Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 24, 2021, 7:05 p.m.	June 24, 2021, 7:17 p.m.

Size	4.7MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`ac04a63fbb825a36735b5186cf806c8d`
SHA256	`62609aac613627ef79c08360049cdc59584d71d8e662f890dedbe4318da8beb5`
CRC32	`CD52182D`
ssdeep	`98304:Mv1LpS/BuTR0+L5qPN3lAqL5rlWWtPMsXLp4yvwlkb9dFiFrntuQW3n:MZpS/wTC+LANNmWi6N3YA9dsZntuQg`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

launcher_packed.img "C:\Users\test22\AppData\Local\Temp\launcher_packed.img"
5628

Name	Response	Post-Analysis Lookup
broseset.kro.kr	A 139.99.89.153	139.99.89.153
pccomd.kro.kr	A 139.99.89.153	139.99.89.153
rwtpt.kro.kr	A 139.99.89.153	139.99.89.153
rotpt.p-e.kr	A 139.99.89.153	139.99.89.153

IP Address	Status	Action
158.247.226.251	Active	Moloch
139.99.89.153	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 2684 events)

Time & API	Arguments	Status	Return
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002000.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002001.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002002.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002003.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002004.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002009.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002010.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002011.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002012.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002013.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002015.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002016.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002018.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002019.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002024.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002025.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002026.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00002027.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00012000.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00012001.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00012002.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00012003.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00012004.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00012009.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: .\Data\Character\00012010.img console_handle: 0x0000000f	1	1
WriteConsoleA June 24, 2021, 7:06 p.m.	buffer: Data accumulator console_handle: 0x0000000f	1	1

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	yB0G
section	8boXFi
section	DNaERNM

HTTP traffic contains suspicious features which may be indicative of malware related traffic (50 out of 1343 events)

suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002000.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002001.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002002.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002003.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002004.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002009.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002010.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002011.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002012.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002013.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002015.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002016.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002018.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002019.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002024.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002025.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002026.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00002027.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012000.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012001.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012002.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012003.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012004.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012009.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012010.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012011.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012012.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012013.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012015.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012016.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012018.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012019.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012024.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012025.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012026.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Character/00012027.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/BasicEff.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/CharacterEff.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/Direction.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/Direction1.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/Direction2.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/Direction3.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/Direction4.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/ItemEff.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/MapEff.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/OnUserEff.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/PetEff.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/SetEff.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/SetItemInfoEff.img
suspicious_features	Connection to IP address	suspicious_request	GET http://158.247.226.251/Effect/SkillName1.img

Performs some HTTP requests (50 out of 1347 events)

request	GET http://rotpt.p-e.kr/
request	GET http://pccomd.kro.kr/
request	GET http://rwtpt.kro.kr/
request	GET http://broseset.kro.kr/
request	GET http://158.247.226.251/Character/00002000.img
request	GET http://158.247.226.251/Character/00002001.img
request	GET http://158.247.226.251/Character/00002002.img
request	GET http://158.247.226.251/Character/00002003.img
request	GET http://158.247.226.251/Character/00002004.img
request	GET http://158.247.226.251/Character/00002009.img
request	GET http://158.247.226.251/Character/00002010.img
request	GET http://158.247.226.251/Character/00002011.img
request	GET http://158.247.226.251/Character/00002012.img
request	GET http://158.247.226.251/Character/00002013.img
request	GET http://158.247.226.251/Character/00002015.img
request	GET http://158.247.226.251/Character/00002016.img
request	GET http://158.247.226.251/Character/00002018.img
request	GET http://158.247.226.251/Character/00002019.img
request	GET http://158.247.226.251/Character/00002024.img
request	GET http://158.247.226.251/Character/00002025.img
request	GET http://158.247.226.251/Character/00002026.img
request	GET http://158.247.226.251/Character/00002027.img
request	GET http://158.247.226.251/Character/00012000.img
request	GET http://158.247.226.251/Character/00012001.img
request	GET http://158.247.226.251/Character/00012002.img
request	GET http://158.247.226.251/Character/00012003.img
request	GET http://158.247.226.251/Character/00012004.img
request	GET http://158.247.226.251/Character/00012009.img
request	GET http://158.247.226.251/Character/00012010.img
request	GET http://158.247.226.251/Character/00012011.img
request	GET http://158.247.226.251/Character/00012012.img
request	GET http://158.247.226.251/Character/00012013.img
request	GET http://158.247.226.251/Character/00012015.img
request	GET http://158.247.226.251/Character/00012016.img
request	GET http://158.247.226.251/Character/00012018.img
request	GET http://158.247.226.251/Character/00012019.img
request	GET http://158.247.226.251/Character/00012024.img
request	GET http://158.247.226.251/Character/00012025.img
request	GET http://158.247.226.251/Character/00012026.img
request	GET http://158.247.226.251/Character/00012027.img
request	GET http://158.247.226.251/Effect/BasicEff.img
request	GET http://158.247.226.251/Effect/CharacterEff.img
request	GET http://158.247.226.251/Effect/Direction.img
request	GET http://158.247.226.251/Effect/Direction1.img
request	GET http://158.247.226.251/Effect/Direction2.img
request	GET http://158.247.226.251/Effect/Direction3.img
request	GET http://158.247.226.251/Effect/Direction4.img
request	GET http://158.247.226.251/Effect/ItemEff.img
request	GET http://158.247.226.251/Effect/MapEff.img
request	GET http://158.247.226.251/Effect/OnUserEff.img

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory June 24, 2021, 7:05 p.m.	process_identifier: 5628 region_size: 1740800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05490000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

Foreign language identified in PE resource (1 event)

name

RT_VERSION

language

LANG_KOREAN

filetype

data

sublanguage

SUBLANG_KOREAN

offset

0x04ccbbc0

size

0x000002c8

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00448200', u'virtual_address': u'0x04884000', u'entropy': 7.99983731690658, u'name': u'8boXFi', u'virtual_size': u'0x00448200'}

entropy

7.99983731691

description

A section with a high entropy has been found

entropy

0.915503678855

description

Overall entropy of this PE file is high

Communicates with host for which no DNS query was performed (2 events)

host	158.247.226.251
host	172.217.25.14

Installs an hook procedure to monitor for mouse events (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExW June 24, 2021, 7:05 p.m.	thread_identifier: 0 callback_function: 0x745dc951 hook_identifier: 14 (WH_MOUSE_LL) module_address: 0x745d0000	1	42140487	0

Network activity contains more than one unique useragent (2 events)

process	launcher_packed.img				useragent	InetURL/1.0
process	launcher_packed.img				useragent	tes

Deletes a large number of files from the system indicative of ransomware, wiper malware or system destruction (50 out of 2685 events)

file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\9000001.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\3502001.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\6230600.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\4300004.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\6500015.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8830001.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\7130020.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\8620018.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\8250023.img
file	C:\Users\test22\AppData\Local\Temp\Data\Character\00002001.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\3401011.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\9001016.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\8610024.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Effect\SkillName3.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8105004.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\4250001.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\4230122.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\1150001.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8300003.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8800004.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\5300001.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\8820009.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\9300037.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\6400002.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8810004.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\2230113.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\9300081.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8820010.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8210000.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\9300096.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8810016.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\9300063.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8140111.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\9300078.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\4300001.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\4230123.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\9200018.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8150101.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8641003.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8642010.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\7130101.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\4220000.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\8141300.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\8642019.img
file	C:\Users\test22\AppData\Local\Temp\Data\Character\00002009.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\8810126.img
file	C:\Users\test22\AppData\Local\Temp\http:\158.247.226.251\Mob\5130103.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\8642001.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\9300068.img
file	C:\Users\test22\AppData\Local\Temp\Data\Mob\8620017.img

File has been identified by 29 AntiVirus engines on VirusTotal as malicious (29 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.386268
FireEye	Gen:Variant.Zusy.386268
McAfee	GenericRXAA-AA!AC04A63FBB82
Cylance	Unsafe
VIPRE	Trojan.Crypt.Krap (v)
BitDefenderTheta	Gen:NN.ZexaF.34758.@p0@amEDXtpO
Cyren	W32/Agent.CYU.gen!Eldorado
APEX	Malicious
Avast	Win32:MalwareX-gen [Trj]
BitDefender	Gen:Variant.Zusy.386268
Ad-Aware	Gen:Variant.Zusy.386268
Sophos	Generic ML PUA (PUA)
Comodo	Packed.Win32.MNSP.Gen@2697wr
Emsisoft	Gen:Variant.Zusy.386268 (B)
Avira	TR/Crypt.ASPM.Gen
Microsoft	Trojan:Win32/Caynamer.A!ml
Gridinsoft	Trojan.Heur!.032524E1
GData	Gen:Variant.Zusy.386268
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Agent.C108865
VBA32	TScope.Malware-Cryptor.SB
ALYac	Gen:Variant.Zusy.386268
MAX	malware (ai score=89)
Rising	Malware.Heuristic!ET#94% (RDMK:cmRtazrygsFf9Ts86lFb4RzLT7kw)
SentinelOne	Static AI - Suspicious PE
AVG	Win32:MalwareX-gen [Trj]
Panda	Trj/Genetic.gen

launcher_packed.img

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All