Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 4, 2021, 12:16 p.m.	Aug. 4, 2021, 12:19 p.m.

Size	3.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`106b947aa2e8101bff6e3ff0f82bfe95`
SHA256	`88689636f4b2287701b63f42c12e7e2387bf4c3ecc45eeb8a61ea707126bad9b`
CRC32	`4D594917`
ssdeep	`49152:yNUPRS5YfeBi35enfGiSpQQ17dWRsnVQLKaCTpdNu:d/+I7mwFTpf`
Yara	Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library

heliocentrically.db "C:\Users\test22\AppData\Local\Temp\heliocentrically.db"
2648
- secinit.exe "C:\Windows\System32\secinit.exe"
  2772
- secinit.exe "C:\Windows\System32\secinit.exe"
  1472
- secinit.exe "C:\Windows\System32\secinit.exe"
  2952
- secinit.exe "C:\Windows\System32\secinit.exe"
  2832
- secinit.exe "C:\Windows\System32\secinit.exe"
  2232
- secinit.exe "C:\Windows\System32\secinit.exe"
  2428
- secinit.exe "C:\Windows\System32\secinit.exe"
  2620
- secinit.exe "C:\Windows\System32\secinit.exe"
  288
- secinit.exe "C:\Windows\System32\secinit.exe"
  2276
- secinit.exe "C:\Windows\System32\secinit.exe"
  2120

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00740000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1	0	0

Yara rule detected in process memory (50 out of 90 events)

description	Escalate priviledges	rule	Escalate_priviledges
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Escalate priviledges	rule	Escalate_priviledges
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Escalate priviledges	rule	Escalate_priviledges
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Escalate priviledges	rule	Escalate_priviledges
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Escalate priviledges	rule	Escalate_priviledges
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Escalate priviledges	rule	Escalate_priviledges
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active

Allocates execute permission to another process indicative of possible code injection (10 events)

Time & API	Arguments	Return
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2772 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000078	3221225496
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 1472 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000007c	3221225496
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2952 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000084	3221225496
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2832 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000090	3221225496
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2232 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000098	3221225496
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2428 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000a0	3221225496
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2620 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000a8	3221225496
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 288 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000b0	3221225496
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2276 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000b8	3221225496
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2120 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000c0	3221225496

Resumed a suspended thread in a remote process potentially indicative of process injection (20 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2648 resumed a thread in remote process 2772
Process injection	Process 2648 resumed a thread in remote process 1472
Process injection	Process 2648 resumed a thread in remote process 2952
Process injection	Process 2648 resumed a thread in remote process 2832
Process injection	Process 2648 resumed a thread in remote process 2232
Process injection	Process 2648 resumed a thread in remote process 2428
Process injection	Process 2648 resumed a thread in remote process 2620
Process injection	Process 2648 resumed a thread in remote process 288
Process injection	Process 2648 resumed a thread in remote process 2276
Process injection	Process 2648 resumed a thread in remote process 2120
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x00000074 suspend_count: 1 process_identifier: 2772	1	0	0
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x00000080 suspend_count: 1 process_identifier: 1472	1	0	0
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x00000088 suspend_count: 1 process_identifier: 2952	1	0	0
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x00000094 suspend_count: 1 process_identifier: 2832	1	0	0
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x0000009c suspend_count: 1 process_identifier: 2232	1	0	0
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000a4 suspend_count: 1 process_identifier: 2428	1	0	0
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000ac suspend_count: 1 process_identifier: 2620	1	0	0
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000b4 suspend_count: 1 process_identifier: 288	1	0	0
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000bc suspend_count: 1 process_identifier: 2276	1	0	0
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000c4 suspend_count: 1 process_identifier: 2120	1	0	0

File has been identified by 26 AntiVirus engines on VirusTotal as malicious (26 events)

McAfee	Artemis!106B947AA2E8
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Alibaba	Trojan:Win32/DropperX.7cc1d080
Arcabit	Trojan.Zusy.D60761
Cyren	W32/Agent.DEL.gen!Eldorado
ESET-NOD32	a variant of Win32/Agent.ADBL
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
BitDefender	Gen:Variant.Zusy.395105
MicroWorld-eScan	Gen:Variant.Zusy.395105
Avast	Win32:DropperX-gen [Drp]
Ad-Aware	Gen:Variant.Zusy.395105
FireEye	Generic.mg.106b947aa2e8101b
Emsisoft	Gen:Variant.Zusy.395105 (B)
Jiangmin	Trojan.Generic.gzxaj
Webroot	W32.Trojan.Gen
MAX	malware (ai score=86)
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Zusy.395105
ALYac	Gen:Variant.Zusy.395105
TrendMicro-HouseCall	TROJ_GEN.R002H0CH321
Fortinet	W32/Agent.ADBL!tr
BitDefenderTheta	Gen:NN.ZexaF.34058.jtW@au@OqQk
AVG	Win32:DropperX-gen [Drp]

Executed a process and injected code into it, probably while unpacking (40 events)

Time & API	Arguments	Status	Return
CreateProcessInternalW Aug. 4, 2021, 12:17 p.m.	thread_identifier: 2932 thread_handle: 0x00000074 process_identifier: 2772 current_directory: C:\Windows\System32\ filepath: C:\Windows\System32\secinit.exe track: 1 command_line: filepath_r: C:\Windows\System32\secinit.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000078	1	1
NtGetContextThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x00000074	1	0
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2772 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000078		3221225496
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x00000074 suspend_count: 1 process_identifier: 2772	1	0
CreateProcessInternalW Aug. 4, 2021, 12:17 p.m.	thread_identifier: 2412 thread_handle: 0x00000080 process_identifier: 1472 current_directory: C:\Windows\System32\ filepath: C:\Windows\System32\secinit.exe track: 1 command_line: filepath_r: C:\Windows\System32\secinit.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x0000007c	1	1
NtGetContextThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x00000080	1	0
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 1472 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000007c		3221225496
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x00000080 suspend_count: 1 process_identifier: 1472	1	0
CreateProcessInternalW Aug. 4, 2021, 12:17 p.m.	thread_identifier: 2488 thread_handle: 0x00000088 process_identifier: 2952 current_directory: C:\Windows\System32\ filepath: C:\Windows\System32\secinit.exe track: 1 command_line: filepath_r: C:\Windows\System32\secinit.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000084	1	1
NtGetContextThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x00000088	1	0
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2952 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000084		3221225496
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x00000088 suspend_count: 1 process_identifier: 2952	1	0
CreateProcessInternalW Aug. 4, 2021, 12:17 p.m.	thread_identifier: 3032 thread_handle: 0x00000094 process_identifier: 2832 current_directory: C:\Windows\System32\ filepath: C:\Windows\System32\secinit.exe track: 1 command_line: filepath_r: C:\Windows\System32\secinit.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000090	1	1
NtGetContextThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x00000094	1	0
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2832 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000090		3221225496
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x00000094 suspend_count: 1 process_identifier: 2832	1	0
CreateProcessInternalW Aug. 4, 2021, 12:17 p.m.	thread_identifier: 732 thread_handle: 0x0000009c process_identifier: 2232 current_directory: C:\Windows\System32\ filepath: C:\Windows\System32\secinit.exe track: 1 command_line: filepath_r: C:\Windows\System32\secinit.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000098	1	1
NtGetContextThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x0000009c	1	0
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2232 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000098		3221225496
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x0000009c suspend_count: 1 process_identifier: 2232	1	0
CreateProcessInternalW Aug. 4, 2021, 12:17 p.m.	thread_identifier: 2240 thread_handle: 0x000000a4 process_identifier: 2428 current_directory: C:\Windows\System32\ filepath: C:\Windows\System32\secinit.exe track: 1 command_line: filepath_r: C:\Windows\System32\secinit.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000000a0	1	1
NtGetContextThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000a4	1	0
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2428 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000a0		3221225496
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000a4 suspend_count: 1 process_identifier: 2428	1	0
CreateProcessInternalW Aug. 4, 2021, 12:17 p.m.	thread_identifier: 1572 thread_handle: 0x000000ac process_identifier: 2620 current_directory: C:\Windows\System32\ filepath: C:\Windows\System32\secinit.exe track: 1 command_line: filepath_r: C:\Windows\System32\secinit.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000000a8	1	1
NtGetContextThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000ac	1	0
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2620 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000a8		3221225496
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000ac suspend_count: 1 process_identifier: 2620	1	0
CreateProcessInternalW Aug. 4, 2021, 12:17 p.m.	thread_identifier: 1332 thread_handle: 0x000000b4 process_identifier: 288 current_directory: C:\Windows\System32\ filepath: C:\Windows\System32\secinit.exe track: 1 command_line: filepath_r: C:\Windows\System32\secinit.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000000b0	1	1
NtGetContextThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000b4	1	0
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 288 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000b0		3221225496
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000b4 suspend_count: 1 process_identifier: 288	1	0
CreateProcessInternalW Aug. 4, 2021, 12:17 p.m.	thread_identifier: 1932 thread_handle: 0x000000bc process_identifier: 2276 current_directory: C:\Windows\System32\ filepath: C:\Windows\System32\secinit.exe track: 1 command_line: filepath_r: C:\Windows\System32\secinit.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000000b8	1	1
NtGetContextThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000bc	1	0
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2276 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000b8		3221225496
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000bc suspend_count: 1 process_identifier: 2276	1	0
CreateProcessInternalW Aug. 4, 2021, 12:17 p.m.	thread_identifier: 2292 thread_handle: 0x000000c4 process_identifier: 2120 current_directory: C:\Windows\System32\ filepath: C:\Windows\System32\secinit.exe track: 1 command_line: filepath_r: C:\Windows\System32\secinit.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000000c0	1	1
NtGetContextThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000c4	1	0
NtAllocateVirtualMemory Aug. 4, 2021, 12:17 p.m.	process_identifier: 2120 region_size: 1261568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000c0		3221225496
NtResumeThread Aug. 4, 2021, 12:17 p.m.	thread_handle: 0x000000c4 suspend_count: 1 process_identifier: 2120	1	0

heliocentrically.db

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All