Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Oct. 5, 2021, 7:49 a.m.	Oct. 5, 2021, 7:52 a.m.

Size	1.1MB
Type	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
MD5	`36e4ec009dc1470d8c45ae4bb9a9f70d`
SHA256	`9ea1d4f45118799060594aed023411b2b14e42500e9aa40610f1c91caf685397`
CRC32	`93F96C15`
ssdeep	`24576:oEZ6pjqiycCc0Ic7dYnG8896mYdB3g17yp/Xx3xShc1ZcQGcoCKVXUGGotVjYmM+:RY+ICc0t7iG88Rp7AfxBShc1ZcQGZlVh`
PDB Path	c:\Collect\After-square\Human\Job_eat\Sleep-cow\Listen.pdb
Yara	PE_Header_Zero - PE File Signature Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE32 - (no description)

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\logs.php.dll,Bitpretty
2516
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\logs.php.dll,CentMeat
3068
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\logs.php.dll,Coastshore
2344
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\logs.php.dll,Everlove
2176
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\logs.php.dll,Milk
2408
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\logs.php.dll,Workquiet
3056
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\logs.php.dll,
204

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

This executable has a PDB path (1 event)

pdb_path

c:\Collect\After-square\Human\Job_eat\Sleep-cow\Listen.pdb

One or more processes crashed (6 events)

Time & API	Arguments	Status
__exception__ Oct. 5, 2021, 7:50 a.m.	stacktrace: bson_init_unfinished_data+0x158 bson_ensure_space-0x7e @ 0x74a0ea6f bson_append_binary+0x112 bson_append_oid-0x7 @ 0x74a0f4e7 log_wstring+0x282 log_explain-0x187 @ 0x749e1c19 log_api+0x457 log_new_process-0x967 @ 0x749e274b New_kernel32_SetInformationJobObject@16+0xf4 New_kernel32_SetStdHandle@8-0x15 @ 0x749fb7be logs+0x64f8 @ 0x723c64f8 logs+0x9d88 @ 0x723c9d88 logs+0x7459 @ 0x723c7459 logs+0x554e @ 0x723c554e logs+0xa200 @ 0x723ca200 logs+0xacbe @ 0x723cacbe logs+0x3e51 @ 0x723c3e51 logs+0x3de6 @ 0x723c3de6 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 logs+0x20fe @ 0x723c20fe logs+0x5ab5 @ 0x723c5ab5 0x370a18 0x29f53c exception.instruction_r: f3 a5 ff 24 95 b8 99 13 77 8a 06 88 07 8a 46 01 exception.symbol: memcpy+0x250 _ftol2-0x41 msvcrt+0x9b60 exception.instruction: movsd dword ptr es:[edi], dword ptr [esi] exception.module: msvcrt.dll exception.exception_code: 0xc0000005 exception.offset: 39776 exception.address: 0x77139b60 registers.esp: 2746964 registers.edi: 3866728 registers.eax: 2651488421 registers.ebp: 2746972 registers.edx: 0 registers.ebx: 0 registers.esi: 2651484325 registers.ecx: 1024	1
__exception__ Oct. 5, 2021, 7:50 a.m.	stacktrace: bson_init_unfinished_data+0x158 bson_ensure_space-0x7e @ 0x74a0ea6f bson_append_binary+0x112 bson_append_oid-0x7 @ 0x74a0f4e7 log_wstring+0x282 log_explain-0x187 @ 0x749e1c19 log_api+0x457 log_new_process-0x967 @ 0x749e274b New_kernel32_SetInformationJobObject@16+0xf4 New_kernel32_SetStdHandle@8-0x15 @ 0x749fb7be logs+0x64f8 @ 0x723c64f8 logs+0x9d88 @ 0x723c9d88 logs+0x7459 @ 0x723c7459 logs+0x554e @ 0x723c554e logs+0xa200 @ 0x723ca200 logs+0xacbe @ 0x723cacbe logs+0x3e51 @ 0x723c3e51 logs+0x3de6 @ 0x723c3de6 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 logs+0x20fe @ 0x723c20fe logs+0x5ab5 @ 0x723c5ab5 0x7e0a18 0x8f378 exception.instruction_r: f3 a5 ff 24 95 b8 99 13 77 8a 06 88 07 8a 46 01 exception.symbol: memcpy+0x250 _ftol2-0x41 msvcrt+0x9b60 exception.instruction: movsd dword ptr es:[edi], dword ptr [esi] exception.module: msvcrt.dll exception.exception_code: 0xc0000005 exception.offset: 39776 exception.address: 0x77139b60 registers.esp: 583824 registers.edi: 8454248 registers.eax: 2651488421 registers.ebp: 583832 registers.edx: 0 registers.ebx: 0 registers.esi: 2651484325 registers.ecx: 1024	1
__exception__ Oct. 5, 2021, 7:50 a.m.	stacktrace: bson_init_unfinished_data+0x158 bson_ensure_space-0x7e @ 0x74a0ea6f bson_append_binary+0x112 bson_append_oid-0x7 @ 0x74a0f4e7 log_wstring+0x282 log_explain-0x187 @ 0x749e1c19 log_api+0x457 log_new_process-0x967 @ 0x749e274b New_kernel32_SetInformationJobObject@16+0xf4 New_kernel32_SetStdHandle@8-0x15 @ 0x749fb7be logs+0x64f8 @ 0x723c64f8 logs+0x9d88 @ 0x723c9d88 logs+0x7459 @ 0x723c7459 logs+0x554e @ 0x723c554e logs+0xa200 @ 0x723ca200 logs+0xacbe @ 0x723cacbe logs+0x3e51 @ 0x723c3e51 logs+0x3de6 @ 0x723c3de6 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 logs+0x20fe @ 0x723c20fe logs+0x5ab5 @ 0x723c5ab5 0x7e0a18 0x1df7b4 exception.instruction_r: f3 a5 ff 24 95 b8 99 13 77 8a 06 88 07 8a 46 01 exception.symbol: memcpy+0x250 _ftol2-0x41 msvcrt+0x9b60 exception.instruction: movsd dword ptr es:[edi], dword ptr [esi] exception.module: msvcrt.dll exception.exception_code: 0xc0000005 exception.offset: 39776 exception.address: 0x77139b60 registers.esp: 1961164 registers.edi: 8454248 registers.eax: 2651488421 registers.ebp: 1961172 registers.edx: 0 registers.ebx: 0 registers.esi: 2651484325 registers.ecx: 1024	1
__exception__ Oct. 5, 2021, 7:50 a.m.	stacktrace: bson_init_unfinished_data+0x158 bson_ensure_space-0x7e @ 0x74a0ea6f bson_append_binary+0x112 bson_append_oid-0x7 @ 0x74a0f4e7 log_wstring+0x282 log_explain-0x187 @ 0x749e1c19 log_api+0x457 log_new_process-0x967 @ 0x749e274b New_kernel32_SetInformationJobObject@16+0xf4 New_kernel32_SetStdHandle@8-0x15 @ 0x749fb7be logs+0x64f8 @ 0x723c64f8 logs+0x9d88 @ 0x723c9d88 logs+0x7459 @ 0x723c7459 logs+0x554e @ 0x723c554e logs+0xa200 @ 0x723ca200 logs+0xacbe @ 0x723cacbe logs+0x3e51 @ 0x723c3e51 logs+0x3de6 @ 0x723c3de6 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 logs+0x20fe @ 0x723c20fe logs+0x5ab5 @ 0x723c5ab5 0x370a18 0x17f49c exception.instruction_r: f3 a5 ff 24 95 b8 99 13 77 8a 06 88 07 8a 46 01 exception.symbol: memcpy+0x250 _ftol2-0x41 msvcrt+0x9b60 exception.instruction: movsd dword ptr es:[edi], dword ptr [esi] exception.module: msvcrt.dll exception.exception_code: 0xc0000005 exception.offset: 39776 exception.address: 0x77139b60 registers.esp: 1567156 registers.edi: 3866728 registers.eax: 2651488421 registers.ebp: 1567164 registers.edx: 0 registers.ebx: 0 registers.esi: 2651484325 registers.ecx: 1024	1
__exception__ Oct. 5, 2021, 7:50 a.m.	stacktrace: bson_init_unfinished_data+0x158 bson_ensure_space-0x7e @ 0x74a0ea6f bson_append_binary+0x112 bson_append_oid-0x7 @ 0x74a0f4e7 log_wstring+0x282 log_explain-0x187 @ 0x749e1c19 log_api+0x457 log_new_process-0x967 @ 0x749e274b New_kernel32_SetInformationJobObject@16+0xf4 New_kernel32_SetStdHandle@8-0x15 @ 0x749fb7be logs+0x64f8 @ 0x723c64f8 logs+0x9d88 @ 0x723c9d88 logs+0x7459 @ 0x723c7459 logs+0x554e @ 0x723c554e logs+0xa200 @ 0x723ca200 logs+0xacbe @ 0x723cacbe logs+0x3e51 @ 0x723c3e51 logs+0x3de6 @ 0x723c3de6 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 logs+0x20fe @ 0x723c20fe logs+0x5ab5 @ 0x723c5ab5 0x2f0a18 0x28f680 exception.instruction_r: f3 a5 ff 24 95 b8 99 13 77 8a 06 88 07 8a 46 01 exception.symbol: memcpy+0x250 _ftol2-0x41 msvcrt+0x9b60 exception.instruction: movsd dword ptr es:[edi], dword ptr [esi] exception.module: msvcrt.dll exception.exception_code: 0xc0000005 exception.offset: 39776 exception.address: 0x77139b60 registers.esp: 2681752 registers.edi: 3276904 registers.eax: 2651488421 registers.ebp: 2681760 registers.edx: 0 registers.ebx: 0 registers.esi: 2651484325 registers.ecx: 1024	1
__exception__ Oct. 5, 2021, 7:50 a.m.	stacktrace: bson_init_unfinished_data+0x158 bson_ensure_space-0x7e @ 0x74a0ea6f bson_append_binary+0x112 bson_append_oid-0x7 @ 0x74a0f4e7 log_wstring+0x282 log_explain-0x187 @ 0x749e1c19 log_api+0x457 log_new_process-0x967 @ 0x749e274b New_kernel32_SetInformationJobObject@16+0xf4 New_kernel32_SetStdHandle@8-0x15 @ 0x749fb7be logs+0x64f8 @ 0x723c64f8 logs+0x9d88 @ 0x723c9d88 logs+0x7459 @ 0x723c7459 logs+0x554e @ 0x723c554e logs+0xa200 @ 0x723ca200 logs+0xacbe @ 0x723cacbe logs+0x3e51 @ 0x723c3e51 logs+0x3de6 @ 0x723c3de6 RtlQueryEnvironmentVariable+0x241 RtlQueryEnvironmentVariable_U-0x23 ntdll+0x39930 @ 0x77b19930 logs+0x20fe @ 0x723c20fe logs+0x5ab5 @ 0x723c5ab5 0x2f0a18 0x2af6dc exception.instruction_r: f3 a5 ff 24 95 b8 99 13 77 8a 06 88 07 8a 46 01 exception.symbol: memcpy+0x250 _ftol2-0x41 msvcrt+0x9b60 exception.instruction: movsd dword ptr es:[edi], dword ptr [esi] exception.module: msvcrt.dll exception.exception_code: 0xc0000005 exception.offset: 39776 exception.address: 0x77139b60 registers.esp: 2812916 registers.edi: 3276904 registers.eax: 2651488421 registers.ebp: 2812924 registers.edx: 0 registers.ebx: 0 registers.esi: 2651484325 registers.ecx: 1024	1

Allocates read-write-execute memory (usually to unpack itself) (30 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 5, 2021, 7:49 a.m.	process_identifier: 2516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7240b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x724e4000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2516 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00370000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2516 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00390000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2516 region_size: 401408 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 5, 2021, 7:49 a.m.	process_identifier: 3068 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7240b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 3068 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x724e4000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 3068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 3068 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 3068 region_size: 401408 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00800000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 5, 2021, 7:49 a.m.	process_identifier: 2344 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7240b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2344 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x724e4000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2344 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2344 region_size: 401408 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00800000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 5, 2021, 7:49 a.m.	process_identifier: 2176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7240b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x724e4000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2176 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00370000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2176 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00390000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2176 region_size: 401408 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 5, 2021, 7:49 a.m.	process_identifier: 2408 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7240b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2408 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x724e4000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2408 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2408 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00300000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 2408 region_size: 401408 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00310000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 3056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7240b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 3056 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x724e4000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 3056 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 3056 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00300000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Oct. 5, 2021, 7:50 a.m.	process_identifier: 3056 region_size: 401408 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00310000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

logs.php

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All