hasherezade
commented
1 year ago hi @gunnahafta ! ok, so the report says why it happened, and what type of anomaly it is:
{
"pid" : 10844,
"is_64_bit" : 1,
"is_managed" : 0,
"main_image_path" : "D:\\temp\\hollows_hunter64.exe",
"used_reflection" : 0,
"scanned" :
{
"total" : 19,
"skipped" : 0,
"modified" :
{
"total" : 1,
"patched" : 0,
"iat_hooked" : 0,
"replaced" : 0,
"hdr_modified" : 0,
"implanted_pe" : 0,
"implanted_shc" : 0,
"unreachable_file" : 1,
"other" : 1
},
"errors" : 2
},
"scans" : [
{
"mapping_scan" : {
"module" : "7ff63d890000",
"module_file" : "D:\\temp\\hollows_hunter64.exe",
"mapped_file" : "D:\\temp\\hollows hunter\\hollows_hunter64.exe",
"status" : 1
}
},
{
"unreachable_scan" : {
"module" : "7ff63d890000",
"module_file" : "D:\\temp\\hollows_hunter64.exe",
"status" : -1
}
}
]
}It is just about unreachable file:
"unreachable_file" : 1,that caused scan errors:
"errors" : 2because the original file could not be found. The other part of the report says what was the possible cause of this situation:
{
"mapping_scan" : {
"module" : "7ff63d890000",
"module_file" : "D:\\temp\\hollows_hunter64.exe",
"mapped_file" : "D:\\temp\\hollows hunter\\hollows_hunter64.exe",
"status" : 1
}possibly, the hollows_hunter64.exe was deployed from one location "D:\temp\hollows hunter\hollows_hunter64.exe" and then, during the execution, moved to other: "D:\temp\hollows_hunter64.exe".
So the report explains that there is nothing to worry about.
Title says it all. process_10844.zip