Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 24, 2021, 8:51 a.m.	June 24, 2021, 8:53 a.m.

Size	3.9MB
Type	MS-DOS executable, MZ for MS-DOS
MD5	`11fdd27279a2a41a93b3ef63dd1ff548`
SHA256	`392d82e299dd3c9297a13cee34bbb04248f6e63a3d551ef47ef1346387c66447`
CRC32	`9699101C`
ssdeep	`98304:n8qbrrz2PI4SyqBMvP5oEWdTdT/Z9wbvboefUE3biLJ1G6ZC:Z/zKwBMvBobZx9mvcMUEuLzRZ`
Yara	PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques IsPE32 - (no description)

مدمج الفصل الأول+الثاني+ الثالث +الرابع + المصادر+الملاحق .exe "C:\Users\test22\AppData\Local\Temp\مدمج الفصل الأول+الثاني+ الثالث +الرابع + المصادر+الملاحق .exe"
4564
- clippugc.exe "C:\Users\test22\AppData\Roaming\chknvany"
  5192
  - ~64D.tmp 1848 250376 5192 1
    5656
- chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\test22\AppData\Local\Temp\~543.tmp.pdf
  8780
  - chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef2ca6e00,0x7fef2ca6e10,0x7fef2ca6e20
    4716
explorer.exe C:\Windows\Explorer.EXE
1848
- ~D71.tmp 8780 250376 1848 2
  6472
- ~1012.tmp 4716 250376 1848 2
  4368
- ~B154.tmp 8496 250376 1848 2
  3004

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW June 24, 2021, 8:44 a.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (23 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:45 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:45 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:45 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0
IsDebuggerPresent June 24, 2021, 8:44 a.m.			0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (2 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe\PATH

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 24, 2021, 8:51 a.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

RT_DATA

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ June 24, 2021, 8:45 a.m.	stacktrace: 0xb90004 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 e4 76 exception.instruction: call qword ptr [rip + 0x91f16] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb90004 registers.r14: 406056088 registers.r15: 346059728 registers.rcx: 1420 registers.rsi: 17302540 registers.r10: 0 registers.rbx: 406055344 registers.rsp: 406055064 registers.r11: 406058960 registers.r8: 1999536524 registers.r9: 0 registers.rdx: 1432 registers.r12: 406055704 registers.rbp: 406055200 registers.rdi: 73383216 registers.rax: 12124160 registers.r13: 346194912	1	0	0

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (13 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory June 24, 2021, 8:51 a.m.	process_identifier: 4564 region_size: 4087808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ed0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 24, 2021, 8:51 a.m.	process_identifier: 5192 region_size: 290816 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00460000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 24, 2021, 8:51 a.m.	process_identifier: 5192 region_size: 24576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 8780 region_size: 20480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000030d0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 8780 region_size: 221184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003100000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 8780 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 4716 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 4716 region_size: 20480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000005280000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 4716 region_size: 221184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000005290000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 1848 region_size: 20480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004200000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 1848 region_size: 221184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004860000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 1848 region_size: 24576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004210000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 1848 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000042c0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1

An application raised an exception which may be indicative of an exploit crash (2 events)

Time & API	Arguments	Status	Return	Repeated
Application Crash	Process chrome.exe with pid 8780 crashed
__exception__ June 24, 2021, 8:45 a.m.	stacktrace: 0xb90004 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 exception.instruction_r: ff 15 16 1f 09 00 ff 25 00 00 00 00 aa a4 e4 76 exception.instruction: call qword ptr [rip + 0x91f16] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb90004 registers.r14: 406056088 registers.r15: 346059728 registers.rcx: 1420 registers.rsi: 17302540 registers.r10: 0 registers.rbx: 406055344 registers.rsp: 406055064 registers.r11: 406058960 registers.r8: 1999536524 registers.r9: 0 registers.rdx: 1432 registers.r12: 406055704 registers.rbp: 406055200 registers.rdi: 73383216 registers.rax: 12124160 registers.r13: 346194912	1	0	0

Steals private information from local Internet browsers (20 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports\9a38d9bc-d582-4012-af43-2d941ff6a654.dmp
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-spare.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60D3DBC9-224C.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\reports
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_2
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_3

Creates (office) documents on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\~543.tmp.pdf

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Roaming\chknvany\clippugc.exe
file	C:\Windows\System32\iscssync.exe

Creates a service (1 event)

Time & API	Arguments	Status	Return	Repeated
CreateServiceW June 24, 2021, 8:51 a.m.	service_start_name: start_type: 2 password: display_name: iscssync filepath: C:\Windows\System32\iscssync.exe -s service_name: iscssync filepath_r: C:\Windows\system32\iscssync.exe -s desired_access: 983551 service_handle: 0x008c7e10 error_control: 1 service_type: 16 service_manager_handle: 0x008c7e38	1	9207312	0

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (50 out of 62 events)

Time & API	Arguments	Status	Return
Process32NextW June 24, 2021, 8:51 a.m.	snapshot_handle: 0x000000ac process_name: mobsync.exe process_identifier: 7788	1	1
Process32NextW June 24, 2021, 8:51 a.m.	snapshot_handle: 0x000000ac process_name: pw.exe process_identifier: 7340	1	1
Process32NextW June 24, 2021, 8:51 a.m.	snapshot_handle: 0x000000ac process_name: taskhost.exe process_identifier: 2652	1	1
Process32NextW June 24, 2021, 8:51 a.m.	snapshot_handle: 0x000000ac process_name: cmd.exe process_identifier: 7132	1	1
Process32NextW June 24, 2021, 8:51 a.m.	snapshot_handle: 0x000000ac process_name: conhost.exe process_identifier: 7388	1	1
Process32NextW June 24, 2021, 8:51 a.m.	snapshot_handle: 0x000000ac process_name: pw.exe process_identifier: 7140	1	1
Process32NextW June 24, 2021, 8:51 a.m.	snapshot_handle: 0x000000ac process_name: مدمج الفصل الأول+الثاني+ الثالث +الرابع + المصادر+الملاحق .exe process_identifier: 4564	1	1
Process32NextW June 24, 2021, 8:51 a.m.	snapshot_handle: 0x000000ac process_name: slui.exe process_identifier: 3804	1	1
Process32NextW June 24, 2021, 8:51 a.m.	snapshot_handle: 0x000000ac process_name: clippugc.exe process_identifier: 5192	1	1
Process32NextW June 24, 2021, 8:51 a.m.	snapshot_handle: 0x000000ac process_name: iscssync.exe process_identifier: 6928	1	1
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000000fb0 process_name: chrome.exe process_identifier: 8780	1	1
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000000fb0 process_name: chrome.exe process_identifier: 4716	1	1
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: cmd.exe process_identifier: 6080	1	1
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: conhost.exe process_identifier: 1892	1	1
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: pw.exe process_identifier: 1036	1	1
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: cmd.exe process_identifier: 5860	1	1
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: conhost.exe process_identifier: 8140	1	1
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: pw.exe process_identifier: 3968	1	1
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: cmd.exe process_identifier: 6456	1	1
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: conhost.exe process_identifier: 7884	1	1
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: pw.exe process_identifier: 4900	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: chrome.exe process_identifier: 8496	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 4168	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: cmd.exe process_identifier: 7276	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: conhost.exe process_identifier: 6140	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: pw.exe process_identifier: 7808	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 448	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 1388	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 3536	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 6164	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 8908	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 6104	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002ec8 process_name: inject-x64.exe process_identifier: 4428	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002ec8 process_name: inject-x64.exe process_identifier: 2316	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002ec8 process_name: inject-x64.exe process_identifier: 7892	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002d6c process_name: cmd.exe process_identifier: 5252	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002d6c process_name: conhost.exe process_identifier: 6372	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002d6c process_name: pw.exe process_identifier: 7684	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002d2c process_name: inject-x64.exe process_identifier: 6120	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002d2c process_name: inject-x64.exe process_identifier: 7424	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002d2c process_name: inject-x64.exe process_identifier: 6340	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002d2c process_name: inject-x64.exe process_identifier: 6620	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002d2c process_name: inject-x64.exe process_identifier: 8520	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002c80 process_name: inject-x64.exe process_identifier: 4264	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002c80 process_name: inject-x64.exe process_identifier: 1180	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002c80 process_name: inject-x64.exe process_identifier: 7728	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002c80 process_name: inject-x64.exe process_identifier: 5956	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002c80 process_name: cmd.exe process_identifier: 4020	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002c80 process_name: conhost.exe process_identifier: 9196	1	1
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002c80 process_name: pw.exe process_identifier: 2744	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x003db800', u'virtual_address': u'0x00004000', u'entropy': 7.997901505850569, u'name': u'.rsrc', u'virtual_size': u'0x003db780'}

entropy

7.99790150585

description

A section with a high entropy has been found

entropy

0.998988366211

description

Overall entropy of this PE file is high

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 113 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000000fb0 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000000fb0 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000000fb0 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002408 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002408 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002408 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: pw.exe process_identifier: 1036		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: pw.exe process_identifier: 1036		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: pw.exe process_identifier: 1036		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: pw.exe process_identifier: 1036		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: pw.exe process_identifier: 3968		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002fc0 process_name: pw.exe process_identifier: 3968		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: pw.exe process_identifier: 3968		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: pw.exe process_identifier: 3968		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: pw.exe process_identifier: 4900		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000002154 process_name: pw.exe process_identifier: 4900		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000001c1c process_name: pw.exe process_identifier: 4900		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000001c1c process_name: pw.exe process_identifier: 4900		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000001c1c process_name: pw.exe process_identifier: 4900		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000001c1c process_name: pw.exe process_identifier: 4900		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000001c1c process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:44 a.m.	snapshot_handle: 0x0000000000001c1c process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002e40 process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001e9c process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002fac process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: chrome.exe process_identifier: 4716		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 448		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 1388		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 3536		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 6164		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 6164		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 8908		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 6104		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000001eac process_name: inject-x64.exe process_identifier: 6104		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002ec8 process_name: inject-x64.exe process_identifier: 4428		0	0
Process32NextW June 24, 2021, 8:45 a.m.	snapshot_handle: 0x0000000000002ec8 process_name: inject-x64.exe process_identifier: 2316		0	0

Terminates another process (2 events)

Time & API	Arguments	Status	Return	Repeated
NtTerminateProcess June 24, 2021, 8:45 a.m.	status_code: 0xc0000005 process_identifier: 8780 process_handle: 0x00000000000000bc		0	0
NtTerminateProcess June 24, 2021, 8:45 a.m.	status_code: 0xc0000005 process_identifier: 8780 process_handle: 0x00000000000000bc	1	0	0

One or more of the buffers contains an embedded PE file (4 events)

buffer	Buffer with sha1: e1df2f980db5d532aad43df961eacad78164a726
buffer	Buffer with sha1: 52631157456210a1edf4f3983c99565e76220570
buffer	Buffer with sha1: f0c9f3b3877d92f177cb353e7eb03cb9bc0b1308
buffer	Buffer with sha1: 3ff4d0b3974f02094df88bef27185a92996adcda

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

Allocates execute permission to another process indicative of possible code injection (4 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 1848 region_size: 315392 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003bd0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000064	1
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 8780 region_size: 311296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000064	1
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 4716 region_size: 311296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004730000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000064	1
NtAllocateVirtualMemory June 24, 2021, 8:45 a.m.	process_identifier: 8496 region_size: 311296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000890000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000064	1

Installs itself for autorun at Windows startup (2 events)

reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\iscstugc				reg_value	C:\Users\test22\AppData\Roaming\chknvany\clippugc.exe
service_name	iscssync				service_path	C:\Windows\System32\iscssync.exe -s

Creates an executable file in a user folder (1 event)

file	C:\Users\test22\AppData\Roaming\chknvany\clippugc.exe

Drops a binary and executes it (3 events)

file	C:\Users\test22\AppData\Roaming\chknvany\clippugc.exe
file	C:\Users\test22\AppData\Local\Temp\~543.tmp.pdf
file	C:\Users\test22\AppData\Local\Temp\~64D.tmp

Creates a thread using CreateRemoteThread in a non-child process indicative of process injection (8 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 5656 created a remote thread in non-child process 1848
Process injection	Process 6472 created a remote thread in non-child process 8780
Process injection	Process 4368 created a remote thread in non-child process 4716
Process injection	Process 3004 created a remote thread in non-child process 8496
CreateRemoteThread June 24, 2021, 8:44 a.m.	thread_identifier: 0 process_identifier: 1848 function_address: 0x0000000003bd1fa0 flags: 0 stack_size: 0 parameter: 0x0000000003bd0000 process_handle: 0x0000000000000064	1	104	0
CreateRemoteThread June 24, 2021, 8:44 a.m.	thread_identifier: 0 process_identifier: 8780 function_address: 0x0000000003001dd4 flags: 0 stack_size: 0 parameter: 0x0000000003000000 process_handle: 0x0000000000000064	1	104	0
CreateRemoteThread June 24, 2021, 8:44 a.m.	thread_identifier: 0 process_identifier: 4716 function_address: 0x0000000004731dd4 flags: 0 stack_size: 0 parameter: 0x0000000004730000 process_handle: 0x0000000000000064	1	104	0
CreateRemoteThread June 24, 2021, 8:45 a.m.	thread_identifier: 0 process_identifier: 8496 function_address: 0x0000000000891dd4 flags: 0 stack_size: 0 parameter: 0x0000000000890000 process_handle: 0x0000000000000064	1	104	0

Manipulates memory of a non-child process indicative of process injection (8 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 5656 manipulating memory of non-child process 1848
Process injection	Process 6472 manipulating memory of non-child process 8780
Process injection	Process 4368 manipulating memory of non-child process 4716
Process injection	Process 3004 manipulating memory of non-child process 8496
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 1848 region_size: 315392 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003bd0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000064	1	0	0
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 8780 region_size: 311296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003000000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000064	1	0	0
NtAllocateVirtualMemory June 24, 2021, 8:44 a.m.	process_identifier: 4716 region_size: 311296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000004730000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000064	1	0	0
NtAllocateVirtualMemory June 24, 2021, 8:45 a.m.	process_identifier: 8496 region_size: 311296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000890000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000000000000064	1	0	0

One or more non-whitelisted processes were created (2 events)

parent_process	chrome.exe				martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\test22\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xb0,0xb4,0xb8,0x84,0xbc,0x7fef2ca6e00,0x7fef2ca6e10,0x7fef2ca6e20
parent_process	chrome.exe				martian_process	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1104,14994988696023494514,8950486766080497416,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1136 /prefetch:2

Resumed a suspended thread in a remote process potentially indicative of process injection (25 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 4716 resumed a thread in remote process 8780
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0
NtResumeThread June 24, 2021, 8:45 a.m.	thread_handle: 0x0000000000000170 suspend_count: 2 process_identifier: 8780	1	0	0

File has been identified by 59 AntiVirus engines on VirusTotal as malicious (50 out of 59 events)

Bkav	W32.AIDetect.malware1
Elastic	malicious (high confidence)
MicroWorld-eScan	Win32.Doboc.Gen.2
FireEye	Generic.mg.11fdd27279a2a41a
CAT-QuickHeal	W32.Tempedreve.A5
ALYac	Win32.Doboc.Gen.2
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Virus ( 005223721 )
Alibaba	Virus:Win32/PolyRansom.da146613
K7GW	Virus ( 005223721 )
Cybereason	malicious.279a2a
Baidu	Win32.Trojan.Kryptik.ii
Cyren	W32/Ursnif.GWUR-0581
Symantec	W32.Tempedreve.A!inf
ESET-NOD32	a variant of Win32/Kryptik.CTYE
APEX	Malicious
Avast	Win32:Crypt-SWP [Trj]
ClamAV	Win.Trojan.Agent-1376290
Kaspersky	Virus.Win32.PolyRansom.l
BitDefender	Win32.Doboc.Gen.2
NANO-Antivirus	Trojan.Win32.Kryptik.dmvgtq
Paloalto	generic.ml
Rising	Trojan.Kryptik!1.A6F7 (CLASSIC)
Ad-Aware	Win32.Doboc.Gen.2
Sophos	Mal/Generic-R + W32/MPhage-A
Comodo	Worm.Win32.Tempedreve.DA@5jb9qs
DrWeb	Win32.Tempedreve.1
VIPRE	Worm.Win32.Tempedreve.a (v)
TrendMicro	PE_URSNIF.B
McAfee-GW-Edition	BehavesLike.Win32.Generic.wc
Emsisoft	Win32.Doboc.Gen.2 (B)
Ikarus	Trojan.Win32.Crypt
Jiangmin	Trojan/Generic.bggax
Avira	TR/Dropper.Gen
MAX	malware (ai score=86)
Antiy-AVL	Trojan/Generic.ASBOL.C5F5
Microsoft	Virus:Win32/Ursnif.gen!A
Gridinsoft	Trojan.Win32.Injector.ad!i
Arcabit	Win32.Doboc.Gen.2
AegisLab	Virus.Win32.PolyRansom.mE18
ZoneAlarm	Virus.Win32.PolyRansom.l
GData	Win32.Doboc.Gen.2
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.Agent.C3025472
Acronis	suspicious
McAfee	W32/PdfCrypt.b
VBA32	TrojanDropper.Daws
Malwarebytes	PolyRansom.Virus.FileInfector.DDS
TrendMicro-HouseCall	PE_URSNIF.B

مدمج الفصل الأول+الثاني+ الثالث +الرابع + المصادر+الملاحق .exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All