Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Aug. 2, 2024, 7:40 a.m.	Aug. 2, 2024, 7:43 a.m.

Size	20.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`3fbad097793fab9c62bbebb2a2d5e530`
SHA256	`10f87101da792e5d4276553e22e45aae4123340ab7ce203007cdaa98715f6ecb`
CRC32	`74AEE58A`
ssdeep	`192:OjvgzcS8f1S3dj6Zo+irqZveZ+tK8G9n+kD2WcixkGJi/VGu4igmWznUQZvx55Xd:Or2qf1ScG+8iC8KZ9npxvQ`
PDB Path	E:\IDDE\pon\x64\Release\pon.pdb
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

pon.exe "C:\Users\test22\AppData\Local\Temp\pon.exe"
1508
- cmd.exe C:\Windows\system32\cmd.exe /c del /q "C:\Windows\System32\SRU" >nul 2>nul
  2132
- cmd.exe C:\Windows\system32\cmd.exe /c del /q "C:\Windows\Prefetch" >nul 2>nul
  2180
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
  2232
  - taskkill.exe taskkill /F /IM SystemInformer.exe
    2320
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul
  2420
  - taskkill.exe taskkill /F /IM ProcessHacker.exe
    2464
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
  2528
  - taskkill.exe taskkill /F /IM JournalTrace.exe
    2572
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
  2636
  - taskkill.exe taskkill /F /IM RegScanner.exe
    2688
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
  2868
  - taskkill.exe taskkill /F /IM BrowsingHistoryView.exe
    2936
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
  3044
  - taskkill.exe taskkill /F /IM Everything.exe
    2152
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
  2252
  - taskkill.exe taskkill /F /IM Taskmgr.exe
    2368
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
  2504
  - taskkill.exe taskkill /F /IM WinRAR.exe
    2584
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
  948
  - taskkill.exe taskkill /F /IM SystemInformer.exe
    2764
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul
  2952
  - taskkill.exe taskkill /F /IM ProcessHacker.exe
    2940
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
  2184
  - taskkill.exe taskkill /F /IM JournalTrace.exe
    2376
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
  2460
  - taskkill.exe taskkill /F /IM RegScanner.exe
    2620
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
  2508
  - taskkill.exe taskkill /F /IM BrowsingHistoryView.exe
    2796
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
  3004
  - taskkill.exe taskkill /F /IM Everything.exe
    2292
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
  3028
  - taskkill.exe taskkill /F /IM Taskmgr.exe
    2516
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
  1692
  - taskkill.exe taskkill /F /IM WinRAR.exe
    2616
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
  2684
  - taskkill.exe taskkill /F /IM SystemInformer.exe
    808
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul
  2244
  - taskkill.exe taskkill /F /IM ProcessHacker.exe
    2900
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
  2924
  - taskkill.exe taskkill /F /IM JournalTrace.exe
    2540
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
  2424
  - taskkill.exe taskkill /F /IM RegScanner.exe
    2220
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
  2692
  - taskkill.exe taskkill /F /IM BrowsingHistoryView.exe
    2964
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
  3080
  - taskkill.exe taskkill /F /IM Everything.exe
    3124
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
  3188
  - taskkill.exe taskkill /F /IM Taskmgr.exe
    3232
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
  3296
  - taskkill.exe taskkill /F /IM WinRAR.exe
    3340
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
  3412
  - taskkill.exe taskkill /F /IM SystemInformer.exe
    3456
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul
  3520
  - taskkill.exe taskkill /F /IM ProcessHacker.exe
    3564
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
  3628
  - taskkill.exe taskkill /F /IM JournalTrace.exe
    3672
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
  3740
  - taskkill.exe taskkill /F /IM RegScanner.exe
    3784
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
  3848
  - taskkill.exe taskkill /F /IM BrowsingHistoryView.exe
    3892
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
  3956
  - taskkill.exe taskkill /F /IM Everything.exe
    4000
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
  4068
  - taskkill.exe taskkill /F /IM Taskmgr.exe
    2272
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
  3176
  - taskkill.exe taskkill /F /IM WinRAR.exe
    3216
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
  3316
  - taskkill.exe taskkill /F /IM SystemInformer.exe
    3392
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul
  3512
  - taskkill.exe taskkill /F /IM ProcessHacker.exe
    3540
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
  3524
  - taskkill.exe taskkill /F /IM JournalTrace.exe
    2284
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
  3796
  - taskkill.exe taskkill /F /IM RegScanner.exe
    3780
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
  3932
  - taskkill.exe taskkill /F /IM BrowsingHistoryView.exe
    4020
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
  2484
  - taskkill.exe taskkill /F /IM Everything.exe
    3144
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
  3192
  - taskkill.exe taskkill /F /IM Taskmgr.exe
    3368
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
  3496
  - taskkill.exe taskkill /F /IM WinRAR.exe
    3568
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
  3668
  - taskkill.exe taskkill /F /IM SystemInformer.exe
    3648
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul
  3920
  - taskkill.exe taskkill /F /IM ProcessHacker.exe
    1808
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
  2168
  - taskkill.exe taskkill /F /IM JournalTrace.exe
    3288
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
  3488
  - taskkill.exe taskkill /F /IM RegScanner.exe
    3452
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
  3640
  - taskkill.exe taskkill /F /IM BrowsingHistoryView.exe
    3860
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
  4004
  - taskkill.exe taskkill /F /IM Everything.exe
    3108
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
  3220
  - taskkill.exe taskkill /F /IM Taskmgr.exe
    3624
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
  3772
  - taskkill.exe taskkill /F /IM WinRAR.exe
    3804
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
  3896
  - taskkill.exe taskkill /F /IM SystemInformer.exe
    2012
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul
  3372
  - taskkill.exe taskkill /F /IM ProcessHacker.exe
    2348
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
  3272
  - taskkill.exe taskkill /F /IM JournalTrace.exe
    3444
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
  3868
  - taskkill.exe taskkill /F /IM RegScanner.exe
    1948
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
  760
  - taskkill.exe taskkill /F /IM BrowsingHistoryView.exe
    3056
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
  2360
  - taskkill.exe taskkill /F /IM Everything.exe
    916
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
  744
  - taskkill.exe taskkill /F /IM Taskmgr.exe
    3660
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
  772
  - taskkill.exe taskkill /F /IM WinRAR.exe
    3548
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
  3204
  - taskkill.exe taskkill /F /IM SystemInformer.exe
    3960
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul
  1168
  - taskkill.exe taskkill /F /IM ProcessHacker.exe
    3788
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
  4116
  - taskkill.exe taskkill /F /IM JournalTrace.exe
    4160
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
  4224
  - taskkill.exe taskkill /F /IM RegScanner.exe
    4268
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
  4332
  - taskkill.exe taskkill /F /IM BrowsingHistoryView.exe
    4376
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
  4440
  - taskkill.exe taskkill /F /IM Everything.exe
    4484
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
  4548
  - taskkill.exe taskkill /F /IM Taskmgr.exe
    4592
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
  4660
  - taskkill.exe taskkill /F /IM WinRAR.exe
    4704
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
  4768
  - taskkill.exe taskkill /F /IM SystemInformer.exe
    4812
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul
  4876
  - taskkill.exe taskkill /F /IM ProcessHacker.exe
    4920
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
  4984
  - taskkill.exe taskkill /F /IM JournalTrace.exe
    5028
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
  5092
  - taskkill.exe taskkill /F /IM RegScanner.exe
    4104
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
  4192
  - taskkill.exe taskkill /F /IM BrowsingHistoryView.exe
    4244
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
  4264
  - taskkill.exe taskkill /F /IM Everything.exe
    4404
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
  4460
  - taskkill.exe taskkill /F /IM Taskmgr.exe
    4536
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
  4620
  - taskkill.exe taskkill /F /IM WinRAR.exe
    4552
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
  4752
  - taskkill.exe taskkill /F /IM SystemInformer.exe
    4828
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul
  4888
  - taskkill.exe taskkill /F /IM ProcessHacker.exe
    4960
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
  1868
  - taskkill.exe taskkill /F /IM JournalTrace.exe
    5108
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
  1976
  - taskkill.exe taskkill /F /IM RegScanner.exe
    4296
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
  2852
  - taskkill.exe taskkill /F /IM BrowsingHistoryView.exe
    4372
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
  4608
  - taskkill.exe taskkill /F /IM Everything.exe
    4640
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
  4664
  - taskkill.exe taskkill /F /IM Taskmgr.exe
    4852
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
  5040
  - taskkill.exe taskkill /F /IM WinRAR.exe
    5084
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
  2208
  - taskkill.exe taskkill /F /IM SystemInformer.exe
    4312
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul
  4496
  - taskkill.exe taskkill /F /IM ProcessHacker.exe
    4380
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
  4700
  - taskkill.exe taskkill /F /IM JournalTrace.exe
    4840
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
  4880
  - taskkill.exe taskkill /F /IM RegScanner.exe
    1708
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
  4320
  - taskkill.exe taskkill /F /IM BrowsingHistoryView.exe
    4336
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
  3404
  - taskkill.exe taskkill /F /IM Everything.exe
    1972
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
  4856
  - taskkill.exe taskkill /F /IM Taskmgr.exe
    4188
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
  4456
  - taskkill.exe taskkill /F /IM WinRAR.exe
    4540
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
  4916
  - taskkill.exe taskkill /F /IM SystemInformer.exe
    4204
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul
  4604
  - taskkill.exe taskkill /F /IM ProcessHacker.exe
    444
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
  1084
  - taskkill.exe taskkill /F /IM JournalTrace.exe
    4308
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
  4832
  - taskkill.exe taskkill /F /IM RegScanner.exe
    4228
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
  4644
  - taskkill.exe taskkill /F /IM BrowsingHistoryView.exe
    4924
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
  4180
  - taskkill.exe taskkill /F /IM Everything.exe
    2100
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
  5136
  - taskkill.exe taskkill /F /IM Taskmgr.exe
    5180
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
  5248
  - taskkill.exe taskkill /F /IM WinRAR.exe
    5292
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
  5360
  - taskkill.exe taskkill /F /IM SystemInformer.exe
    5404
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul
  5472
  - taskkill.exe taskkill /F /IM ProcessHacker.exe
    5516
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
  5588
  - taskkill.exe taskkill /F /IM JournalTrace.exe
    5632
- cmd.exe C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
  5756

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (50 out of 98 events)

Time & API	Arguments	Status	Return
GetComputerNameW Aug. 2, 2024, 7:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:33 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:34 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:41 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:41 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:41 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:41 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 2, 2024, 7:41 a.m.	computer_name: TEST22-PC	1	1

This executable has a PDB path (1 event)

pdb_path

E:\IDDE\pon\x64\Release\pon.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 2, 2024, 7:33 a.m.		1	1	0

Creates a suspicious process (10 events)

cmdline	C:\Windows\system32\cmd.exe /c del /q "C:\Windows\System32\SRU" >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c del /q "C:\Windows\Prefetch" >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul

Executes one or more WMI queries (8 events)

wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Taskmgr.exe")
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "SystemInformer.exe")
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "JournalTrace.exe")
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "Everything.exe")
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "ProcessHacker.exe")
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "BrowsingHistoryView.exe")
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "RegScanner.exe")
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "WinRAR.exe")

Checks for the Locally Unique Identifier on the system for a suspicious privilege (50 out of 98 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW Aug. 2, 2024, 7:33 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:33 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:33 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:33 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:33 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:33 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:33 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:33 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:33 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:33 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:34 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:41 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:41 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:41 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:41 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 2, 2024, 7:41 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Uses Windows utilities for basic Windows functionality (18 events)

cmdline	taskkill /F /IM SystemInformer.exe
cmdline	C:\Windows\system32\cmd.exe /c del /q "C:\Windows\System32\SRU" >nul 2>nul
cmdline	taskkill /F /IM WinRAR.exe
cmdline	taskkill /F /IM ProcessHacker.exe
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM JournalTrace.exe >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c del /q "C:\Windows\Prefetch" >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM WinRAR.exe >nul 2>nul
cmdline	taskkill /F /IM JournalTrace.exe
cmdline	taskkill /F /IM BrowsingHistoryView.exe
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM RegScanner.exe >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM SystemInformer.exe >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM BrowsingHistoryView.exe >nul 2>nul
cmdline	taskkill /F /IM Taskmgr.exe
cmdline	taskkill /F /IM RegScanner.exe
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM Taskmgr.exe >nul 2>nul
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM Everything.exe >nul 2>nul
cmdline	taskkill /F /IM Everything.exe
cmdline	C:\Windows\system32\cmd.exe /c taskkill /F /IM ProcessHacker.exe >nul 2>nul

File has been identified by 13 AntiVirus engines on VirusTotal as malicious (13 events)

Bkav	W64.AIDetectMalware
Skyhigh	BehavesLike.Win64.Dropper.mt
APEX	Malicious
McAfee	Artemis!3FBAD097793F
DrWeb	Trojan.KillFiles2.3011
Webroot	W32.Trojan.Casdet
Antiy-AVL	Trojan/Win32.Agent
Microsoft	Trojan:Win32/Casdet!rfn
DeepInstinct	MALICIOUS
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	PossibleThreat.PALLAS.H
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_70% (W)

Drops 137 unknown file mime types indicative of ransomware writing encrypted files back to disk (50 out of 137 events)

file	C:\Windows\Prefetch\PYTHON.EXE-C663CFDC.pf
file	C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-305B5E54.pf
file	C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
file	C:\Windows\Prefetch\THUNDERBIRD.EXE-A0DA674F.pf
file	C:\Windows\Prefetch\DLLHOST.EXE-4F28A26F.pf
file	C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf
file	C:\Windows\Prefetch\GOOGLEUPDATE.EXE-D0E66F4A.pf
file	C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
file	C:\Windows\Prefetch\86.0.4240.111_CHROME_INSTALLE-AF26656A.pf
file	C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf
file	C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
file	C:\Windows\Prefetch\SOFTWARE_REPORTER_TOOL.EXE-EB18F4FF.pf
file	C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
file	C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf
file	C:\Windows\Prefetch\SLUI.EXE-724E99D9.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf
file	C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
file	C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C3A1B497.pf
file	C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf
file	C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
file	C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
file	C:\Windows\Prefetch\CHROME.EXE-D999B1BA.pf
file	C:\Windows\Prefetch\IMKRMIG.EXE-AAA206C5.pf
file	C:\Windows\Prefetch\UNPACK200.EXE-E4DF1A4E.pf
file	C:\Windows\Prefetch\DLLHOST.EXE-40DD444D.pf
file	C:\Windows\Prefetch\7ZFM.EXE-22E64FB8.pf
file	C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-B0D5C571.pf
file	C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-34B7EAE8.pf
file	C:\Windows\Prefetch\SVCHOST.EXE-E1E0ACE0.pf
file	C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
file	C:\Windows\Prefetch\AgGlFgAppHistory.db
file	C:\Windows\Prefetch\JAVAW.EXE-D0AA8787.pf
file	C:\Windows\Prefetch\SSVAGENT.EXE-0CD059B7.pf
file	C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3832866432-4053218753-3017428901-1001.db
file	C:\Windows\Prefetch\OSE.EXE-2B23CA4C.pf
file	C:\Windows\Prefetch\INSTALLER.EXE-60163557.pf
file	C:\Windows\Prefetch\PINGSENDER.EXE-8E79128B.pf
file	C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-5A853E81.pf
file	C:\Windows\Prefetch\AgRobust.db
file	C:\Windows\Prefetch\ICACLS.EXE-B19DE1F7.pf
file	C:\Windows\Prefetch\IMEKLMG.EXE-3FEB7CC0.pf
file	C:\Windows\Prefetch\GOOGLEUPDATECOMREGISTERSHELL6-BB6760AF.pf
file	C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf
file	C:\Windows\Prefetch\7ZG.EXE-0F8C4081.pf
file	C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
file	C:\Windows\Prefetch\CMD.EXE-4A81B364.pf
file	C:\Windows\Prefetch\AgGlGlobalHistory.db
file	C:\Windows\Prefetch\MMC.EXE-561C5A40.pf
file	C:\Windows\Prefetch\MSPAINT.EXE-76E10B24.pf

Deletes a large number of files from the system indicative of ransomware, wiper malware or system destruction (50 out of 138 events)

file	C:\Windows\Prefetch\SETUP.EXE-9129729F.pf
file	C:\Windows\Prefetch\IMEKLMG.EXE-3FEB7CC0.pf
file	C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf
file	C:\Windows\Prefetch\SNIPPINGTOOL.EXE-EFFDAFDE.pf
file	C:\Windows\Prefetch\OSE00000.EXE-D36F8D80.pf
file	C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3832866432-4053218753-3017428901-1001.db
file	C:\Windows\Prefetch\COMPMGMTLAUNCHER.EXE-D8C6028E.pf
file	C:\Windows\Prefetch\GOOGLEUPDATECOMREGISTERSHELL6-BB6760AF.pf
file	C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf
file	C:\Windows\Prefetch\HELPER.EXE-B63E9F86.pf
file	C:\Windows\Prefetch\THUNDERBIRD SETUP 78.4.0.EXE-A278C73F.pf
file	C:\Windows\Prefetch\MSIEXEC.EXE-E09A077A.pf
file	C:\Windows\Prefetch\IMEKLMG.EXE-CF8CFA9B.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-411A328D.pf
file	C:\Windows\Prefetch\SVCHOST.EXE-A1476A17.pf
file	C:\Windows\Prefetch\JAVAW.EXE-D0AA8787.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-7BCB21A1.pf
file	C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf
file	C:\Windows\Prefetch\MSCORSVW.EXE-90526FAC.pf
file	C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-34B7EAE8.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-5A853E81.pf
file	C:\Windows\Prefetch\CVTRES.EXE-2B9D810D.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-8C11D845.pf
file	C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf
file	C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
file	C:\Windows\Prefetch\SVCHOST.EXE-5901D5E8.pf
file	C:\Windows\Prefetch\BSPATCH.EXE-C0E5ADBC.pf
file	C:\Windows\Prefetch\JRE.EXE-A621F6AA.pf
file	C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-305B5E54.pf
file	C:\Windows\Prefetch\GOOGLEUPDATESETUP.EXE-B0D5C571.pf
file	C:\Windows\Prefetch\SETUP.EXE-E199D442.pf
file	C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
file	C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-FA0B1B99.pf
file	C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
file	C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
file	C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3832866432-4053218753-3017428901-1001.db
file	C:\Windows\Prefetch\AgAppLaunch.db
file	C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf
file	C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf
file	C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf
file	C:\Windows\Prefetch\GOOGLEUPDATE.EXE-C3A1B497.pf
file	C:\Windows\Prefetch\RUNDLL32.EXE-1304AE86.pf
file	C:\Windows\Prefetch\AgGlFaultHistory.db
file	C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
file	C:\Windows\Prefetch\PfSvPerfStats.bin
file	C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
file	C:\Windows\Prefetch\DLLHOST.EXE-97F6A314.pf
file	C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf
file	C:\Windows\Prefetch\GOOGLEUPDATE.EXE-F2AAEA76.pf
file	C:\Windows\Prefetch\SVCHOST.EXE-CF79EE4C.pf

Attempts to modify Explorer settings to prevent hidden files from being displayed (1 event)

registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden

Detects VirtualBox through the presence of a file (1 event)

file	C:\Windows\Prefetch\VBOXDRVINST.EXE-7DCD6070.pf

pon.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All