/journal/","className":"hover:text-white transition-colors","children":"Learning Journal"}]]}]]}]}],["$","main",null,{"className":"flex-grow","children":["$","$L5",null,{"parallelRouterKey":"children","segmentPath":["children"],"error":"$undefined","errorStyles":"$undefined","errorScripts":"$undefined","template":["$","$L7",null,{}],"templateStyles":"$undefined","templateScripts":"$undefined","notFound":[["$","title",null,{"children":"404: This page could not be found."}],["$","div",null,{"style":{"fontFamily":"system-ui,\"Segoe UI\",Roboto,Helvetica,Arial,sans-serif,\"Apple Color Emoji\",\"Segoe UI Emoji\"","height":"100vh","textAlign":"center","display":"flex","flexDirection":"column","alignItems":"center","justifyContent":"center"},"children":["$","div",null,{"children":[["$","style",null,{"dangerouslySetInnerHTML":{"__html":"body{color:#000;background:#fff;margin:0}.next-error-h1{border-right:1px solid rgba(0,0,0,.3)}@media (prefers-color-scheme:dark){body{color:#fff;background:#000}.next-error-h1{border-right:1px solid rgba(255,255,255,.3)}}"}}],["$","h1",null,{"className":"next-error-h1","style":{"display":"inline-block","margin":"0 20px 0 0","padding":"0 23px 0 0","fontSize":24,"fontWeight":500,"verticalAlign":"top","lineHeight":"49px"},"children":"404"}],["$","div",null,{"style":{"display":"inline-block"},"children":["$","h2",null,{"style":{"fontSize":14,"fontWeight":400,"lineHeight":"49px","margin":0},"children":"This page could not be found."}]}]]}]}]],"notFoundStyles":[],"styles":null}]}],["$","footer",null,{"className":"border-t border-slate-900 bg-slate-950 py-8 text-center text-xs text-slate-600 font-mono","children":["© ",2026," - scottdiemer.com"]}]]}]}],null],null],"couldBeIntercepted":false,"initialHead":[false,"$L8"],"globalErrorComponent":"$9","missingSlots":"$Wa"}]]