Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 5, 2025, 1:27 a.m.	April 5, 2025, 1:29 a.m.

Size	40.9MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`b702c0528f4fef973f074fa05f3cc045`
SHA256	`d1a7b13bc7f3c706c082bfe09c2541b41ffe7609bf345d8cb23abbf1b65696ed`
CRC32	`19586033`
ssdeep	`786432:cO+bdHC5yyNQuT9Q5MglOKTVCX+0aPHBYxXPm1XMuT:iHcR9QSgO6VcB60/aXt`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb
Yara	PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check UPX_Zero - UPX packed file

TreeSizePro9.4.1.2001x64.exe "C:\Users\test22\AppData\Local\Temp\TreeSizePro9.4.1.2001x64.exe"
2588
- TreeSize-Setup.exe "C:\Users\test22\AppData\Local\Temp\RarSFX0\TreeSize-Setup.exe" /silent /norestart
  2744
  - TreeSize-Setup.tmp "C:\Users\test22\AppData\Local\Temp\is-JNKJP.tmp\TreeSize-Setup.tmp" /SL5="$30192,41366481,801792,C:\Users\test22\AppData\Local\Temp\RarSFX0\TreeSize-Setup.exe" /silent /norestart
    2800
- Crack.exe "C:\Users\test22\AppData\Local\Temp\RarSFX0\Crack.exe" /silent
  2908
- reg.exe "C:\Windows\System32\reg.exe" add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LicenseManager.exe" /v "debugger" /t REG_SZ /d "systray.exe" /f
  2976
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
www.googletagmanager.com	A 142.250.66.40	172.217.161.232
static.cloudflareinsights.com	A 104.16.80.73 A 104.16.79.73	104.16.79.73
x1.i.lencr.org	CNAME crl.root-x1.letsencrypt.org.edgekey.net CNAME e8652.dscx.akamaiedge.net A 23.41.113.98	23.52.33.11
fonts.gstatic.com	A 142.250.198.99	142.250.206.195
do0digwedphcm.cloudfront.net	A 3.168.176.15 A 3.168.176.204 A 3.168.176.169 A 3.168.176.29	3.168.176.29
fonts.googleapis.com	A 142.250.197.10	172.217.25.170
storage.ko-fi.com	A 104.22.14.202 A 172.67.8.185 A 104.22.15.202	172.67.8.185
www.cybermania.ws	A 172.67.158.91 A 104.21.74.121	104.21.74.121
zb.rafikfangas.com	A 23.109.121.190 A 23.109.135.30 A 23.109.121.234 A 23.109.121.58 A 23.109.121.44 A 23.109.121.116 A 172.241.48.109 A 23.109.135.204 A 23.109.121.173 A 23.109.121.53 A 23.109.121.122 A 172.241.48.124 A 23.109.121.194 A 23.109.121.137 CNAME miayarus.com A 23.109.135.20 A 23.109.121.181 A 23.109.121.37 A 23.109.135.52 A 172.241.48.244 A 23.109.121.159	23.109.121.122

IP Address	Status	Action
104.16.80.73	Active	Moloch
104.22.15.202	Active	Moloch
142.250.197.10	Active	Moloch
142.250.198.99	Active	Moloch
142.250.66.40	Active	Moloch
164.124.101.2	Active	Moloch
172.67.158.91	Active	Moloch
23.109.121.58	Active	Moloch
23.41.113.98	Active	Moloch
3.168.176.204	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49172 -> 172.67.158.91:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49173 -> 172.67.158.91:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49189 -> 3.168.176.204:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49188 -> 3.168.176.204:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49187 -> 104.22.15.202:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49183 -> 142.250.197.10:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49184 -> 142.250.197.10:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49180 -> 142.250.66.40:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49185 -> 142.250.197.10:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49178 -> 142.250.66.40:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49190 -> 104.22.15.202:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49179 -> 172.67.158.91:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49194 -> 104.22.15.202:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49186 -> 104.22.15.202:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49177 -> 172.67.158.91:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49181 -> 172.67.158.91:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49175 -> 172.67.158.91:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49176 -> 172.67.158.91:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49201 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49210 -> 104.22.15.202:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 104.22.15.202:443 -> 192.168.56.101:49193	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49219 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49192 -> 23.109.121.58:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49191 -> 23.109.121.58:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49182 -> 172.67.158.91:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 104.22.15.202:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49199 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49223 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49204 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49200 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 104.22.15.202:443 -> 192.168.56.101:49211	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49224 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49207 -> 104.16.80.73:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49229 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 104.22.15.202:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49227 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49206 -> 104.22.15.202:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49203 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49202 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49218 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49240 -> 52.239.160.33:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49222 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49208 -> 104.16.80.73:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49214 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49215 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49216 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49244 -> 52.239.160.33:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49221 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49225 -> 142.250.198.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49172 172.67.158.91:443	C=US, O=Google Trust Services, CN=WE1	CN=cybermania.ws	b4:e7:53:7f:66:42:33:94:0d:d4:76:83:6e:76:10:3e:8f:83:99:b2
TLSv1 192.168.56.101:49173 172.67.158.91:443	C=US, O=Google Trust Services, CN=WE1	CN=cybermania.ws	b4:e7:53:7f:66:42:33:94:0d:d4:76:83:6e:76:10:3e:8f:83:99:b2
TLSv1 192.168.56.101:49183 142.250.197.10:443	C=US, O=Google Trust Services, CN=WE2	CN=upload.video.google.com	62:3a:f6:bd:3a:0b:ed:3b:16:28:ba:75:d2:00:cf:50:37:6c:20:50
TLSv1 192.168.56.101:49184 142.250.197.10:443	C=US, O=Google Trust Services, CN=WE2	CN=upload.video.google.com	62:3a:f6:bd:3a:0b:ed:3b:16:28:ba:75:d2:00:cf:50:37:6c:20:50
TLSv1 192.168.56.101:49180 142.250.66.40:443	C=US, O=Google Trust Services, CN=WE2	CN=*.google-analytics.com	35:95:a9:cf:06:60:a1:4c:36:76:d0:a7:a8:71:fb:14:b3:44:53:51
TLSv1 192.168.56.101:49185 142.250.197.10:443	C=US, O=Google Trust Services, CN=WE2	CN=upload.video.google.com	62:3a:f6:bd:3a:0b:ed:3b:16:28:ba:75:d2:00:cf:50:37:6c:20:50
TLSv1 192.168.56.101:49178 142.250.66.40:443	C=US, O=Google Trust Services, CN=WE2	CN=*.google-analytics.com	35:95:a9:cf:06:60:a1:4c:36:76:d0:a7:a8:71:fb:14:b3:44:53:51
TLSv1 192.168.56.101:49188 3.168.176.204:443	C=US, O=Amazon, CN=Amazon RSA 2048 M01	CN=*.cloudfront.net	28:d3:87:79:3c:e8:8b:3c:d9:10:45:e5:f7:64:7a:6d:44:4e:5a:62
TLSv1 192.168.56.101:49189 3.168.176.204:443	C=US, O=Amazon, CN=Amazon RSA 2048 M01	CN=*.cloudfront.net	28:d3:87:79:3c:e8:8b:3c:d9:10:45:e5:f7:64:7a:6d:44:4e:5a:62
TLSv1 192.168.56.101:49179 172.67.158.91:443	C=US, O=Google Trust Services, CN=WE1	CN=cybermania.ws	b4:e7:53:7f:66:42:33:94:0d:d4:76:83:6e:76:10:3e:8f:83:99:b2
TLSv1 192.168.56.101:49177 172.67.158.91:443	C=US, O=Google Trust Services, CN=WE1	CN=cybermania.ws	b4:e7:53:7f:66:42:33:94:0d:d4:76:83:6e:76:10:3e:8f:83:99:b2
TLSv1 192.168.56.101:49181 172.67.158.91:443	C=US, O=Google Trust Services, CN=WE1	CN=cybermania.ws	b4:e7:53:7f:66:42:33:94:0d:d4:76:83:6e:76:10:3e:8f:83:99:b2
TLSv1 192.168.56.101:49175 172.67.158.91:443	C=US, O=Google Trust Services, CN=WE1	CN=cybermania.ws	b4:e7:53:7f:66:42:33:94:0d:d4:76:83:6e:76:10:3e:8f:83:99:b2
TLSv1 192.168.56.101:49176 172.67.158.91:443	C=US, O=Google Trust Services, CN=WE1	CN=cybermania.ws	b4:e7:53:7f:66:42:33:94:0d:d4:76:83:6e:76:10:3e:8f:83:99:b2
TLSv1 192.168.56.101:49201 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49219 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49192 23.109.121.58:443	C=US, O=Let's Encrypt, CN=R10	CN=zb.rafikfangas.com	d7:56:f7:85:18:49:a2:7c:16:00:a2:67:ea:0c:1a:0d:70:f2:1f:f8
TLSv1 192.168.56.101:49191 23.109.121.58:443	C=US, O=Let's Encrypt, CN=R10	CN=zb.rafikfangas.com	d7:56:f7:85:18:49:a2:7c:16:00:a2:67:ea:0c:1a:0d:70:f2:1f:f8
TLSv1 192.168.56.101:49182 172.67.158.91:443	C=US, O=Google Trust Services, CN=WE1	CN=cybermania.ws	b4:e7:53:7f:66:42:33:94:0d:d4:76:83:6e:76:10:3e:8f:83:99:b2
TLSv1 192.168.56.101:49199 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49223 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49230 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49204 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49200 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49224 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49207 104.16.80.73:443	C=US, O=Google Trust Services, CN=WR1	CN=cloudflareinsights.com	77:03:af:4c:d2:e7:a2:50:1d:9d:82:c6:7a:5d:35:0a:ae:9a:52:07
TLSv1 192.168.56.101:49227 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49203 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49229 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49202 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49217 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49228 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49218 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49240 52.239.160.33:443	C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.web.core.windows.net	22:d9:a8:14:ff:86:7a:4b:f0:95:ea:b0:9f:c1:b5:62:6b:b0:62:a9
TLSv1 192.168.56.101:49220 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49222 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49208 104.16.80.73:443	C=US, O=Google Trust Services, CN=WR1	CN=cloudflareinsights.com	77:03:af:4c:d2:e7:a2:50:1d:9d:82:c6:7a:5d:35:0a:ae:9a:52:07
TLSv1 192.168.56.101:49213 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49214 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49215 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49216 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49244 52.239.160.33:443	C=US, O=Microsoft Corporation, CN=Microsoft Azure RSA TLS Issuing CA 03	C=US, ST=WA, L=Redmond, O=Microsoft Corporation, CN=*.web.core.windows.net	22:d9:a8:14:ff:86:7a:4b:f0:95:ea:b0:9f:c1:b5:62:6b:b0:62:a9
TLSv1 192.168.56.101:49221 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1
TLSv1 192.168.56.101:49225 142.250.198.99:443	C=US, O=Google Trust Services, CN=WE2	CN=*.gstatic.com	2b:99:7d:02:90:41:d5:25:94:22:ae:76:27:0d:25:da:df:d2:0a:f1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent April 5, 2025, 1:27 a.m.			0	0

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW April 5, 2025, 1:27 a.m.	buffer: The operation completed successfully. console_handle: 0x0000000000000007	1	1	0

This executable has a PDB path (1 event)

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 5, 2025, 1:27 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.didat
section	_RDATA

One or more processes crashed (2 events)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 5, 2025, 1:27 a.m.	stacktrace: __dbk_fcall_wrapper+0x285c60 dbkFCallWrapperAddr-0x23dd0 treesize-setup+0x297878 @ 0x697878 __dbk_fcall_wrapper+0x285c60 dbkFCallWrapperAddr-0x23dd0 treesize-setup+0x297878 @ 0x697878 __dbk_fcall_wrapper+0x29c0e8 dbkFCallWrapperAddr-0xd948 treesize-setup+0x2add00 @ 0x6add00 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1637768 registers.edi: 0 registers.eax: 1637768 registers.ebp: 1637848 registers.edx: 0 registers.ebx: 2 registers.esi: 2 registers.ecx: 7	1	0	0
__exception__ April 5, 2025, 1:27 a.m.	stacktrace: LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x76f4d8a9 LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x76f4d76c LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x76f4c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x734dd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75981d2a LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x75981d7a LoadLibraryA+0x31 HeapCreate-0x25 kernel32+0x14a08 @ 0x755c4a08 crack+0x1107 @ 0x1031107 crack+0x1030 @ 0x1031030 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 89 08 50 45 43 6f 6d 70 61 63 74 32 00 31 38 c4 exception.instruction: mov dword ptr [eax], ecx exception.exception_code: 0xc0000005 exception.symbol: load_patcher-0x13 dup2patcher+0x20f6 exception.address: 0x741a20f6 registers.esp: 2486672 registers.edi: 2486884 registers.eax: 0 registers.ebp: 2486708 registers.edx: 32 registers.ebx: 1 registers.esi: 2486696 registers.ecx: 2486848	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

April 5, 2025, 1:27 a.m.

stacktrace:

__dbk_fcall_wrapper+0x285c60 dbkFCallWrapperAddr-0x23dd0 treesize-setup+0x297878 @ 0x697878
__dbk_fcall_wrapper+0x285c60 dbkFCallWrapperAddr-0x23dd0 treesize-setup+0x297878 @ 0x697878
__dbk_fcall_wrapper+0x29c0e8 dbkFCallWrapperAddr-0xd948 treesize-setup+0x2add00 @ 0x6add00
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xeedfade
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 1637768
registers.edi: 0
registers.eax: 1637768
registers.ebp: 1637848
registers.edx: 0
registers.ebx: 2
registers.esi: 2
registers.ecx: 7

__exception__

April 5, 2025, 1:27 a.m.

stacktrace:

LdrResSearchResource+0xb4d LdrResFindResourceDirectory-0x16c ntdll+0x3d8a9 @ 0x76f4d8a9
LdrResSearchResource+0xa10 LdrResFindResourceDirectory-0x2a9 ntdll+0x3d76c @ 0x76f4d76c
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x76f4c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x734dd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75981d2a
LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x75981d7a
LoadLibraryA+0x31 HeapCreate-0x25 kernel32+0x14a08 @ 0x755c4a08
crack+0x1107 @ 0x1031107
crack+0x1030 @ 0x1031030
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 89 08 50 45 43 6f 6d 70 61 63 74 32 00 31 38 c4
exception.instruction: mov dword ptr [eax], ecx
exception.exception_code: 0xc0000005
exception.symbol: load_patcher-0x13 dup2patcher+0x20f6
exception.address: 0x741a20f6
registers.esp: 2486672
registers.edi: 2486884
registers.eax: 0
registers.ebp: 2486708
registers.edx: 32
registers.ebx: 1
registers.esi: 2486696
registers.ecx: 2486848

Performs some HTTP requests (50 out of 68 events)

request	GET http://x1.i.lencr.org/
request	GET https://www.cybermania.ws/
request	GET https://do0digwedphcm.cloudfront.net/?gidod=1154995
request	GET https://www.googletagmanager.com/gtag/js?id=G-LY4YS7SDEK
request	GET https://fonts.googleapis.com/css?family=Source+Sans+Pro%3A200%2C300%2C400%2C600%2C700%2C900%2C200italic%2C300italic%2C400italic%2C600italic%2C700italic%2C900italic&ver=6.7.2&display=swap
request	GET https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400italic%2C600italic%2C700italic%2C800italic%2C400%2C300%2C600%2C700%2C800&ver=6.7.2&display=swap
request	GET https://www.cybermania.ws/wp-content/litespeed/css/e3477323a4a938133ff0ea5a2fac34b4.css?ver=c34b4
request	GET https://www.cybermania.ws/wp-content/litespeed/js/0adc36f7f390ea8bf0f1a3f94a676136.js?ver=76136
request	GET https://www.cybermania.ws/wp-content/litespeed/css/e58aaa284dee0052ff68912e4d2a0706.css?ver=a0706
request	GET https://www.cybermania.ws/wp-content/litespeed/css/e5149a9e47c503b6faee1eab0429bbbf.css?ver=9bbbf
request	GET https://www.cybermania.ws/wp-includes/js/jquery/jquery.min.js
request	GET https://www.cybermania.ws/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=7.3.0
request	GET https://www.cybermania.ws/wp-content/uploads/CyberMania.png
request	GET https://www.cybermania.ws/wp-content/uploads/btc.png
request	GET https://www.cybermania.ws/wp-content/uploads/Paypalbutton.png
request	GET https://www.cybermania.ws/wp-content/uploads/CMPost.png
request	GET https://www.cybermania.ws/wp-content/uploads/neweset.png
request	GET https://www.cybermania.ws/wp-content/uploads/Cinexplore.png
request	GET https://www.cybermania.ws/wp-content/uploads/Repairit.png
request	GET https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
request	GET https://www.cybermania.ws/wp-content/uploads/SleepasAndroid.png
request	GET https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclSds18I.woff
request	GET https://www.cybermania.ws/wp-content/uploads/weatherradar.png
request	GET https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokSds18I.woff
request	GET https://www.cybermania.ws/wp-content/uploads/SleepMonitor.png
request	GET https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lCds18I.woff
request	GET https://fonts.gstatic.com/s/sourcesanspro/v22/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDQ.woff
request	GET https://www.cybermania.ws/wp-content/uploads/sleepcycle.png
request	GET https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkids18I.woff
request	GET https://www.cybermania.ws/wp-content/uploads/PlantParent.png
request	GET https://www.cybermania.ws/wp-content/uploads/MapleCalculator.png
request	GET https://www.cybermania.ws/wp-content/uploads/MediaMonkey.png
request	GET https://fonts.gstatic.com/s/sourcesanspro/v22/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklyds18I.woff
request	GET https://www.cybermania.ws/wp-content/uploads/INKredible.png
request	GET https://www.cybermania.ws/wp-content/uploads/elevate.png
request	GET https://www.cybermania.ws/wp-content/uploads/acrphone.png
request	GET https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_wlxdo.woff
request	GET https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdo.woff
request	GET https://www.cybermania.ws/wp-content/uploads/balancemedicationapk.png
request	GET https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7j.woff
request	GET https://www.cybermania.ws/wp-content/uploads/flowx.png
request	GET https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdo.woff
request	GET https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdo.woff
request	GET https://www.cybermania.ws/wp-content/uploads/moonreader.png
request	GET https://www.cybermania.ws/wp-content/uploads/sdmaid2.png
request	GET https://www.cybermania.ws/wp-content/uploads/IntelDriver.png
request	GET https://www.cybermania.ws/wp-content/uploads/AnyDesk_logo.png
request	GET https://www.cybermania.ws/wp-content/uploads/TheSanDiegoUnion.png
request	GET https://fonts.gstatic.com/s/sourcesanspro/v22/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nwlxdo.woff
request	GET https://www.cybermania.ws/wp-content/litespeed/js/11267acb0ad080f1c99702d805e8bc45.js?ver=8bc45

Allocates read-write-execute memory (usually to unpack itself) (11 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 5, 2025, 1:27 a.m.	process_identifier: 2588 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory April 5, 2025, 1:27 a.m.	process_identifier: 2588 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003980000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 5, 2025, 1:27 a.m.	process_identifier: 2744 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 5, 2025, 1:27 a.m.	process_identifier: 2744 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 688128 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 5, 2025, 1:27 a.m.	process_identifier: 2744 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b7000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 5, 2025, 1:27 a.m.	process_identifier: 2744 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 102400 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b9000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 5, 2025, 1:27 a.m.	process_identifier: 2744 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73422000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 5, 2025, 1:27 a.m.	process_identifier: 2800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73422000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 5, 2025, 1:27 a.m.	process_identifier: 2800 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 5, 2025, 1:27 a.m.	process_identifier: 2908 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00390000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 5, 2025, 1:28 a.m.	process_identifier: 1452 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000046c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

Foreign language identified in PE resource (16 events)

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008d390

size

0x000001d2

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008d390

size

0x000001d2

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008d390

size

0x000001d2

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008d390

size

0x000001d2

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008d390

size

0x000001d2

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008d390

size

0x000001d2

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008dbb4

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008dbb4

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008dbb4

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008dbb4

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008dbb4

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008dbb4

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008dbb4

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008dbb4

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008dbb4

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_NEUTRAL

offset

0x0008dbb4

size

0x0000006a

Creates executable files on the filesystem (5 events)

file	C:\Users\test22\AppData\Local\Temp\dup2patcher.dll
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\License.exe
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\Crack.exe
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\TreeSize-Setup.exe
file	C:\Users\test22\AppData\Local\Temp\7CEB9B2A0E395BD64E74381485A106AF.dll

Drops an executable to the user AppData folder (5 events)

file	C:\Users\test22\AppData\Local\Temp\RarSFX0\Crack.exe
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\TreeSize-Setup.exe
file	C:\Users\test22\AppData\Local\Temp\is-JNKJP.tmp\TreeSize-Setup.tmp
file	C:\Users\test22\AppData\Local\Temp\7CEB9B2A0E395BD64E74381485A106AF.dll
file	C:\Users\test22\AppData\Local\Temp\dup2patcher.dll

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW April 5, 2025, 1:27 a.m.	show_type: 0 filepath_r: Reg.exe parameters: add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LicenseManager.exe" /v "debugger" /t REG_SZ /d "systray.exe" /f filepath: Reg.exe	1	1	0

Queries for potentially installed applications (1 event)

Time & API	Arguments	Status	Return	Repeated
RegOpenKeyExW April 5, 2025, 1:27 a.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\TreeSize_is1 base_handle: 0x80000002 key_handle: 0x00000000 options: 0 access: 0x00000101 regkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TreeSize_is1		2	0

Uses Windows utilities for basic Windows functionality (2 events)

cmdline	"C:\Windows\System32\reg.exe" add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LicenseManager.exe" /v "debugger" /t REG_SZ /d "systray.exe" /f
cmdline	Reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LicenseManager.exe" /v "debugger" /t REG_SZ /d "systray.exe" /f

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LicenseManager.exe\debugger

reg_value

systray.exe

Deletes executed files from disk (2 events)

file	C:\Users\test22\AppData\Local\Temp\is-JNKJP.tmp\TreeSize-Setup.tmp
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\TreeSize-Setup.exe

Drops a binary and executes it (2 events)

file	C:\Users\test22\AppData\Local\Temp\RarSFX0\TreeSize-Setup.exe
file	C:\Users\test22\AppData\Local\Temp\RarSFX0\Crack.exe

Detects the presence of Wine emulator (2 events)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress April 5, 2025, 1:27 a.m.	ordinal: 0 function_address: 0x0040f7a8 function_name: wine_get_version module: ntdll module_address: 0x76f10000		3221225785	0
LdrGetProcedureAddress April 5, 2025, 1:27 a.m.	ordinal: 0 function_address: 0x004117b0 function_name: wine_get_version module: ntdll module_address: 0x76f10000		3221225785	0

File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 events)

Bkav	W64.AIDetectMalware
Skyhigh	FilePatcher
ALYac	Application.Generic.3899159
VIPRE	Application.Generic.3899159
CrowdStrike	win/grayware_confidence_90% (D)
BitDefender	Application.Generic.3899159
K7GW	Trojan ( 0040f3a51 )
K7AntiVirus	Trojan ( 0040f3a51 )
Arcabit	Application.Generic.D3B7F17
Baidu	Win32.Trojan.Generic.f
ESET-NOD32	a variant of Win32/HackTool.Patcher.AD potentially unsafe
Emsisoft	Application.Generic.3899159 (B)
McAfeeD	ti!D1A7B13BC7F3
CTX	exe.unknown.generic
Sophos	Generic Patcher (PUA)
SentinelOne	Static AI - Suspicious SFX
FireEye	Application.Generic.3899159
Antiy-AVL	HackTool/Win32.Patcher.ad
Xcitium	ApplicUnwnt@#wqbw7r5i29dm
Microsoft	HackTool:Win32/Keygen
GData	Win32.Riskware.Patcher.E
Ikarus	PUA.HackTool.Patcher
Fortinet	Riskware/GamePatcher

TreeSizePro9.4.1.2001x64.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All