Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Dec. 12, 2022, 4:16 p.m.	Dec. 12, 2022, 4:18 p.m.

Size	707.0KB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`775fb391db27e299af08933917a3acda`
SHA256	`2d50b03a92445ba53ae147d0b97c494858c86a56fe037c44bc0edabb902420f7`
CRC32	`0442951E`
ssdeep	`12288:mSr91kIy1bQYZEEDBK515C4sDOIKVQWalJ4+PzOhgxgyag9HEGZ5zi2AGv/:mSr9Ny1zY5CzIanfPXgQtZ5ziRK`
Yara	Generic_Malware_Zero - Generic Malware IsPE32 - (no description) OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsDLL - (no description) PE_Header_Zero - PE File Signature UPX_Zero - UPX packed file

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\chkds.dll,ChkdskExs
2544
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\chkds.dll,SSL_CTX_config
2636
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\chkds.dll,SSL_get0_dane_tlsa
2728
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\chkds.dll,SSL_write_early_data
2816
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\chkds.dll,
2912
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
nefosferta.com

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Dec. 12, 2022, 4:17 p.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (4 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Dec. 12, 2022, 4:16 p.m.			0	0
IsDebuggerPresent Dec. 12, 2022, 4:16 p.m.			0	0
IsDebuggerPresent Dec. 12, 2022, 4:16 p.m.			0	0
IsDebuggerPresent Dec. 12, 2022, 4:16 p.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Dec. 12, 2022, 4:17 p.m.		1	1	0

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Dec. 12, 2022, 4:17 p.m.	stacktrace: ChkdskExs+0x1a9b @ 0x84c3cb SSL_write_early_data+0x6e5 ChkdskExs-0x32b chkds+0x1da5 @ 0x10001da5 ChkdskExs+0x19 chkds+0x20e9 @ 0x100020e9 rundll32+0x137d @ 0x23137d rundll32+0x1326 @ 0x231326 rundll32+0x1901 @ 0x231901 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 46 0c 6a 06 6a 01 6a 02 8b 00 8b 00 89 45 f4 exception.instruction: mov eax, dword ptr [esi + 0xc] exception.exception_code: 0xc0000005 exception.symbol: ChkdskExs-0x58a exception.address: 0x84a3a6 registers.esp: 2270804 registers.edi: 4549016 registers.eax: 2 registers.ebp: 2277424 registers.edx: 2130566132 registers.ebx: 2291708 registers.esi: 0 registers.ecx: 0	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

Dec. 12, 2022, 4:17 p.m.

stacktrace:

ChkdskExs+0x1a9b @ 0x84c3cb
SSL_write_early_data+0x6e5 ChkdskExs-0x32b chkds+0x1da5 @ 0x10001da5
ChkdskExs+0x19 chkds+0x20e9 @ 0x100020e9
rundll32+0x137d @ 0x23137d
rundll32+0x1326 @ 0x231326
rundll32+0x1901 @ 0x231901
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 46 0c 6a 06 6a 01 6a 02 8b 00 8b 00 89 45 f4
exception.instruction: mov eax, dword ptr [esi + 0xc]
exception.exception_code: 0xc0000005
exception.symbol: ChkdskExs-0x58a
exception.address: 0x84a3a6
registers.esp: 2270804
registers.edi: 4549016
registers.eax: 2
registers.ebp: 2277424
registers.edx: 2130566132
registers.ebx: 2291708
registers.esi: 0
registers.ecx: 0

Allocates read-write-execute memory (usually to unpack itself) (36 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x100ae000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73660000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x735c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73584000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73951000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75bf1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73301000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73931000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bb1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732e1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73921000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:17 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732b1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x100ae000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73660000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x735c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73584000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2636 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73951000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x100ae000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73660000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x735c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73584000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2728 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73951000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2816 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x100ae000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2816 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73660000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2816 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2816 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x735c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2816 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73584000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2816 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bc2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2816 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73951000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Dec. 12, 2022, 4:10 p.m.	process_identifier: 1452 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004710000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (4 events)

Time & API	Arguments	Status	Return
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: taskhost.exe process_identifier: 2352	1	1
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: wsqmcons.exe process_identifier: 2360	1	1
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: sdclt.exe process_identifier: 2376	1	1
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: rundll32.exe process_identifier: 2544	1	1

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Dec. 12, 2022, 4:16 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 262144 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x00821000 process_handle: 0xffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00075000', u'virtual_address': u'0x00039000', u'entropy': 7.165668611702438, u'name': u'.data', u'virtual_size': u'0x00074f87'}

entropy

7.1656686117

description

A section with a high entropy has been found

entropy

0.674351585014

description

Overall entropy of this PE file is high

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (11 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: rundll32.exe process_identifier: 2544		0	0
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: rundll32.exe process_identifier: 2544		0	0
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: rundll32.exe process_identifier: 2544		0	0
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: rundll32.exe process_identifier: 2544		0	0
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: rundll32.exe process_identifier: 2544		0	0
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: rundll32.exe process_identifier: 2544		0	0
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: rundll32.exe process_identifier: 2544		0	0
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: rundll32.exe process_identifier: 2544		0	0
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: rundll32.exe process_identifier: 2544		0	0
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: rundll32.exe process_identifier: 2544		0	0
Process32NextW Dec. 12, 2022, 4:16 p.m.	snapshot_handle: 0x00000108 process_name: rundll32.exe process_identifier: 2544		0	0

Checks for the presence of known windows from debuggers and forensic tools (2 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowW Dec. 12, 2022, 4:16 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowW Dec. 12, 2022, 4:16 p.m.	class_name: WinDbgFrameClass window_name:		0	0

Installs itself for autorun at Windows startup (1 event)

file	C:\Windows\Tasks\NvTmRep_CrashReport2_{A2FE1952-0186-36D3-AAHC-B80CA35AH5B6}.job

File has been identified by 49 AntiVirus engines on VirusTotal as malicious (49 events)

Lionic	Trojan.Win32.Androm.m!c
Elastic	malicious (high confidence)
DrWeb	Trojan.Siggen18.58608
MicroWorld-eScan	Gen:Variant.Lazy.253006
FireEye	Gen:Variant.Lazy.253006
ALYac	Gen:Variant.Lazy.253006
Malwarebytes	Malware.AI.3649722157
Zillya	Backdoor.Androm.Win32.82281
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Backdoor:Win32/Androm.87889e06
K7GW	Trojan ( 0059941c1 )
K7AntiVirus	Trojan ( 0059941c1 )
Arcabit	Trojan.Lazy.D3DC4E
BitDefenderTheta	Gen:NN.ZedlaF.36106.Sq6@aqQX5Mji
VirIT	Trojan.Win32.Genus.DLQF
Cyren	W32/ABRisk.KHHY-3769
Symantec	Trojan Horse
ESET-NOD32	a variant of Win32/GenCBL.CUK
TrendMicro-HouseCall	TROJ_GEN.R03FC0DJN22
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Backdoor.Win32.Androm.gen
BitDefender	Gen:Variant.Lazy.253006
NANO-Antivirus	Trojan.Win32.Androm.jtcotu
Avast	Win32:BackdoorX-gen [Trj]
Tencent	Win32.Backdoor.Androm.Uwhl
Ad-Aware	Gen:Variant.Lazy.253006
Emsisoft	MalCert-S.PZ (A)
Comodo	Malware@#2fasj3ho2cp4a
VIPRE	Gen:Variant.Lazy.253006
TrendMicro	TROJ_GEN.R03FC0DJN22
McAfee-GW-Edition	Artemis!Trojan
Sophos	Generic ML PUA (PUA)
Ikarus	Trojan.Win32.Generic
Jiangmin	Backdoor.Androm.bdrw
Webroot	W32.Trojan.Gen
Avira	BDS/Androm.kiiwe
Antiy-AVL	Trojan/Win32.GenCBL
Kingsoft	Win32.Troj.Generic.jm.(kcloud)
Microsoft	Trojan:Win32/Androm!MTB
GData	Gen:Variant.Lazy.253006
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5283608
McAfee	Artemis!775FB391DB27
APEX	Malicious
Rising	Trojan.MalCert!1.E0E5 (CLASSIC)
MAX	malware (ai score=88)
Fortinet	W32/PossibleThreat
AVG	Win32:BackdoorX-gen [Trj]
Panda	Trj/Chgt.AA

chkds.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All