Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 13, 2021, 9:27 a.m.	July 13, 2021, 9:29 a.m.

Size	1.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`50dad4adf51cd79103eb8f3e7c51793c`
SHA256	`93320dc79416b00e3e78f70e316e4f6d35eb99360b305a706582b845953e1f62`
CRC32	`BCA3F06C`
ssdeep	`24576:Hpd1ZDin6iS/i7yUKu9D5qNrQO6pu2khmd6g44k7NXlw+aVgKQ:T1ZDieiLDW/6pikP4xJltUQ`
Yara	PE_Header_Zero - PE File Signature IsPE32 - (no description)

lv.exe "C:\Users\test22\AppData\Local\Temp\lv.exe"
2428
- vpn.exe "C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe"
  2516
  - cmd.exe "C:\Windows\System32\cmd.exe" /c cmd < Com.eps
    2656
    - cmd.exe cmd
      2740
      - findstr.exe findstr /V /R "^YCOdJJZkdYoAFHrXZiWwDNaLZTdcPBoWBxjekRZaqtWdKMBcgLwJqBdkprsPaDcPQjZlxqMoiDwmQewjaVitmnWZtwSiAlZvJimnMdqhYTBvAQxietbbcdfsdquziEIXEEQICCmwUUuFW$" Una.eps
        2784
      - Vigilanza.exe.com Vigilanza.exe.com q
        2828
        
        Vigilanza.exe.com C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Vigilanza.exe.com q
        2896
      - PING.EXE ping 127.0.0.1 -n 30
        2964
- 4.exe "C:\Users\test22\AppData\Local\Temp\New Feature\4.exe"
  2552

Name	Response	Post-Analysis Lookup
HuzkESWqLFmEcD.HuzkESWqLFmEcD

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (3 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 13, 2021, 9:27 a.m.			0	0
IsDebuggerPresent July 13, 2021, 9:27 a.m.			0	0
IsDebuggerPresent July 13, 2021, 9:27 a.m.			0	0

Command line console output was observed (50 out of 144 events)

Time & API	Arguments	Status	Return
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: Microsoft Windows [Version 6.1.7601] console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved. console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\7ZipSfx.000> console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: echo buUrmY console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: buUrmY console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\7ZipSfx.000> console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: if %userdomain%==DESKTOP-QO5QU33 exit 2 console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\7ZipSfx.000> console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: <nul set /p = "MZ" > Vigilanza.exe.com console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\7ZipSfx.000> console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: findstr /V /R "^YCOdJJZkdYoAFHrXZiWwDNaLZTdcPBoWBxjekRZaqtWdKMBcgLwJqBdkprsPaDcPQjZlxqMoiDwmQewjaVitmnWZtwSiAlZvJimnMdqhYTBvAQxietbbcdfsdquziEIXEEQICCmwUUuFW$" Una.eps >> Vigilanza.exe.com" console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\7ZipSfx.000> console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: copy Peso.eps q console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: 1 file(s) copied. console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\7ZipSfx.000> console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: start Vigilanza.exe.com q console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\7ZipSfx.000> console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:27 a.m.	buffer: ping 127.0.0.1 -n 30 console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\7ZipSfx.000> console_handle: 0x00000007	1	1
WriteConsoleW July 13, 2021, 9:28 a.m.	buffer: C:\Users\test22\AppData\Local\Temp\7ZipSfx.000> console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: Pinging 127.0.0.1 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: with 32 bytes of data: console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: Reply from 127.0.0.1: console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: bytes=32 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: time<1ms console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: TTL=128 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: Reply from 127.0.0.1: console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: bytes=32 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: time<1ms console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: TTL=128 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: Reply from 127.0.0.1: console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: bytes=32 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: time<1ms console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: TTL=128 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: Reply from 127.0.0.1: console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: bytes=32 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: time<1ms console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: TTL=128 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: Reply from 127.0.0.1: console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: bytes=32 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: time<1ms console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: TTL=128 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: Reply from 127.0.0.1: console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: bytes=32 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: time<1ms console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: TTL=128 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: Reply from 127.0.0.1: console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: bytes=32 console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: time<1ms console_handle: 0x00000007	1	1
WriteConsoleA July 13, 2021, 9:27 a.m.	buffer: TTL=128 console_handle: 0x00000007	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 13, 2021, 9:27 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

Allocates read-write-execute memory (usually to unpack itself) (29 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74141000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75cc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x10001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74131000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74001000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2428 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74002000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x741a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x740f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x741a2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f61000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74211000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75cc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 86016 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02d51000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2552 region_size: 155648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02c00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2828 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x741a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2828 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x740f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2828 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x741a2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x741a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x740f1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x741a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2896 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 102400 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03fd1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03fea000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03ff2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03ff4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03ff5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 13, 2021, 9:27 a.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e81000 process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 event)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW July 13, 2021, 9:27 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 12550447104 root_path: C:\Users\test22\AppData\Local\Temp\7ZipSfx.000 total_number_of_bytes: 0	1	1	0

Creates executable files on the filesystem (7 events)

file	C:\Program Files (x86)\foler\olader\acppage.dll
file	C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe
file	C:\Users\test22\AppData\Local\Temp\nsrD988.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\New Feature\4.exe
file	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Vigilanza.exe.com
file	C:\Program Files (x86)\foler\olader\adprovider.dll
file	C:\Program Files (x86)\foler\olader\acledit.dll

Creates a suspicious process (1 event)

cmdline

"C:\Windows\System32\cmd.exe" /c cmd < Com.eps

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Vigilanza.exe.com

Drops an executable to the user AppData folder (4 events)

file	C:\Users\test22\AppData\Local\Temp\nsrD988.tmp\UAC.dll
file	C:\Users\test22\AppData\Local\Temp\New Feature\vpn.exe
file	C:\Users\test22\AppData\Local\Temp\New Feature\4.exe
file	C:\Users\test22\AppData\Local\Temp\7ZipSfx.000\Vigilanza.exe.com

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW July 13, 2021, 9:27 a.m.	show_type: 0 filepath_r: cmd parameters: /c cmd < Com.eps filepath: cmd	1	1	0

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

ping 127.0.0.1 -n 30

Attempts to identify installed AV products by installation directory (2 events)

file	C:\ProgramData\AVAST Software
file	C:\ProgramData\AVG

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2740 resumed a thread in remote process 2828
NtResumeThread July 13, 2021, 9:27 a.m.	thread_handle: 0x00000134 suspend_count: 0 process_identifier: 2828	1	0	0

File has been identified by 45 AntiVirus engines on VirusTotal as malicious (45 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Doina.10795
McAfee	Artemis!50DAD4ADF51C
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 005595971 )
Alibaba	Trojan:Win32/Crypzip.cb00b9ea
K7GW	Trojan ( 005595971 )
Cybereason	malicious.b4bbdc
Arcabit	Trojan.Doina.D2A2B
Cyren	W32/Trojan.FUPY-2983
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	multiple detections
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	Trojan.Win32.Crypzip.abt
BitDefender	Gen:Variant.Doina.10795
Avast	Script:SNH-gen [Trj]
Ad-Aware	Gen:Variant.Doina.10795
Emsisoft	Trojan.Crypt (A)
DrWeb	Trojan.Siggen14.33549
Zillya	Backdoor.SpyGate.Win32.5247
TrendMicro	TROJ_GEN.R002C0WGC21
McAfee-GW-Edition	BehavesLike.Win32.FakeRena.tc
FireEye	Generic.mg.50dad4adf51cd791
Sophos	Mal/Generic-S
Ikarus	Trojan-Spy.MSIL.Agent
Avira	HEUR/AGEN.1140896
Kingsoft	Win32.PSWTroj.Undef.(kcloud)
Microsoft	Trojan:Win32/Bomitag.D!ml
ZoneAlarm	HEUR:Trojan-PSW.Win32.Coins.gen
GData	Gen:Variant.Doina.10795
AhnLab-V3	Malware/Win32.Generic.C2853746
ALYac	Gen:Variant.Doina.10795
MAX	malware (ai score=80)
Malwarebytes	Malware.AI.4230390294
TrendMicro-HouseCall	TROJ_GEN.R002C0WGC21
Rising	Trojan.Generic@ML.100 (RDML:LAYxjYdLl9+JRTShBGaTXw)
Fortinet	W32/Coins.IR!tr
BitDefenderTheta	Gen:NN.ZexaF.34790.5q3@aO0V8GhO
AVG	Script:SNH-gen [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_60% (W)
Qihoo-360	Win32/Trojan.Generic.HgIASYQA

lv.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All