Current Path : C:/ProgramData/Malwarebytes/MBAMService/ScanResults/ |
Current File : C:/ProgramData/Malwarebytes/MBAMService/ScanResults/81bfbea4-9a97-11eb-9e7f-005056b197cd.json |
71088E7376F0F38A932165B347B4CC1A256F30B4BB27993AA090BB6BAEF016FF { "applicationVersion" : "4.3.0.98", "chromeSyncResetQueryRequested" : false, "chromeSyncResetQueryResult" : false, "clientID" : "MbamUI", "clientType" : "fullUIScan", "componentsUpdatePackageVersion" : "1.0.1173", "coreDllFileVersion" : "3.0.0.1105", "cpu" : "x64", "dbSDKUpdatePackageVersion" : "1.0.37263", "detectionDateTime" : "2021-04-11T07:28:27Z", "fileSystem" : "NTFS", "id" : "81bfbea4-9a97-11eb-9e7f-005056b197cd", "isUserAdmin" : true, "licenseState" : "free", "linkagePhaseComplete" : true, "loggedOnUserName" : "Moodle\\", "machineID" : "", "os" : "Windows 10 Server (Build 14393.4283)", "schemaVersion" : 18, "sourceDetails" : { "aggressiveMode" : false, "clientMetadata" : { "jobId" : "", "scheduleId" : "", "scheduleTag" : "" }, "ddsigEnabled" : true, "filesScannedByIG" : 0, "objectsScanned" : 290311, "scanEndTime" : "2021-04-11T07:29:34Z", "scanOnlineStatus" : "offline", "scanOptions" : { "pumHandling" : "detect", "pupHandling" : "detect", "scanArchives" : false, "scanFileSystem" : true, "scanMemoryObjects" : true, "scanPUMs" : true, "scanPUPs" : true, "scanRookits" : false, "scanStartupAndRegistry" : true, "scanType" : "threat", "useHeuristics" : true }, "scanResult" : "completed", "scanStartTime" : "2021-04-11T07:28:27Z", "scanState" : "completed", "shurikenEnabled" : false, "type" : "scan" }, "threats" : [ { "ddsSigFileVersion" : "01122568", "linkedTraces" : [ { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { "unloadData" : { "pid" : 4836 } }, "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:47Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : 0, "id" : "9a2916c0-9a97-11eb-9e9c-005056b197cd", "igExitCode" : "", "isPEFile" : false, "isPEFileValid" : false, "linkType" : "linkedTrace", "objectMD5" : "E6B1FC5D7951003D8794379D47BFB6FF", "objectPath" : "C:\\WINDOWS\\SYSTEM32\\RVLKL.EXE", "objectSha256" : "E00A6E5143489FC3C133ABBC0943F208083A312622B0468C0614DACAA8ECC446", "objectSize" : -1, "objectType" : "process", "resolvedPath" : "", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : false, "disableSignatureWhiteListing" : false, "fileDelete" : false, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : false, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : true, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : false, "whitelistCheckError" : false } }, { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { "unloadData" : { "pid" : 4836 } }, "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:47Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : 0, "id" : "9a2916c1-9a97-11eb-b26a-005056b197cd", "igExitCode" : "", "isPEFile" : false, "isPEFileValid" : false, "linkType" : "linkedTrace", "objectMD5" : "E6B1FC5D7951003D8794379D47BFB6FF", "objectPath" : "C:\\WINDOWS\\SYSTEM32\\RVLKL.EXE", "objectSha256" : "E00A6E5143489FC3C133ABBC0943F208083A312622B0468C0614DACAA8ECC446", "objectSize" : -1, "objectType" : "module", "resolvedPath" : "", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : false, "disableSignatureWhiteListing" : false, "fileDelete" : false, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : false, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : true, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : false, "whitelistCheckError" : false } }, { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { "unloadData" : { "pid" : 3064 } }, "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:47Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : 0, "id" : "9a2916c2-9a97-11eb-b144-005056b197cd", "igExitCode" : "", "isPEFile" : false, "isPEFileValid" : false, "linkType" : "linkedTrace", "objectMD5" : "E6B1FC5D7951003D8794379D47BFB6FF", "objectPath" : "C:\\WINDOWS\\SYSTEM32\\RVLKL.EXE", "objectSha256" : "E00A6E5143489FC3C133ABBC0943F208083A312622B0468C0614DACAA8ECC446", "objectSize" : -1, "objectType" : "process", "resolvedPath" : "", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : false, "disableSignatureWhiteListing" : false, "fileDelete" : false, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : false, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : true, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : false, "whitelistCheckError" : false } }, { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { "unloadData" : { "pid" : 3064 } }, "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:47Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : 0, "id" : "9a293de4-9a97-11eb-84ea-005056b197cd", "igExitCode" : "", "isPEFile" : false, "isPEFileValid" : false, "linkType" : "linkedTrace", "objectMD5" : "E6B1FC5D7951003D8794379D47BFB6FF", "objectPath" : "C:\\WINDOWS\\SYSTEM32\\RVLKL.EXE", "objectSha256" : "E00A6E5143489FC3C133ABBC0943F208083A312622B0468C0614DACAA8ECC446", "objectSize" : -1, "objectType" : "module", "resolvedPath" : "", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : false, "disableSignatureWhiteListing" : false, "fileDelete" : false, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : false, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : true, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : false, "whitelistCheckError" : false } }, { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:47Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : 0, "id" : "9a2964ea-9a97-11eb-ace1-005056b197cd", "igExitCode" : "", "isPEFile" : false, "isPEFileValid" : true, "linkType" : "linkedTrace", "objectMD5" : "DA33E56DD89EC7B39F5FD70120E92DCE", "objectPath" : "C:\\PROGRAMDATA\\MICROSOFT\\WINDOWS\\START MENU\\PROGRAMS\\STARTUP\\rvlkl.lnk", "objectSha256" : "E9A294A8AD915EF8589FBA0AC7A9644101661F70C59F170D5CF5C42BB293E46B", "objectSize" : 915, "objectType" : "file", "resolvedPath" : "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\StartUp\\rvlkl.lnk", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : false, "disableSignatureWhiteListing" : false, "fileDelete" : true, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : false, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : true, "whitelistCheckError" : false } } ], "mainTrace" : { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { }, "cleanResult" : "successful", "cleanResultErrorCode" : 5, "cleanTime" : "2021-04-11T07:29:45Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : -8, "id" : "8c9fb3ce-9a97-11eb-8b10-005056b197cd", "igExitCode" : "", "isPEFile" : true, "isPEFileValid" : true, "linkType" : "none", "objectMD5" : "E6B1FC5D7951003D8794379D47BFB6FF", "objectPath" : "C:\\WINDOWS\\SYSTEM32\\RVLKL.EXE", "objectSha256" : "E00A6E5143489FC3C133ABBC0943F208083A312622B0468C0614DACAA8ECC446", "objectSize" : 541600, "objectType" : "file", "resolvedPath" : "C:\\Windows\\System32\\rvlkl.exe", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : true, "disableSignatureWhiteListing" : true, "fileDelete" : true, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : true, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : true, "whitelistCheckError" : true }, "winVerifyTrustResult" : { "expectedError" : false, "lastErrorCode" : 0, "wvtCalled" : true, "wvtResult" : 0 } }, "ruleID" : 299332, "ruleString" : "5F125DCC5DA95DCBFEB818BF", "rulesVersion" : "1.0.37263", "srcEngineComponent" : "dds", "srcEngineThreatNames" : [ "Malware.AI.4273477823" ], "threatID" : 6824, "threatName" : "Trojan.LogixoftKeyLogger" }, { "ddsSigFileVersion" : "", "linkedTraces" : [ ], "mainTrace" : { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { "txtReplaceData" : { "newData" : "", "oldData" : "127.0.0.1 keystone.mwbsys.com" } }, "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:47Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : 0, "id" : "9a365da8-9a97-11eb-ab1f-005056b197cd", "igExitCode" : "", "isPEFile" : false, "isPEFileValid" : true, "linkType" : "none", "objectMD5" : "DFB3D3F0792666572D4F41EADE73441F", "objectPath" : "C:\\WINDOWS\\SYSTEM32\\DRIVERS\\ETC\\HOSTS", "objectSha256" : "0D8BAE9F36161A6FB9CF524F7F9B2282105A88D51CB6ED9CAFF9E3BA8E7AAAEC", "objectSize" : 955, "objectType" : "file", "resolvedPath" : "C:\\Windows\\System32\\drivers\\etc\\hosts", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : true, "disableSignatureWhiteListing" : true, "fileDelete" : false, "fileReplace" : false, "fileTxtReplace" : true, "folderDelete" : false, "isChromeObject" : false, "isDDS" : false, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : true, "whitelistCheckError" : false }, "winVerifyTrustResult" : { "expectedError" : false, "lastErrorCode" : -2146762749, "wvtCalled" : true, "wvtResult" : -2146762749 } }, "ruleID" : 353143, "ruleString" : "", "rulesVersion" : "1.0.37263", "srcEngineComponent" : "ame", "srcEngineThreatNames" : [ ], "threatID" : 2267, "threatName" : "RiskWare.DontStealOurSoftware" }, { "ddsSigFileVersion" : "01122568", "linkedTraces" : [ ], "mainTrace" : { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { }, "cleanResult" : "duplicate", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:08Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : -8, "id" : "9a6c3b6c-9a97-11eb-8eae-005056b197cd", "igExitCode" : "", "isPEFile" : true, "isPEFileValid" : true, "linkType" : "none", "objectMD5" : "E6B1FC5D7951003D8794379D47BFB6FF", "objectPath" : "C:\\WINDOWS\\SYSTEM32\\RVLKL.EXE", "objectSha256" : "E00A6E5143489FC3C133ABBC0943F208083A312622B0468C0614DACAA8ECC446", "objectSize" : -1, "objectType" : "file", "resolvedPath" : "", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : true, "disableSignatureWhiteListing" : true, "fileDelete" : true, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : true, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : false, "whitelistCheckError" : true }, "winVerifyTrustResult" : { "expectedError" : false, "lastErrorCode" : 0, "wvtCalled" : true, "wvtResult" : 0 } }, "ruleID" : 299332, "ruleString" : "5F125DCC5DA95DCBFEB818BF", "rulesVersion" : "1.0.37263", "srcEngineComponent" : "dds", "srcEngineThreatNames" : [ "Malware.AI.4273477823" ], "threatID" : 6824, "threatName" : "Trojan.LogixoftKeyLogger" }, { "ddsSigFileVersion" : "01122568", "linkedTraces" : [ { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { "unloadData" : { "pid" : 1296 } }, "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:48Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : 0, "id" : "9aeda8fa-9a97-11eb-8d5d-005056b197cd", "igExitCode" : "", "isPEFile" : false, "isPEFileValid" : false, "linkType" : "linkedTrace", "objectMD5" : "D2BE607ECDBEE61CFA3843D3B8C2DE13", "objectPath" : "C:\\USERS\\MYSQLSERVER\\DESKTOP\\NL 5\\TITAN_PRIVAT.EXE", "objectSha256" : "A332F863DA1709B27B62F3A3F2A06DCA48C7DABE6B8DB76EC7BB81CE3786E527", "objectSize" : -1, "objectType" : "process", "resolvedPath" : "", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : false, "disableSignatureWhiteListing" : false, "fileDelete" : false, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : false, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : true, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : false, "whitelistCheckError" : false } }, { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { "unloadData" : { "pid" : 1296 } }, "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:48Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : 0, "id" : "9aee1e3e-9a97-11eb-b5f3-005056b197cd", "igExitCode" : "", "isPEFile" : false, "isPEFileValid" : false, "linkType" : "linkedTrace", "objectMD5" : "D2BE607ECDBEE61CFA3843D3B8C2DE13", "objectPath" : "C:\\USERS\\MYSQLSERVER\\DESKTOP\\NL 5\\TITAN_PRIVAT.EXE", "objectSha256" : "A332F863DA1709B27B62F3A3F2A06DCA48C7DABE6B8DB76EC7BB81CE3786E527", "objectSize" : -1, "objectType" : "module", "resolvedPath" : "", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : false, "disableSignatureWhiteListing" : false, "fileDelete" : false, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : false, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : true, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : false, "whitelistCheckError" : false } } ], "mainTrace" : { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { }, "cleanResult" : "successful", "cleanResultErrorCode" : 5, "cleanTime" : "2021-04-11T07:29:47Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : -8, "id" : "9a9db2e6-9a97-11eb-84c5-005056b197cd", "igExitCode" : "", "isPEFile" : true, "isPEFileValid" : true, "linkType" : "none", "objectMD5" : "D2BE607ECDBEE61CFA3843D3B8C2DE13", "objectPath" : "C:\\USERS\\MYSQLSERVER\\DESKTOP\\NL 5\\TITAN_PRIVAT.EXE", "objectSha256" : "A332F863DA1709B27B62F3A3F2A06DCA48C7DABE6B8DB76EC7BB81CE3786E527", "objectSize" : 6943232, "objectType" : "file", "resolvedPath" : "C:\\Users\\MYSQLSERVER\\Desktop\\NL 5\\TITAN_PRIVAT.exe", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : true, "disableSignatureWhiteListing" : true, "fileDelete" : true, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : true, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : true, "whitelistCheckError" : true }, "winVerifyTrustResult" : { "expectedError" : true, "lastErrorCode" : -2146762496, "wvtCalled" : true, "wvtResult" : -2146762496 } }, "ruleID" : 473932, "ruleString" : "64823C0DF8575084FF3BDED2", "rulesVersion" : "1.0.37263", "srcEngineComponent" : "dds", "srcEngineThreatNames" : [ "Malware.AI.4282113746" ], "threatID" : 3459, "threatName" : "RiskWare.HackTool" }, { "ddsSigFileVersion" : "", "linkedTraces" : [ ], "mainTrace" : { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { "txtReplaceData" : { "newData" : "", "oldData" : "127.0.0.1 keystone.mwbsys.com" } }, "cleanResult" : "duplicate", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:15Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : 0, "id" : "9e95990e-9a97-11eb-8e74-005056b197cd", "igExitCode" : "", "isPEFile" : false, "isPEFileValid" : false, "linkType" : "none", "objectMD5" : "DFB3D3F0792666572D4F41EADE73441F", "objectPath" : "C:\\WINDOWS\\SYSTEM32\\DRIVERS\\ETC\\HOSTS", "objectSha256" : "0D8BAE9F36161A6FB9CF524F7F9B2282105A88D51CB6ED9CAFF9E3BA8E7AAAEC", "objectSize" : -1, "objectType" : "file", "resolvedPath" : "", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : true, "disableSignatureWhiteListing" : true, "fileDelete" : false, "fileReplace" : false, "fileTxtReplace" : true, "folderDelete" : false, "isChromeObject" : false, "isDDS" : false, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : false, "whitelistCheckError" : false }, "winVerifyTrustResult" : { "expectedError" : false, "lastErrorCode" : -2146762749, "wvtCalled" : true, "wvtResult" : -2146762749 } }, "ruleID" : 353143, "ruleString" : "", "rulesVersion" : "1.0.37263", "srcEngineComponent" : "ame", "srcEngineThreatNames" : [ ], "threatID" : 2267, "threatName" : "RiskWare.DontStealOurSoftware" }, { "ddsSigFileVersion" : "01122568", "linkedTraces" : [ ], "mainTrace" : { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { }, "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:48Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : -8, "id" : "a3b89828-9a97-11eb-b766-005056b197cd", "igExitCode" : "", "isPEFile" : true, "isPEFileValid" : true, "linkType" : "none", "objectMD5" : "A1757120F75A4E11FB31CD2B58181F11", "objectPath" : "C:\\USERS\\MYSQLSERVER\\DESKTOP\\KEYLOGGER.EXE", "objectSha256" : "F8B3E652711D35DBDF8CAB797A319588A3D0934C89F5491CFA4EFE9641711B87", "objectSize" : 1647520, "objectType" : "file", "resolvedPath" : "C:\\Users\\MYSQLSERVER\\Desktop\\Keylogger.exe", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : true, "disableSignatureWhiteListing" : true, "fileDelete" : true, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : true, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : true, "whitelistCheckError" : true }, "winVerifyTrustResult" : { "expectedError" : false, "lastErrorCode" : 0, "wvtCalled" : true, "wvtResult" : 0 } }, "ruleID" : 835679, "ruleString" : "436AE2EFD676AE60F099E091", "rulesVersion" : "1.0.37263", "srcEngineComponent" : "dds", "srcEngineThreatNames" : [ "Malware.AI.4036616337" ], "threatID" : 8503, "threatName" : "RiskWare.KeyLogger" }, { "ddsSigFileVersion" : "01122568", "linkedTraces" : [ ], "mainTrace" : { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { }, "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:48Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : -8, "id" : "a790dfe6-9a97-11eb-a9d4-005056b197cd", "igExitCode" : "", "isPEFile" : true, "isPEFileValid" : true, "linkType" : "none", "objectMD5" : "D2BE607ECDBEE61CFA3843D3B8C2DE13", "objectPath" : "C:\\USERS\\MYSQLSERVER\\DESKTOP\\NL 3\\TITAN_PRIVAT.EXE", "objectSha256" : "A332F863DA1709B27B62F3A3F2A06DCA48C7DABE6B8DB76EC7BB81CE3786E527", "objectSize" : 6943232, "objectType" : "file", "resolvedPath" : "C:\\Users\\MYSQLSERVER\\Desktop\\NL 3\\TITAN_PRIVAT.exe", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : true, "disableSignatureWhiteListing" : true, "fileDelete" : true, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : true, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : true, "whitelistCheckError" : true }, "winVerifyTrustResult" : { "expectedError" : true, "lastErrorCode" : -2146762496, "wvtCalled" : true, "wvtResult" : -2146762496 } }, "ruleID" : 473932, "ruleString" : "64823C0DF8575084FF3BDED2", "rulesVersion" : "1.0.37263", "srcEngineComponent" : "dds", "srcEngineThreatNames" : [ "Malware.AI.4282113746" ], "threatID" : 3459, "threatName" : "RiskWare.HackTool" }, { "ddsSigFileVersion" : "01122568", "linkedTraces" : [ ], "mainTrace" : { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { }, "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:48Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : -8, "id" : "a8002fe0-9a97-11eb-9715-005056b197cd", "igExitCode" : "", "isPEFile" : true, "isPEFileValid" : true, "linkType" : "none", "objectMD5" : "D2BE607ECDBEE61CFA3843D3B8C2DE13", "objectPath" : "C:\\USERS\\MYSQLSERVER\\DESKTOP\\NL 4\\TITAN_PRIVAT.EXE", "objectSha256" : "A332F863DA1709B27B62F3A3F2A06DCA48C7DABE6B8DB76EC7BB81CE3786E527", "objectSize" : 6943232, "objectType" : "file", "resolvedPath" : "C:\\Users\\MYSQLSERVER\\Desktop\\NL 4\\TITAN_PRIVAT.exe", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : true, "disableSignatureWhiteListing" : true, "fileDelete" : true, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : true, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : true, "whitelistCheckError" : true }, "winVerifyTrustResult" : { "expectedError" : true, "lastErrorCode" : -2146762496, "wvtCalled" : true, "wvtResult" : -2146762496 } }, "ruleID" : 473932, "ruleString" : "64823C0DF8575084FF3BDED2", "rulesVersion" : "1.0.37263", "srcEngineComponent" : "dds", "srcEngineThreatNames" : [ "Malware.AI.4282113746" ], "threatID" : 3459, "threatName" : "RiskWare.HackTool" }, { "ddsSigFileVersion" : "01122568", "linkedTraces" : [ ], "mainTrace" : { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { }, "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:48Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : -8, "id" : "a8654a88-9a97-11eb-ae6b-005056b197cd", "igExitCode" : "", "isPEFile" : true, "isPEFileValid" : true, "linkType" : "none", "objectMD5" : "D2BE607ECDBEE61CFA3843D3B8C2DE13", "objectPath" : "C:\\USERS\\MYSQLSERVER\\DESKTOP\\NL 6\\TITAN_PRIVAT.EXE", "objectSha256" : "A332F863DA1709B27B62F3A3F2A06DCA48C7DABE6B8DB76EC7BB81CE3786E527", "objectSize" : 6943232, "objectType" : "file", "resolvedPath" : "C:\\Users\\MYSQLSERVER\\Desktop\\NL 6\\TITAN_PRIVAT.exe", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : true, "disableSignatureWhiteListing" : true, "fileDelete" : true, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : true, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : true, "whitelistCheckError" : true }, "winVerifyTrustResult" : { "expectedError" : true, "lastErrorCode" : -2146762496, "wvtCalled" : true, "wvtResult" : -2146762496 } }, "ruleID" : 473932, "ruleString" : "64823C0DF8575084FF3BDED2", "rulesVersion" : "1.0.37263", "srcEngineComponent" : "dds", "srcEngineThreatNames" : [ "Malware.AI.4282113746" ], "threatID" : 3459, "threatName" : "RiskWare.HackTool" }, { "ddsSigFileVersion" : "01122568", "linkedTraces" : [ ], "mainTrace" : { "archiveMember" : "", "archiveMemberMD5" : "", "cleanAction" : "quarantine", "cleanContext" : { }, "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "2021-04-11T07:29:48Z", "generatedByPostCleanupAction" : false, "hubbleRequestErrorCode" : -8, "id" : "a91d56be-9a97-11eb-9584-005056b197cd", "igExitCode" : "", "isPEFile" : true, "isPEFileValid" : true, "linkType" : "none", "objectMD5" : "D2BE607ECDBEE61CFA3843D3B8C2DE13", "objectPath" : "C:\\USERS\\MYSQLSERVER\\DESKTOP\\NL 2\\TITAN_PRIVAT.EXE", "objectSha256" : "A332F863DA1709B27B62F3A3F2A06DCA48C7DABE6B8DB76EC7BB81CE3786E527", "objectSize" : 6943232, "objectType" : "file", "resolvedPath" : "C:\\Users\\MYSQLSERVER\\Desktop\\NL 2\\TITAN_PRIVAT.exe", "suggestedAction" : { "archiveDir" : false, "chromeExtensionOther" : false, "chromeExtensionPreferences" : false, "chromeExtensionSecurePreferences" : false, "chromeExtensionSyncData" : false, "chromeUrlOther" : false, "chromeUrlSecurePreferences" : false, "chromeUrlSyncData" : false, "chromeUrlWebData" : false, "disableHubbleWhiteListing" : true, "disableSignatureWhiteListing" : true, "fileDelete" : true, "fileReplace" : false, "fileTxtReplace" : false, "folderDelete" : false, "isChromeObject" : false, "isDDS" : true, "isDoppleganging" : false, "isExternalDetection" : false, "isPUP" : false, "isShuriken" : false, "isWMIEventConsumer" : false, "killProcess" : false, "minimalWhiteListing" : false, "moduleUnload" : false, "noLinking" : false, "physicalSectorReplace" : false, "priorityHigh" : false, "priorityNormal" : false, "priorityUrgent" : false, "processUnload" : false, "regKeyDelete" : false, "regValueDelete" : false, "regValueReplace" : false, "shortcutReplace" : false, "silentMode" : false, "singleDelete" : false, "treatAsRootkit" : false, "useDDA" : false, "verifyResolvedPath" : true, "whitelistCheckError" : true }, "winVerifyTrustResult" : { "expectedError" : true, "lastErrorCode" : -2146762496, "wvtCalled" : true, "wvtResult" : -2146762496 } }, "ruleID" : 473932, "ruleString" : "64823C0DF8575084FF3BDED2", "rulesVersion" : "1.0.37263", "srcEngineComponent" : "dds", "srcEngineThreatNames" : [ "Malware.AI.4282113746" ], "threatID" : 3459, "threatName" : "RiskWare.HackTool" } ], "threatsDetected" : 8 }