Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 25, 2021, 9:30 a.m.	June 25, 2021, 9:33 a.m.

Size	680.0KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`41c69a7f93fbe7edc44fd1b09795fa67`
SHA256	`8b720f6963165f9aca1600e2e3efb04a7162014d0d738fb7f8b9872019f49bd5`
CRC32	`898421AF`
ssdeep	`12288:Umn1vBXNJl0P3ZbcCAjqH0d5i+qUH6wyZQMvvdgMiCiT:n1vJNJla39cGH0dg7sOlQCiT`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen IsPE32 - (no description)

2022c578cf7429b85615d4819d161edc.exe "C:\Users\test22\AppData\Local\Temp\2022c578cf7429b85615d4819d161edc.exe"
6192
- rundll32.exe "C:\Windows\system32\rUNdlL32.eXe" "C:\Users\test22\AppData\Local\Temp\axhub.dll",axhub
  8800
explorer.exe C:\Windows\Explorer.EXE
1848

Name	Response	Post-Analysis Lookup
email.yg9.me		198.13.62.186
email.yg9.me	A 198.13.62.186	198.13.62.186
ol.gamegame.info	A 172.67.200.215 A 104.21.21.221	172.67.200.215
ip-api.com	A 208.95.112.1	208.95.112.1
iw.gamegame.info	A 172.67.200.215 A 104.21.21.221	172.67.200.215

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
172.67.200.215	Active	Moloch
198.13.62.186	Active	Moloch
208.95.112.1	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.102:50840 -> 198.13.62.186:53	2014702	ET DNS Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set	Potential Corporate Privacy Violation
TCP 192.168.56.102:49812 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49812 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49812 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49812 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49812 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 25, 2021, 9:30 a.m.			0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 25, 2021, 9:30 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 events)

suspicious_features	POST method with no referer header				suspicious_request	POST http://iw.gamegame.info/report7.4.php
suspicious_features	POST method with no referer header				suspicious_request	POST http://ol.gamegame.info/report7.4.php

Performs some HTTP requests (3 events)

request	GET http://ip-api.com/json/?fields=8198
request	POST http://iw.gamegame.info/report7.4.php
request	POST http://ol.gamegame.info/report7.4.php

Sends data using the HTTP POST Method (2 events)

request	POST http://iw.gamegame.info/report7.4.php
request	POST http://ol.gamegame.info/report7.4.php

Allocates read-write-execute memory (usually to unpack itself) (18 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10006000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e80000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73771000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73861000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72da4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e01000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 region_size: 1638400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022b0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02400000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 region_size: 1052672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02160000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 region_size: 380928 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02090000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x71f81000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76891000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x740f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75111000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75241000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74f41000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 25, 2021, 9:30 a.m.	process_identifier: 8800 region_size: 311296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01ef0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Looks up the external IP address (1 event)

domain

ip-api.com

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Temp\axhub.dll.lnk
file	C:\Users\test22\AppData\Local\Temp\axhub.dll

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\axhub.dll.lnk

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\axhub.dll.lnk

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\axhub.dll

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (4 events)

Time & API	Arguments	Status	Return
Process32NextW June 25, 2021, 9:30 a.m.	snapshot_handle: 0x00000120 process_name: mobsync.exe process_identifier: 1420	1	1
Process32NextW June 25, 2021, 9:30 a.m.	snapshot_handle: 0x00000120 process_name: pw.exe process_identifier: 8188	1	1
Process32NextW June 25, 2021, 9:30 a.m.	snapshot_handle: 0x00000120 process_name: cmd.exe process_identifier: 1836	1	1
Process32NextW June 25, 2021, 9:30 a.m.	snapshot_handle: 0x00000120 process_name: rundll32.exe process_identifier: 8800	1	1

Expresses interest in specific running processes (1 event)

process

rundll32.exe

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config (1 event)

Time & API	Arguments	Status	Return	Repeated
RegSetValueExW June 25, 2021, 9:30 a.m.	key_handle: 0x00000124 regkey_r: 1 reg_type: 3 (REG_BINARY) value: ÁÕx4XÁåH<PÁýPwËoÜØ_µHÅµ¾HÅ¼«HcáA@Å±4^¯fZÅÊC@K°h·?ËjètM=ãK£¹áü÷¶Ãc~¹²$ ?xÃ{aLÇs°Íh$ÏüsEø½ç@tPAÊ]ù¸003ú6)Ã{¸ÍE´H±Æ·¹ÎMÅÉ`tÃ]ÁÍ`dÁÂGÅh»ÿ^ßptÃE&÷3áù¸HÃE¾(Ã×x\|ÃçHD(ÃÿPL ËGôqÃ çÁÕx<Åh,]ÅáHñÉm,Àe-Ã!E`3èâ.DDHîçLLLHÃÛHTÇÙB]ÆÉr}ÈEÏû~I#\|·@NRÆPÉ7¼BÉÌüp:ò2z½ÃÎòÿ)øTK¸ÀL½ThÃÞêúÎRÖ±¼ÃÄº[B!ãË·=ÊhêtªÀ4³pºÊúQiJó±x`AnóÁÏXNÛÅûrEN±½J¶<ÇÓyc¤c1~"yò8zBaj ;»¾ÊÊe©3vJÃÏ¸£@ÊÂUUJËCØJÓrêÞ7µÎ&JÂsëß!¦Aø.@\|2~oNÇH<>Î±~¦$ËÍÏJKP{û´®ÉÌ@p·OÁN±¾I¶?Âû¹y`§eXXJ>==>§"ÍÅ K¸ûòÁ#ÀL¼eIOfïÕBE´kWÅÀL[ß±¿À Æ¹X@#ãÛ·>Ëiët^õ;¡Ñï§±·ÅÀ8/]÷©¿ìOÃI)é1óÃ¸ÔðHÉEÀ_ËoÄÀûí·ËkáAËGìëÁÕx,]ËoÜxÃrrQcõ;Q!ïFáü÷¶ÁÍ`À6#F²$ ?xÃc9,F;ÂÁ ¬LÇkTAFð¾õz4ÇsGRFR¹Á ¤èu`·ÁÍ`lÇckx»3t4ó)¼V¸õZf_>s~²½ f_>r+KtÅ Hsâ«§T½nEt}½<u¶{¸ fãÁz(bÃA²z(vÄHðf_}zaÑàK¸óz8JÁ¹ úBZÉÜPLÈE´VkÄÊE:øÌþ¶JÑËBéarë¬ÔúÏÇr}~ñÅß¢»Ïßjjgá¾5FÒÊI¶µoù´'zó»OqÀAÊJxrCIÊÈGENHC;áÑÂÀÖsiÌÄ¶üËCJ¶ÚáêNLÏZÊkét¾ojn_¾øù@Aù¸00AÊYáú6ÃSÍEÏ_%»ÏÏzjÃ\ÃC¾(vúN¸^"wr8u:Èäh¸rÅÁÊJÚE´VgÎJÖEÀE´aTÊZÒHÅKKÔ¾(vú¯'Bî]WR8t²ÇçHõZf_:wweïK+GèEHKøÂ>sv7°EÏ D}¶;´HÅOÇPgto»NÏÉFEBË¼ý½AÊKËkà@9¤/³UE¾EwÁÇBMJ¸¶¸¹ððAN¸w¦Eâx¹ f]ú´dKÀaðJÇOMHÊBÃOfÿ¡¹vúBÉFLKÓ[NÏÉFEBË½ÖïÇ/¬EÏHÅ¹7EÏÅBHÏå~XKÈÏ{¼Oè§Oð«pmvúÇk¨ÍEÏü¾Êb¤t7z3ÂEÎr±ÃXÂGÍW«\| ¸e9ìOËAÀJKÐ,k°¤EvúÍEÏÄ½´Â+g·:Çv´&äHÆ;{u0\|Ê÷ËEÒEµôÍÇ/¬LÇçHdÏ' EÀE´S¬#¤E´iCðâ¿«ÇOÇH+éB¾ÁÖouvóKôW`Ã@KøºÌýq])(REµhXvóóáÃ@4(äáù¸HÃ@¾+=OZtMÃ×xT8ËGôq³Ð«XÄÂ+qÍ 66 !6ÛI×pñâÖc±È¬åÜ©ð"+¤ìJ Ó}%ËN ÊDLZ`` @Aõöà!@ÙO øôPÞÖ]81UH©¤øóô/îççÿúõ´)DdÆP'çÔXÁJ@ JN¥æÁAFz@úÁ+êÁ ÉÇÀúøú:ÁÊoªÇÏÕÉÝ ì ÇÜïeÞËÕ[ÒåÓcÞÈRÀ¬iû{¶xÇKâØþ~opaXÅ4µ@©%CÌÌHHoÄÀÿ3úvóóáÉô{ÀÀúëÑÀèÞ~Ó;aFNÁÚþ"GÌ Ág£Ëÿó©â5h~'=øÀÃÖbhâá,Ìà3Åö"4öà!áÃ#ãÀfï¾äÀÃ èóûCu80xÅáHhÃ # /"öÁ ÅE À1QHcË¨ÅÙp0»»b$»ê': ÃhDÀÜNHÃÆMH{þ%lÈÆêaèuMYP¢àÍèÑôÙK{é¨"céîzèãxepòmôgè¡Ééhêèã`çºPÚóçh½å3ááú6ê~þÑÔILJÍE dPbpJBú¯¹¼E@@( tÌiÈÃ'¥ì yzö<<H@ÄELwvÁÕx$@ÁåH4XÁtP<PÁõX$Ev((hÅ:»¹8-ôÁJ±êôu=èá²Þb1ÞÍçKàëPÙÊCHÅö#ÁâiR0`8µøwdï¯+@9öØ+(Xàwhõ%ÐáIh©ÎÿPE ¡IÁ%!æÍ+Ë {±!E'}bw@Ëmïõ´ÃçHX4TÿPdÃ÷XhÁ @ÁHD ®!£ã!`ÇD2 âQ³ÅE51ÇDáäæbB_ ! '_ÆÎÃ×x0) i!Ãv¶þQúhÃrÄ¥ó5ã!uy·"¸!IÃÃ'Ò»LAY "æGiEH<Æÿxßþ·RöÈ[I IÃKé]P¼à~ë!ÃÂyÏ·]ÒQö[°Àk!Lb Ag¬~ú<$SÏVù°àó<ÏóÕÄ÷«z3xH0ÀÃI5ê¡ìÜÄÿ:1º tNÊñyàgê<1ãø~ç\|ü´±ä´t¨uü4106õö4:8.Ä÷P¯e¥Çd¯µËyàÒcÂO Ù²sb¥òÑéìt¼Y7p¿ê ßÈH·«APB+y]\AðçI·ÚÞjKÍÏ mÞäQj¨9®Ma«{¸ÃaZ£fll"ÆDµe»¯gXÌzsöt8ÇÈK4!PutÃ^Lc£ÃÇëÈ ôµ 31RozSmxHÃß»ê¨¥+hµG$ûÃÅV÷vÀkGx²Uh)_!¾Ñ{ÜùµEµs Dß¤HHD(Å@`DPt`dÁ1?/v`Á~DÇDgokáIuGÝyLÌã/h\|Á ¶yîE>w³@08pµÂàâÂÄ¤Ã¬ê_ÿ´rf³µtRòÎB¼À!=^u[xtÌ Ò?gsPßG6_@öæÈû½°º½uÃÌGÈI@ÃlpJRTÃ[\Ä¯È&nfNÅÖZÂôó+4o\|ÉJv°QCÄ§ê¹.ºd¯êÆ(+ÛH@¢3ÁÇT@#/ùûÌA¶,íáHKõãás÷ç#ÁâO q³ÒáªÐzÁBÛ~ôKù@Dk$Oh(Ããê¨¿âvÅp~.S+ÈókH{ê¢#CgêêÇò ©ÔP6:È+º¡âziÊôû´îççUÍùqe`Òò¦¬UgOíAfË+{$HØ ¢)KjÞW8o}yZo$e@ËoÌ2ËÙAÅÁhr/ûA´ôEÏU\|§»ýÃt71Fâ]ìD'-ýé;_À0ôïìÉ~³t-ÊC+J µ¬á1Æ»?pE´6ÏêÈRëzføê#ìz LDÇï!AHþs÷¿ÔG+³@K7@LWÀâsQÀéSwÆñ³à¾&¥-óÂz¸HÁ£è{¼ÇiªÃé`>8¡-EÍzðAÈÊkk/bQ¶¯ÀÒSMÄòkUÈõtA+ìBGù»±¦BÆPC.9ÃEu\|Ç@Ä¸úM(mÎMÁÍ`¤¸qÂ_Å vô+Üñ0213°ôÕýªg"52xòÑÎu`ZÁõáBx»@#¼Õô8x°ô,Ü®Vi4E8¨Ô6z(^NîJ¦¢Ú9òþ×>¸etERqÇgB°}ðU¨8!TÿÛÈiÀrMJJL7àÉÏ¹êP¨¦G ?pÁ1+Ãº¶uÿäÀê`îS<$ÇGÉìÜ¶+ºÀ<U´6óãÅÌem@XL½yÏÜWÂZÍõãZF$=JÁÅ\|,[Ð¯çÁ(+êÇ MÅí(¸¹A"'\ü¤T´Å²¸;(¼\l+ (ãòNÐp4K¶ó5J;ìháàEwß¥ÃJ\$Fs LËÐÂ»ðøµsþî[2zùuU$7ó+î´µÅú+ÖÉÑ3aØC8mv×Æ)O4x<s¢_,%l$bFD+êû³{IIK%p?û[ø¼ÏIÅàãPiRs regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{LJU50KX1-5I52-VT6Q-WSWM-U2Z9XL21ZV61}\1	1	0	0

Generates some ICMP traffic

File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 events)

Elastic	malicious (high confidence)
DrWeb	Trojan.Inject4.12781
MicroWorld-eScan	Trojan.GenericKD.37141241
ALYac	Trojan.GenericKD.37141241
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Riskware ( 0040eff71 )
Alibaba	TrojanDropper:Win32/Zenlod.6fcba1f1
K7GW	Riskware ( 0040eff71 )
Arcabit	Trojan.Generic.D236BAF9
Cyren	W32/Trojan.OAML-5751
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDropper.Agent.SNN
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Downloader.Win32.Zenlod.gen
BitDefender	Trojan.GenericKD.37141241
Avast	Win32:DropperX-gen [Drp]
Ad-Aware	Trojan.GenericKD.37141241
Sophos	Generic ML PUA (PUA)
Comodo	Malware@#1w0ix92xqhrt4
VIPRE	Trojan.Win32.Generic!BT
TrendMicro	TROJ_GEN.R06BC0WFL21
McAfee-GW-Edition	BehavesLike.Win32.Generic.jc
FireEye	Generic.mg.41c69a7f93fbe7ed
Emsisoft	Trojan.GenericKD.37141241 (B)
Ikarus	Trojan.Inject
Jiangmin	TrojanDownloader.Zenlod.be
MaxSecure	Trojan.Malware.101153295.susgen
Avira	TR/AD.Inject.jwrep
Antiy-AVL	Trojan/Generic.ASMalwS.339A813
Kingsoft	Win32.Troj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Downloader.sa
Microsoft	Trojan:Win32/Azorult!ml
AegisLab	Trojan.Win32.Zenlod.a!c
GData	Trojan.GenericKD.37141241
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.R426623
McAfee	RDN/Generic Downloader.x
MAX	malware (ai score=99)
VBA32	TrojanDownloader.Zenlod
Malwarebytes	Trojan.Dropper
TrendMicro-HouseCall	TROJ_GEN.R06BC0WFL21
Fortinet	W32/PossibleThreat
Webroot	W32.Trojan.Gen
AVG	Win32:DropperX-gen [Drp]
Panda	Trj/CI.A

2022c578cf7429b85615d4819d161edc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All