Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 4, 2021, 2:43 p.m.	Nov. 4, 2021, 3:05 p.m.

Size	172.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`4ea672ca05b3c1e7d131ecc108c7e7f1`
SHA256	`95972f593721107647a703bdd022f36f88737204c2ad575a77c25acfc2f21d4f`
CRC32	`1EFE8A89`
ssdeep	`3072:LSftzo1YmKFiiIKhb6xKcB3bV3g2Zh+15/yyvcOGkXOxTxoAHL+laxn1955Nh8uq:8H4qMxKeV3PANyyvcOGkXYTxjil61b55`
Yara	PE_Header_Zero - PE File Signature OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

ww_testFS_0211_single.exe "C:\Users\test22\AppData\Local\Temp\ww_testFS_0211_single.exe"
2852
- nxQCIhI4Dhafu5y_bXtCL9Sz.exe "C:\Users\test22\Pictures\Adobe Films\nxQCIhI4Dhafu5y_bXtCL9Sz.exe"
  3048
- wXo13KCC1EmxZHGWUSYaUWxD.exe "C:\Users\test22\Pictures\Adobe Films\wXo13KCC1EmxZHGWUSYaUWxD.exe"
  2124
  - 8d9CQVkfuQeq1RjjUnhIl2th.exe "C:\Users\test22\Documents\8d9CQVkfuQeq1RjjUnhIl2th.exe"
    2420
    - MfNhCRsUh288sKW9unWxa_70.exe "C:\Users\test22\Pictures\Adobe Films\MfNhCRsUh288sKW9unWxa_70.exe"
      2844
    - Ey7yeaTjPhFHxfTIFZXDyrpN.exe "C:\Users\test22\Pictures\Adobe Films\Ey7yeaTjPhFHxfTIFZXDyrpN.exe"
      232
    - qMxT5WqFL1ddzvSoaRM6_dFa.exe "C:\Users\test22\Pictures\Adobe Films\qMxT5WqFL1ddzvSoaRM6_dFa.exe"
      204
      - qMxT5WqFL1ddzvSoaRM6_dFa.exe "C:\Users\test22\Pictures\Adobe Films\qMxT5WqFL1ddzvSoaRM6_dFa.exe" -u
        1568
    - M1S5AdHr86vseIxNKHqYfk1x.exe "C:\Users\test22\Pictures\Adobe Films\M1S5AdHr86vseIxNKHqYfk1x.exe"
      2212
    - bG9VYR76UmYHyhaZee2s3HuD.exe "C:\Users\test22\Pictures\Adobe Films\bG9VYR76UmYHyhaZee2s3HuD.exe"
      296
    - 8d7XnZcXMZmRinL1VgzrSaD0.exe "C:\Users\test22\Pictures\Adobe Films\8d7XnZcXMZmRinL1VgzrSaD0.exe"
      1580
      - 8d7XnZcXMZmRinL1VgzrSaD0.tmp "C:\Users\test22\AppData\Local\Temp\is-62BRB.tmp\8d7XnZcXMZmRinL1VgzrSaD0.tmp" /SL5="$100140,506127,422400,C:\Users\test22\Pictures\Adobe Films\8d7XnZcXMZmRinL1VgzrSaD0.exe"
        1964
  - schtasks.exe schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST
    2440
  - schtasks.exe schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST
    2472
- AmDTuf414mdG4AO64_u9aMc3.exe "C:\Users\test22\Pictures\Adobe Films\AmDTuf414mdG4AO64_u9aMc3.exe"
  2120

Name	Response	Post-Analysis Lookup
ip-api.com	A 208.95.112.1	208.95.112.1
telegram.org	A 149.154.167.99	149.154.167.99
dataonestorage.com	A 45.142.182.152	45.142.182.152
yandex.ru	A 5.255.255.5 A 77.88.55.55 A 5.255.255.70 A 77.88.55.70	5.255.255.70
f.gogamef.com	A 172.67.136.94 A 104.21.72.228	104.21.72.228
twitter.com	A 104.244.42.193	104.244.42.65
www.hzradiant.com	A 194.163.158.120	194.163.158.120
ipinfo.io	A 34.117.59.81	34.117.59.81
eguntong.com	A 5.8.76.205	5.8.76.205
apps.identrust.com	CNAME identrust.edgesuite.net CNAME a1952.dscq.akamai.net A 119.207.65.81 A 119.207.65.74 A 23.216.159.9 A 23.216.159.81	23.216.159.81
t.gogamec.com	A 172.67.204.112 A 104.21.85.99	104.21.85.99
iplis.ru	A 88.99.66.31	88.99.66.31
staticimg.youtuuee.com	A 45.136.151.102	45.136.151.102
el5en1977834657.s3.ap-south-1.amazonaws.com	CNAME s3-r-w.ap-south-1.amazonaws.com A 52.219.156.6	52.219.158.50
imgs.googlwaa.com	A 45.136.113.13	45.136.113.13
d.gogamed.com	A 104.21.59.236 A 172.67.185.110	104.21.59.236
cdn.discordapp.com	A 162.159.135.233 A 162.159.134.233 A 162.159.129.233 A 162.159.130.233 A 162.159.133.233	162.159.130.233

IP Address	Status	Action
104.21.59.236	Active	Moloch
104.244.42.193	Active	Moloch
119.207.65.81	Active	Moloch
149.154.167.99	Active	Moloch
162.159.134.233	Active	Moloch
164.124.101.2	Active	Moloch
172.67.136.94	Active	Moloch
172.67.204.112	Active	Moloch
194.163.158.120	Active	Moloch
208.95.112.1	Active	Moloch
212.192.241.62	Active	Moloch
23.216.159.81	Active	Moloch
34.117.59.81	Active	Moloch
45.133.1.107	Active	Moloch
45.133.1.182	Active	Moloch
45.136.113.13	Active	Moloch
45.136.151.102	Active	Moloch
45.142.182.152	Active	Moloch
5.255.255.70	Active	Moloch
5.8.76.205	Active	Moloch
52.219.156.6	Active	Moloch
88.99.66.31	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49164 -> 162.159.134.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49166 -> 162.159.134.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49165 -> 162.159.134.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49165 -> 162.159.134.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49164 -> 162.159.134.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49168 -> 162.159.134.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49170 -> 34.117.59.81:443	2025331	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49170 -> 34.117.59.81:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 34.117.59.81:443 -> 192.168.56.101:49170	2025330	ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49162 -> 212.192.241.62:80	2034192	ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 212.192.241.62:80	2034192	ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin	A Network Trojan was detected
TCP 192.168.56.101:49177 -> 162.159.134.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49177 -> 162.159.134.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 45.133.1.107:80 -> 192.168.56.101:49171	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 45.133.1.107:80 -> 192.168.56.101:49171	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49178 -> 162.159.134.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 162.159.134.233:80 -> 192.168.56.101:49178	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49179 -> 162.159.134.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 149.154.167.99:443 -> 192.168.56.101:49188	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49183 -> 162.159.134.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49184 -> 162.159.134.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49180 -> 162.159.134.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49186 -> 149.154.167.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49189 -> 104.244.42.193:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49176 -> 162.159.134.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49176 -> 162.159.134.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49175 -> 162.159.134.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 162.159.134.233:80 -> 192.168.56.101:49175	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49191 -> 5.255.255.70:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49174 -> 212.192.241.62:80	2034192	ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin	A Network Trojan was detected
TCP 192.168.56.101:49197 -> 212.192.241.62:80	2034192	ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin	A Network Trojan was detected
TCP 192.168.56.101:49198 -> 88.99.66.31:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49195 -> 34.117.59.81:443	2025331	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49195 -> 34.117.59.81:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 34.117.59.81:443 -> 192.168.56.101:49195	2025330	ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49201 -> 162.159.134.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49201 -> 162.159.134.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49202 -> 162.159.134.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 162.159.134.233:80 -> 192.168.56.101:49202	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49203 -> 162.159.134.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49194 -> 212.192.241.62:80	2034202	ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin M2	A Network Trojan was detected
TCP 162.159.134.233:80 -> 192.168.56.101:49213	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49211 -> 162.159.134.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 162.159.134.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49212 -> 162.159.134.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 162.159.134.233:80 -> 192.168.56.101:49211	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49215 -> 162.159.134.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 162.159.134.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49200 -> 88.99.66.31:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49216 -> 34.117.59.81:443	2025331	ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49216 -> 34.117.59.81:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 34.117.59.81:443 -> 192.168.56.101:49216	2025330	ET POLICY Possible External IP Lookup SSL Cert Observed (ipinfo.io)	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49222 -> 162.159.134.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49210 -> 212.192.241.62:80	2034192	ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin	A Network Trojan was detected
TCP 192.168.56.101:49210 -> 212.192.241.62:80	2034192	ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin	A Network Trojan was detected
TCP 45.133.1.107:80 -> 192.168.56.101:49217	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 45.133.1.107:80 -> 192.168.56.101:49217	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 192.168.56.101:49220 -> 162.159.134.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49220 -> 162.159.134.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49235 -> 104.21.59.236:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49236 -> 45.142.182.152:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49221 -> 162.159.134.233:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49221 -> 162.159.134.233:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49219 -> 212.192.241.62:80	2034192	ET MALWARE Win32/Unk.HRESQ! MultiDownloader Checkin	A Network Trojan was detected
TCP 192.168.56.101:49230 -> 104.21.59.236:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49230 -> 104.21.59.236:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49240 -> 45.142.182.152:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49244 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 5.8.76.205:80 -> 192.168.56.101:49238	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 192.168.56.101:49224 -> 162.159.134.233:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49232 -> 104.21.59.236:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49232 -> 104.21.59.236:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49233 -> 104.21.59.236:80	2260000	SURICATA Applayer Mismatch protocol both directions	Generic Protocol Command Decode
TCP 192.168.56.101:49237 -> 172.67.136.94:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 45.136.113.13:80 -> 192.168.56.101:49225	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 45.142.182.152:443 -> 192.168.56.101:49243	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49250 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49251 -> 208.95.112.1:80	2022082	ET POLICY External IP Lookup ip-api.com	Device Retrieving External IP Address Detected
TCP 192.168.56.101:49255 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49261 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49257 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49252 -> 45.142.182.152:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 45.142.182.152:443 -> 192.168.56.101:49254	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49262 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49258 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49266 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49264 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49259 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49268 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49263 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49270 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49275 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49271 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49281 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49285 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49277 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49284 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49267 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49278 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49287 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49272 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49280 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49282 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49296 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49291 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49294 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49297 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49289 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49299 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49292 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49303 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49301 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49307 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49306 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49308 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49313 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49309 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49314 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49319 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49310 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49320 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49274 -> 52.219.156.6:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49321 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49298 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49300 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49304 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49312 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49318 -> 52.219.156.6:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49260 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49227 -> 52.219.156.6:80	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49286 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49290 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49248 -> 45.142.182.152:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49265 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49269 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49273 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49305 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49276 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49279 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49283 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49288 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49293 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49302 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49311 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49315 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49316 -> 172.67.204.112:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49168 162.159.134.233:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da
TLSv1 192.168.56.101:49170 34.117.59.81:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1D4	CN=ipinfo.io	f0:42:a0:3b:5b:a8:0e:51:f4:13:25:f7:fc:7c:dc:35:63:19:75:63
TLSv1 192.168.56.101:49183 162.159.134.233:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da
TLSv1 192.168.56.101:49184 162.159.134.233:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da
TLSv1 192.168.56.101:49191 5.255.255.70:443	C=RU, O=Yandex LLC, OU=Yandex Certification Authority, CN=Yandex CA	C=RU, L=Moscow, OU=ITO, O=Yandex LLC, CN=*.yandex.az	2b:13:52:0c:b0:c6:8c:c9:e3:05:6e:11:91:74:4d:65:ce:3a:64:29
TLSv1 192.168.56.101:49198 88.99.66.31:443	C=US, O=Let's Encrypt, CN=R3	CN=iplogger.com	92:14:16:9c:56:a1:f2:6a:b9:1d:e1:8d:4c:5f:a4:57:a7:9c:a0:6b
TLSv1 192.168.56.101:49195 34.117.59.81:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1D4	CN=ipinfo.io	f0:42:a0:3b:5b:a8:0e:51:f4:13:25:f7:fc:7c:dc:35:63:19:75:63
TLSv1 192.168.56.101:49215 162.159.134.233:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da
TLSv1 192.168.56.101:49205 162.159.134.233:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da
TLSv1 192.168.56.101:49200 88.99.66.31:443	C=US, O=Let's Encrypt, CN=R3	CN=iplogger.com	92:14:16:9c:56:a1:f2:6a:b9:1d:e1:8d:4c:5f:a4:57:a7:9c:a0:6b
TLSv1 192.168.56.101:49216 34.117.59.81:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1D4	CN=ipinfo.io	f0:42:a0:3b:5b:a8:0e:51:f4:13:25:f7:fc:7c:dc:35:63:19:75:63
TLSv1 192.168.56.101:49235 104.21.59.236:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	b0:c4:b1:fe:56:fd:ec:99:f4:dc:0f:3f:36:63:53:f7:6c:3a:26:7b
TLSv1 192.168.56.101:49244 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49224 162.159.134.233:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	a6:26:df:21:b9:4f:a7:fb:ae:8d:87:ce:fb:7d:2b:c6:50:8b:ff:da
TLSv1 192.168.56.101:49237 172.67.136.94:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamef.com	5c:36:e8:6e:6d:65:76:95:76:a5:7d:b3:47:fe:54:fe:f3:71:15:1b
TLSv1 192.168.56.101:49250 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49255 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49261 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49257 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49262 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49258 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49266 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49264 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49259 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49268 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49263 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49270 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49275 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49271 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49281 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49285 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49277 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49284 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49267 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49278 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49287 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49272 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49280 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49282 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49296 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49291 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49294 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49297 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49289 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49299 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49292 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49303 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49301 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49307 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49306 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49308 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49313 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49309 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49314 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49319 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49310 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49320 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49321 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49298 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49300 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49304 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49312 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49318 52.219.156.6:443	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	CN=*.s3.ap-south-1.amazonaws.com	c6:36:df:af:09:de:c1:11:cd:93:7d:ef:05:10:32:ae:12:cd:7d:b8
TLSv1 192.168.56.101:49260 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49286 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49290 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49265 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49269 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49273 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49305 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49276 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49279 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49283 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49288 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49293 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49302 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49311 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49315 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1
TLSv1 192.168.56.101:49316 172.67.204.112:443	C=US, O=Let's Encrypt, CN=R3	CN=*.gogamec.com	ee:4c:93:4c:ed:a7:33:d6:e8:4b:a4:7f:af:73:91:a4:cf:9b:23:b1

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Nov. 4, 2021, 3:03 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Nov. 4, 2021, 3:03 p.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 4, 2021, 3:05 p.m.			0	0

Command line console output was observed (2 events)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Nov. 4, 2021, 3:03 p.m.	buffer: SUCCESS: The scheduled task "PowerControl HR" has successfully been created. console_handle: 0x00000007	1	1	0
WriteConsoleW Nov. 4, 2021, 3:03 p.m.	buffer: SUCCESS: The scheduled task "PowerControl LG" has successfully been created. console_handle: 0x00000007	1	1	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 4, 2021, 2:43 p.m.		1	1	0

One or more processes crashed (14 events)

Time & API	Arguments	Status
__exception__ Nov. 4, 2021, 2:43 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ae4f99 0x3b5c6ed 0x3b5c79a 0x3b5c808 0x3ad0a09 0x3ad1cba 0x3ad1290 0x3ad15cd 0x3ae8939 0x3b1d9d7 0x3b1ddeb 0x3b7f571 0x3b7f654 ww_testfs_0211_single+0x3eb9 @ 0xab3eb9 ww_testfs_0211_single+0x8ea1 @ 0xab8ea1 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ae34b2 registers.esp: 35513924 registers.edi: 0 registers.eax: 0 registers.ebp: 35513964 registers.edx: 32 registers.ebx: 35514268 registers.esi: 0 registers.ecx: 7070040	1
__exception__ Nov. 4, 2021, 2:43 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ae4f99 0x3b5c6ed 0x3b5c79a 0x3b5c808 0x3ad0a09 0x3ad1cba 0x3ad129e 0x3ad15cd 0x3ae8939 0x3b1d9d7 0x3b1ddeb 0x3b7f571 0x3b7f654 ww_testfs_0211_single+0x3eb9 @ 0xab3eb9 ww_testfs_0211_single+0x8ea1 @ 0xab8ea1 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ae34b2 registers.esp: 35513924 registers.edi: 0 registers.eax: 0 registers.ebp: 35513964 registers.edx: 32 registers.ebx: 35514268 registers.esi: 0 registers.ecx: 7070040	1
__exception__ Nov. 4, 2021, 2:43 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ae4f99 0x3b5c6ed 0x3b5c79a 0x3b5c808 0x3ad0a09 0x3ad1cba 0x3ad1290 0x3ad15cd 0x3ae8939 0x3ae9831 0x3b16065 0x3b16d41 0x3b1dbbe 0x3b1ddeb 0x3b7f571 0x3b7f654 ww_testfs_0211_single+0x3eb9 @ 0xab3eb9 ww_testfs_0211_single+0x8ea1 @ 0xab8ea1 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ae34b2 registers.esp: 35507956 registers.edi: 0 registers.eax: 0 registers.ebp: 35507996 registers.edx: 32 registers.ebx: 35508300 registers.esi: 0 registers.ecx: 7070720	1
__exception__ Nov. 4, 2021, 2:43 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ae4f99 0x3b5c6ed 0x3b5c79a 0x3b5c808 0x3ad0a09 0x3ad1cba 0x3ad129e 0x3ad15cd 0x3ae8939 0x3ae9831 0x3b16065 0x3b16d41 0x3b1dbbe 0x3b1ddeb 0x3b7f571 0x3b7f654 ww_testfs_0211_single+0x3eb9 @ 0xab3eb9 ww_testfs_0211_single+0x8ea1 @ 0xab8ea1 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ae34b2 registers.esp: 35507956 registers.edi: 0 registers.eax: 0 registers.ebp: 35507996 registers.edx: 32 registers.ebx: 35508300 registers.esi: 0 registers.ecx: 7070720	1
__exception__ Nov. 4, 2021, 2:43 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ae4f99 0x3b5c6ed 0x3b5c79a 0x3b5c808 0x3ad0a09 0x3ad1cba 0x3ad1290 0x3ad15cd 0x3ae8939 0x3ae9095 0x3b16eb3 0x3b1dbbe 0x3b1ddeb 0x3b7f571 0x3b7f654 ww_testfs_0211_single+0x3eb9 @ 0xab3eb9 ww_testfs_0211_single+0x8ea1 @ 0xab8ea1 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ae34b2 registers.esp: 35508372 registers.edi: 0 registers.eax: 0 registers.ebp: 35508412 registers.edx: 32 registers.ebx: 35508716 registers.esi: 0 registers.ecx: 6483496	1
__exception__ Nov. 4, 2021, 2:43 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ae4f99 0x3b5c6ed 0x3b5c79a 0x3b5c808 0x3ad0a09 0x3ad1cba 0x3ad129e 0x3ad15cd 0x3ae8939 0x3ae9095 0x3b16eb3 0x3b1dbbe 0x3b1ddeb 0x3b7f571 0x3b7f654 ww_testfs_0211_single+0x3eb9 @ 0xab3eb9 ww_testfs_0211_single+0x8ea1 @ 0xab8ea1 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ae34b2 registers.esp: 35508372 registers.edi: 0 registers.eax: 0 registers.ebp: 35508412 registers.edx: 32 registers.ebx: 35508716 registers.esi: 0 registers.ecx: 6483496	1
__exception__ Nov. 4, 2021, 2:44 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ae4f99 0x3b5c6ed 0x3b5c79a 0x3b5c808 0x3ad0a09 0x3ad1cba 0x3ad1290 0x3ad15cd 0x3ae8939 0x3b119c1 0x3b1b898 0x3b1dbbe 0x3b1ddeb 0x3b7f571 0x3b7f654 ww_testfs_0211_single+0x3eb9 @ 0xab3eb9 ww_testfs_0211_single+0x8ea1 @ 0xab8ea1 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ae34b2 registers.esp: 35503428 registers.edi: 0 registers.eax: 0 registers.ebp: 35503468 registers.edx: 32 registers.ebx: 35503772 registers.esi: 0 registers.ecx: 7007560	1
__exception__ Nov. 4, 2021, 2:44 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ae4f99 0x3b5c6ed 0x3b5c79a 0x3b5c808 0x3ad0a09 0x3ad1cba 0x3ad129e 0x3ad15cd 0x3ae8939 0x3b119c1 0x3b1b898 0x3b1dbbe 0x3b1ddeb 0x3b7f571 0x3b7f654 ww_testfs_0211_single+0x3eb9 @ 0xab3eb9 ww_testfs_0211_single+0x8ea1 @ 0xab8ea1 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ae34b2 registers.esp: 35503428 registers.edi: 0 registers.eax: 0 registers.ebp: 35503468 registers.edx: 32 registers.ebx: 35503772 registers.esi: 0 registers.ecx: 7007560	1
__exception__ Nov. 4, 2021, 3:03 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ad4f99 0x3b0c6ed 0x3b0c79a 0x3b0c808 0x3a80a09 0x3a81cba 0x3a81290 0x3a815cd 0x3a98939 0x3acd9d7 0x3acddeb 0x3b2f571 0x3b2f654 8d9cqvkfuqeq1rjjunhil2th+0x2424 @ 0x62424 8d9cqvkfuqeq1rjjunhil2th+0x4658 @ 0x64658 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ad34b2 registers.esp: 34400820 registers.edi: 0 registers.eax: 0 registers.ebp: 34400860 registers.edx: 32 registers.ebx: 34401164 registers.esi: 0 registers.ecx: 6837752	1
__exception__ Nov. 4, 2021, 3:03 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ad4f99 0x3b0c6ed 0x3b0c79a 0x3b0c808 0x3a80a09 0x3a81cba 0x3a8129e 0x3a815cd 0x3a98939 0x3acd9d7 0x3acddeb 0x3b2f571 0x3b2f654 8d9cqvkfuqeq1rjjunhil2th+0x2424 @ 0x62424 8d9cqvkfuqeq1rjjunhil2th+0x4658 @ 0x64658 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ad34b2 registers.esp: 34400820 registers.edi: 0 registers.eax: 0 registers.ebp: 34400860 registers.edx: 32 registers.ebx: 34401164 registers.esi: 0 registers.ecx: 6837752	1
__exception__ Nov. 4, 2021, 3:03 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ad4f99 0x3b0c6ed 0x3b0c79a 0x3b0c808 0x3a80a09 0x3a81cba 0x3a81290 0x3a815cd 0x3a98939 0x3a99831 0x3ac6065 0x3ac6d41 0x3acdbbe 0x3acddeb 0x3b2f571 0x3b2f654 8d9cqvkfuqeq1rjjunhil2th+0x2424 @ 0x62424 8d9cqvkfuqeq1rjjunhil2th+0x4658 @ 0x64658 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ad34b2 registers.esp: 34394852 registers.edi: 0 registers.eax: 0 registers.ebp: 34394892 registers.edx: 32 registers.ebx: 34395196 registers.esi: 0 registers.ecx: 6838392	1
__exception__ Nov. 4, 2021, 3:03 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ad4f99 0x3b0c6ed 0x3b0c79a 0x3b0c808 0x3a80a09 0x3a81cba 0x3a8129e 0x3a815cd 0x3a98939 0x3a99831 0x3ac6065 0x3ac6d41 0x3acdbbe 0x3acddeb 0x3b2f571 0x3b2f654 8d9cqvkfuqeq1rjjunhil2th+0x2424 @ 0x62424 8d9cqvkfuqeq1rjjunhil2th+0x4658 @ 0x64658 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ad34b2 registers.esp: 34394852 registers.edi: 0 registers.eax: 0 registers.ebp: 34394892 registers.edx: 32 registers.ebx: 34395196 registers.esi: 0 registers.ecx: 6838392	1
__exception__ Nov. 4, 2021, 3:03 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ad4f99 0x3b0c6ed 0x3b0c79a 0x3b0c808 0x3a80a09 0x3a81cba 0x3a81290 0x3a815cd 0x3a98939 0x3a99095 0x3ac6eb3 0x3acdbbe 0x3acddeb 0x3b2f571 0x3b2f654 8d9cqvkfuqeq1rjjunhil2th+0x2424 @ 0x62424 8d9cqvkfuqeq1rjjunhil2th+0x4658 @ 0x64658 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ad34b2 registers.esp: 34395268 registers.edi: 0 registers.eax: 0 registers.ebp: 34395308 registers.edx: 32 registers.ebx: 34395612 registers.esi: 0 registers.ecx: 6221280	1
__exception__ Nov. 4, 2021, 3:03 p.m.	stacktrace: CryptGenRandom+0x26 CryptGetUserKey-0x6a cryptsp+0x4f99 @ 0x73ad4f99 0x3b0c6ed 0x3b0c79a 0x3b0c808 0x3a80a09 0x3a81cba 0x3a8129e 0x3a815cd 0x3a98939 0x3a99095 0x3ac6eb3 0x3acdbbe 0x3acddeb 0x3b2f571 0x3b2f654 8d9cqvkfuqeq1rjjunhil2th+0x2424 @ 0x62424 8d9cqvkfuqeq1rjjunhil2th+0x4658 @ 0x64658 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 81 78 74 11 11 11 11 75 2d 83 c0 78 50 ff 15 44 exception.instruction: cmp dword ptr [eax + 0x74], 0x11111111 exception.exception_code: 0xc0000005 exception.symbol: CryptEnumProvidersA+0x1dc CheckSignatureInFile-0x9f6 cryptsp+0x34b2 exception.address: 0x73ad34b2 registers.esp: 34395268 registers.edi: 0 registers.eax: 0 registers.ebp: 34395308 registers.edx: 32 registers.ebx: 34395612 registers.esi: 0 registers.ecx: 6221280	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (8 events)

suspicious_features	Connection to IP address	suspicious_request	GET http://45.133.1.107/server.txt
suspicious_features	Connection to IP address	suspicious_request	GET http://212.192.241.62/base/api/statistics.php
suspicious_features	POST method with no referer header, Connection to IP address	suspicious_request	POST http://212.192.241.62/base/api/getData.php
suspicious_features	Connection to IP address	suspicious_request	HEAD http://45.133.1.107/download/NiceProcessX64.bmp
suspicious_features	Connection to IP address	suspicious_request	GET http://45.133.1.107/download/NiceProcessX64.bmp
suspicious_features	Connection to IP address	suspicious_request	GET http://45.133.1.182/proxies.txt
suspicious_features	POST method with no referer header, Connection to IP address	suspicious_request	POST http://212.192.241.62/service/communication.php
suspicious_features	POST method with no referer header	suspicious_request	POST http://staticimg.youtuuee.com/api/?sid=2098765&key=a7620f1fdb5530186e00465d6d97c1bb

Performs some HTTP requests (31 events)

request	GET http://45.133.1.107/server.txt
request	GET http://212.192.241.62/base/api/statistics.php
request	POST http://212.192.241.62/base/api/getData.php
request	HEAD http://45.133.1.107/download/NiceProcessX64.bmp
request	GET http://45.133.1.107/download/NiceProcessX64.bmp
request	GET http://45.133.1.182/proxies.txt
request	POST http://212.192.241.62/service/communication.php
request	GET http://apps.identrust.com/roots/dstrootcax3.p7c
request	HEAD http://imgs.googlwaa.com/lqosko/p18j/cust9.exe
request	HEAD http://dataonestorage.com/search_hyperfs_209.exe
request	HEAD http://www.hzradiant.com/askhelp42/askinstall42.exe
request	HEAD http://eguntong.com/pub33.exe
request	GET http://imgs.googlwaa.com/lqosko/p18j/cust9.exe
request	HEAD http://www.hzradiant.com/askinstall42.exe
request	GET http://eguntong.com/pub33.exe
request	GET http://www.hzradiant.com/askhelp42/askinstall42.exe
request	GET http://www.hzradiant.com/askinstall42.exe
request	GET http://dataonestorage.com/search_hyperfs_209.exe
request	GET http://ip-api.com/json/
request	GET http://staticimg.youtuuee.com/api/fbtime
request	POST http://staticimg.youtuuee.com/api/?sid=2098765&key=a7620f1fdb5530186e00465d6d97c1bb
request	GET https://cdn.discordapp.com/attachments/891021838312931420/902505896159113296/PL_Client.bmp
request	GET https://ipinfo.io/widget
request	GET https://cdn.discordapp.com/attachments/896617596772839426/897483264074350653/Service.bmp
request	GET https://cdn.discordapp.com/attachments/891006172130345095/905376099935080508/realV2_0301.bmp
request	GET https://yandex.ru/
request	GET https://cdn.discordapp.com/attachments/896617596772839426/899593707228135434/Cube_WW14.bmp
request	GET https://cdn.discordapp.com/attachments/891006172130345095/905393686618193921/help0301.bmp
request	GET https://d.gogamed.com/userhome/22/any.exe
request	GET https://f.gogamef.com/userhome/22/23ce6573d0b61d1c6b7a3a8c1cdf07b2.exe
request	GET https://el5en1977834657.s3.ap-south-1.amazonaws.com/kak.exe

Sends data using the HTTP POST Method (3 events)

request	POST http://212.192.241.62/base/api/getData.php
request	POST http://212.192.241.62/service/communication.php
request	POST http://staticimg.youtuuee.com/api/?sid=2098765&key=a7620f1fdb5530186e00465d6d97c1bb

Allocates read-write-execute memory (usually to unpack itself) (14 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Nov. 4, 2021, 2:43 p.m.	process_identifier: 2852 region_size: 1351680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03ac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 4, 2021, 2:44 p.m.	process_identifier: 2120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 507904 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0031e000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2021, 2:44 p.m.	process_identifier: 2120 region_size: 876544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02200000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2021, 3:03 p.m.	process_identifier: 2420 region_size: 1351680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03a70000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 4, 2021, 3:03 p.m.	process_identifier: 232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 159744 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009ce000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2021, 3:03 p.m.	process_identifier: 232 region_size: 278528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2021, 3:04 p.m.	process_identifier: 2212 region_size: 32768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2021, 3:04 p.m.	process_identifier: 2212 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 4, 2021, 3:05 p.m.	process_identifier: 1580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 4, 2021, 3:05 p.m.	process_identifier: 1580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 40960 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 4, 2021, 3:05 p.m.	process_identifier: 1580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 385024 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 4, 2021, 3:05 p.m.	process_identifier: 1580 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73362000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 4, 2021, 3:05 p.m.	process_identifier: 1964 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 4, 2021, 3:05 p.m.	process_identifier: 1964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73362000 process_handle: 0xffffffff	1

A process attempted to delay the analysis task. (1 event)

description

8d9CQVkfuQeq1RjjUnhIl2th.exe tried to sleep 178 seconds, actually delayed analysis time by 178 seconds

Steals private information from local Internet browsers (50 out of 109 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 36\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 65\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 62\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 3\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 24\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 75\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 98\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 28\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 93\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 92\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 97\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 47\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 74\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 21\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 83\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 17\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 69\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 50\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 57\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 63\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 66\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 34\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 80\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 84\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 77\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 64\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 8\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 31\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 4\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 35\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 6\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 72\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 13\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 53\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 23\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 25\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 61\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 82\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 7\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 12\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 95\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 22\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 70\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 73\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 18\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 55\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 49\Cookies

Foreign language identified in PE resource (4 events)

name

RT_ICON

language

LANG_NEUTRAL

filetype

data

sublanguage

SUBLANG_ARABIC_OMAN

offset

0x0002f550

size

0x000002e8

name

RT_ICON

language

LANG_NEUTRAL

filetype

data

sublanguage

SUBLANG_ARABIC_OMAN

offset

0x0002f550

size

0x000002e8

name

RT_GROUP_ICON

language

LANG_NEUTRAL

filetype

data

sublanguage

SUBLANG_ARABIC_OMAN

offset

0x0002f838

size

0x00000022

name

RT_VERSION

language

LANG_NEUTRAL

filetype

data

sublanguage

SUBLANG_ARABIC_OMAN

offset

0x0002f160

size

0x000002c4

Looks up the external IP address (2 events)

domain	ipinfo.io
domain	ip-api.com

Creates executable files on the filesystem (13 events)

file	C:\Users\test22\Pictures\Adobe Films\8d7XnZcXMZmRinL1VgzrSaD0.exe
file	C:\Users\test22\AppData\Local\Temp\pidHTSIGEi8DrAmaYu9K8ghN89.dll
file	C:\Users\test22\Pictures\Adobe Films\MfNhCRsUh288sKW9unWxa_70.exe
file	C:\Users\test22\Documents\T9aZunTSaNJLBVfIkgF5mtQo.dll
file	C:\Users\test22\Pictures\Adobe Films\Ey7yeaTjPhFHxfTIFZXDyrpN.exe
file	C:\Users\test22\Documents\8d9CQVkfuQeq1RjjUnhIl2th.exe
file	C:\Users\test22\Pictures\Adobe Films\bG9VYR76UmYHyhaZee2s3HuD.exe
file	C:\Users\test22\Pictures\Adobe Films\AmDTuf414mdG4AO64_u9aMc3.exe
file	C:\Users\test22\Pictures\Adobe Films\Om09vWpv5xNNBElUwByA9WZa.exe
file	C:\Users\test22\Pictures\Adobe Films\qMxT5WqFL1ddzvSoaRM6_dFa.exe
file	C:\Users\test22\Pictures\Adobe Films\wXo13KCC1EmxZHGWUSYaUWxD.exe
file	C:\Users\test22\Pictures\Adobe Films\M1S5AdHr86vseIxNKHqYfk1x.exe
file	C:\Users\test22\Pictures\Adobe Films\nxQCIhI4Dhafu5y_bXtCL9Sz.exe

Creates a suspicious process (2 events)

cmdline	schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST
cmdline	schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST

Drops a binary and executes it (9 events)

file	C:\Users\test22\Pictures\Adobe Films\wXo13KCC1EmxZHGWUSYaUWxD.exe
file	C:\Users\test22\Pictures\Adobe Films\AmDTuf414mdG4AO64_u9aMc3.exe
file	C:\Users\test22\Documents\8d9CQVkfuQeq1RjjUnhIl2th.exe
file	C:\Users\test22\Pictures\Adobe Films\MfNhCRsUh288sKW9unWxa_70.exe
file	C:\Users\test22\Pictures\Adobe Films\Ey7yeaTjPhFHxfTIFZXDyrpN.exe
file	C:\Users\test22\Pictures\Adobe Films\qMxT5WqFL1ddzvSoaRM6_dFa.exe
file	C:\Users\test22\Pictures\Adobe Films\M1S5AdHr86vseIxNKHqYfk1x.exe
file	C:\Users\test22\Pictures\Adobe Films\bG9VYR76UmYHyhaZee2s3HuD.exe
file	C:\Users\test22\Pictures\Adobe Films\8d7XnZcXMZmRinL1VgzrSaD0.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\is-62BRB.tmp\8d7XnZcXMZmRinL1VgzrSaD0.tmp

A process created a hidden window (9 events)

Time & API	Arguments	Status	Return
ShellExecuteExW Nov. 4, 2021, 2:43 p.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures//Adobe Films\nxQCIhI4Dhafu5y_bXtCL9Sz.exe parameters: filepath: C:\Users\test22\Pictures\Adobe Films\nxQCIhI4Dhafu5y_bXtCL9Sz.exe	1	1
ShellExecuteExW Nov. 4, 2021, 2:44 p.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures//Adobe Films\wXo13KCC1EmxZHGWUSYaUWxD.exe parameters: filepath: C:\Users\test22\Pictures\Adobe Films\wXo13KCC1EmxZHGWUSYaUWxD.exe	1	1
ShellExecuteExW Nov. 4, 2021, 2:44 p.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures//Adobe Films\AmDTuf414mdG4AO64_u9aMc3.exe parameters: filepath: C:\Users\test22\Pictures\Adobe Films\AmDTuf414mdG4AO64_u9aMc3.exe	1	1
ShellExecuteExW Nov. 4, 2021, 3:03 p.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures//Adobe Films\MfNhCRsUh288sKW9unWxa_70.exe parameters: filepath: C:\Users\test22\Pictures\Adobe Films\MfNhCRsUh288sKW9unWxa_70.exe	1	1
ShellExecuteExW Nov. 4, 2021, 3:03 p.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures//Adobe Films\Ey7yeaTjPhFHxfTIFZXDyrpN.exe parameters: filepath: C:\Users\test22\Pictures\Adobe Films\Ey7yeaTjPhFHxfTIFZXDyrpN.exe	1	1
ShellExecuteExW Nov. 4, 2021, 3:03 p.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures//Adobe Films\qMxT5WqFL1ddzvSoaRM6_dFa.exe parameters: filepath: C:\Users\test22\Pictures\Adobe Films\qMxT5WqFL1ddzvSoaRM6_dFa.exe	1	1
ShellExecuteExW Nov. 4, 2021, 3:03 p.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures//Adobe Films\M1S5AdHr86vseIxNKHqYfk1x.exe parameters: filepath: C:\Users\test22\Pictures\Adobe Films\M1S5AdHr86vseIxNKHqYfk1x.exe	1	1
ShellExecuteExW Nov. 4, 2021, 3:03 p.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures//Adobe Films\bG9VYR76UmYHyhaZee2s3HuD.exe parameters: filepath: C:\Users\test22\Pictures\Adobe Films\bG9VYR76UmYHyhaZee2s3HuD.exe	1	1
ShellExecuteExW Nov. 4, 2021, 3:05 p.m.	show_type: 0 filepath_r: C:\Users\test22\Pictures//Adobe Films\8d7XnZcXMZmRinL1VgzrSaD0.exe parameters: filepath: C:\Users\test22\Pictures\Adobe Films\8d7XnZcXMZmRinL1VgzrSaD0.exe	1	1

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (18 events)

Time & API	Arguments	Status	Return
Process32NextW Nov. 4, 2021, 2:43 p.m.	snapshot_handle: 0x00000518 process_name: taskhost.exe process_identifier: 2672	1	1
Process32NextW Nov. 4, 2021, 2:43 p.m.	snapshot_handle: 0x00000518 process_name: SearchProtocolHost.exe process_identifier: 2752	1	1
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nxQCIhI4Dhafu5y_bXtCL9Sz.exe process_identifier: 3048	1	1
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: wXo13KCC1EmxZHGWUSYaUWxD.exe process_identifier: 2124	1	1
Process32NextW Nov. 4, 2021, 2:37 p.m.	snapshot_handle: 0x0000000000000028 process_name: schtasks.exe process_identifier: 2440	1	1
Process32NextW Nov. 4, 2021, 2:37 p.m.	snapshot_handle: 0x0000000000000028 process_name: conhost.exe process_identifier: 2460	1	1
Process32NextW Nov. 4, 2021, 2:37 p.m.	snapshot_handle: 0x0000000000000028 process_name: taskhost.exe process_identifier: 3040	1	1
Process32NextW Nov. 4, 2021, 2:37 p.m.	snapshot_handle: 0x0000000000000028 process_name: qMxT5WqFL1ddzvSoaRM6_dFa.exe process_identifier: 204	1	1
Process32NextW Nov. 4, 2021, 2:37 p.m.	snapshot_handle: 0x0000000000000028 process_name: conhost.exe process_identifier: 1756	1	1
Process32NextW Nov. 4, 2021, 2:37 p.m.	snapshot_handle: 0x0000000000000028 process_name: conhost.exe process_identifier: 2204	1	1
Process32NextW Nov. 4, 2021, 2:37 p.m.	snapshot_handle: 0x0000000000000028 process_name: M1S5AdHr86vseIxNKHqYfk1x.exe process_identifier: 2212	1	1
Process32NextW Nov. 4, 2021, 2:37 p.m.	snapshot_handle: 0x0000000000000028 process_name: bG9VYR76UmYHyhaZee2s3HuD.exe process_identifier: 296	1	1
Process32NextW Nov. 4, 2021, 2:37 p.m.	snapshot_handle: 0x0000000000000028 process_name: conhost.exe process_identifier: 1304	1	1
Process32NextW Nov. 4, 2021, 2:38 p.m.	snapshot_handle: 0x0000000000000028 process_name: cmd.exe process_identifier: 1252	1	1
Process32NextW Nov. 4, 2021, 2:38 p.m.	snapshot_handle: 0x0000000000000028 process_name: conhost.exe process_identifier: 2324	1	1
Process32NextW Nov. 4, 2021, 2:38 p.m.	snapshot_handle: 0x0000000000000028 process_name: 8d7XnZcXMZmRinL1VgzrSaD0.exe process_identifier: 1580	1	1
Process32NextW Nov. 4, 2021, 2:38 p.m.	snapshot_handle: 0x0000000000000028 process_name: 8d7XnZcXMZmRinL1VgzrSaD0.tmp process_identifier: 1964	1	1
Process32NextW Nov. 4, 2021, 2:57 p.m.	snapshot_handle: 0x0000000000000028 process_name: cmd.exe process_identifier: 900	1	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Nov. 4, 2021, 2:44 p.m.	flags: 15 family: 0		111	0

An executable file was downloaded by the processes ww_testfs_0211_single.exe, wxo13kcc1emxzhgwusyauwxd.exe, 8d9cqvkfuqeq1rjjunhil2th.exe (11 events)

Time & API	Arguments	Status	Return
InternetReadFile Nov. 4, 2021, 2:43 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $I4! Uîr Uîr Uîr>êsUîr>ísUîr>ësUîr:êsUîr:ísUîr:ës$Uîr>ïsUîr UïroUîrË:çsUîrË:rUîrË:ìsUîrRich UîrPEd\Ì<að"z\|7@P`TÔ(0è´@Ðµ8¶0¨.text¥yz `.rdataTMN~@@.dataàÌ@À.pdata´Ø@@_RDATA î@@.rsrcè0ð@@.reloc@ò@BH 9yéÌ$ÌÌÌÌHAíÃÌÌÌÌÌÌÌÌHT$LD$LL$ SVWHì0HúHt$`HÙèÊÿÿÿE3ÉHt$ LÇHÓHè<HÄ0_^[ÃÌÌÌÌÌÌÌÌÌÌÌÌ@SHì HÙHÂH õWÀHSHHHèc1HÃHÄ [ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌHQH%HÒHEÂÃÌÌÌÌÌÌÌÌÌÌÌÌÌH\$WHì HHùHÚHÁè1öÃt ºHÏèì#H\$0HÇHÄ _ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌHQHHÁéY1ÌÌÌÌÌÌÌÌÌÌÌÌÌH±HÇAHAH¾HHÁÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌHìHHL$ èÂÿÿÿH³ÂHL$ è!3Ì@SHì HÙHÂH ÕWÀHSHHHèC0HXHHÃHÄ [ÃÌÌÌÌ@SHì HÙHÂH WÀHSHHHè0HHHÃHÄ [ÃÌÌÌÌH\$Ht$WHìpHçÍH3ÄH$`3öÿ<~ø3ÒNÿï}HØHD$ HøÿtF3ÒA¸0HL$0è·4ÇD$00HT$0HËÿ}Àt9\|$8tHT$0HËÿÁ}ëæt$PHûÿt HËÿ´}ÆH$`H3ÌèL$pI[IsIã_ÃÌÌÌÌÌÌÌÌÌÌÌÌÌH\$WHìHÍH3ÄH$HÙ3ÀHHAHA3ÒHÿ}HøHD$ Høÿ3ÒA¸0HL$Pèâ3ÇD$P0HT$PHÏÿ¬\|Àt_LD$XHT$\|HL$(èÜHÐHKH;Ktè*HC(ëLÂHÑHËè¥HL$(èKHT$PHÏÿ¥\|Àu©Hÿÿt HÏÿ\|HÃH$H3ÌègH$¨HÄ_ÃÌÌÌÌÌÌ@SHì HQHÙHú request_handle: 0x00cc000c	1	1
InternetReadFile Nov. 4, 2021, 2:43 p.m.	buffer: rSÑ<¡ö?ÀÐ:Gö?hhö?g6qö?ù"Qjìaö?£J;ORö?d!YÈBö?ÞÀ¸V3ö?@bwú#ö?®1h³ö?X`ö?ü-)4döõ?çÐ¸[çõ?¥âìÃgØõ?W+Éõ?úGÆ¼ºõ?ÀZk¬õ?ªÌ#ñaõ?íX0Òõ?`XVõ?:kP<íqõ?âR\|ºcõ?UUUUUUõ?þ»æ%Gõ?ëôH 9õ?K¨Vÿõ?øâêõ?ÅÄá"õ?PPõ?LÝbóô?9/§àåô?L,Ü¾CØô?n¯%¸Êô?á¦Ý>½ô?[¿R Ö¯ô?Jv¢ô?gÐ²ã9ô?H"ô?{®Gázô?f`Y4Îmô?ÏõÇË`ô?ÊvÇâÙSô?ûÙbeøFô?Mî«0':ô?Õ%f-ô?QY^&µ ô?ô?feÑô?û°?ûó?¯¥Bîó?©ä¼,âó?ÆuªÙÕó?ç«{¤Éó?U)#Ù`½ó?;±;±ó?"Èz8$¥ó?c,ó?fÓ"ó?88ó?îEÉÑ[uó?HÞóió?ø_Î]ó?Áx+ûRó?Fà¬yFó?²¼W[ä:ó?újí\/ó?¿+Jã#ó?¶ëéXwó?Ñ0 ó?`ÄÈó?h/¡½öò?KÑþ¡Nëò?KÀ%àò? P- Õò? ,MûÉò?7Zù¾ò?@+´ò?Áó©ò?ä)Aò?¥¸[rò?°°ò?MÎ¡8ú}ò?5'¸Psò?'Ö\|³hò?ñp"^ò?²w~Sò?$I$Iò?[`·>ò?ß¼xV4ò? "*ò?xû!·ò?æUHyò?ÙÀgGò? ò?pÁ}÷ñ?L¸<ôìñ?t¸?;ïâñ?½J.gõØñ?¢Ïñ?Yàü"Åñ?)íF@J»ñ?ãºòg\|±ñ?{a¹§ñ?àñ?¢Sñ?Û+°ñ?ñ?Öwñ?ysBnñ?2üPdñ? 'u_[ñ?ÉÕý£¹Qñ?;Í _Hñ?$G4?ñ?È5È5ñ?¬Àí,ñ?30]çX#ñ?&H§0ñ?ñ?¾ûñ?ðþðþð?¢%³úíõð?ækõìð?`Uäð?F¨ Ûð?:5VDÒð?;Ú¼OqÉð?qA§Àð?È%ìæ·ð?µì.r/¯ð?§h ¦ð?`¯¦Ûð?T 9?ð?âeu³«ð?B!ð?âê¸){ð?Æ÷G &sð?ûyµjð?ü©ñÒMbð?ur îYð?4×÷Qð?ÅdÌIIð?AAð?üG·Æ8ð?^µ0ð?é)wüd(ð?@ ð?7zQ6$ð?ð?ð?ð?log10ÿÿÿÿÿÿ?Cÿÿÿÿÿÿ?ÃUnknown exceptionbad array new lengthabcdefghijklmnopqrstuvwxyz0123456789_ABCDEFGHIJKLMNOPQRSTUVWXYZpidhtmpfile.tmp.dllpidHTSIGwbTaskmgr.exekernel32.dll%uLoadLibraryAvector too longstring too longMZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $ÞévMÞévMÞévMÊrLÕévMÊuLØévMÊsLGévMÕrLÐévMÕuL×évMÕsLýévMÊwLÝévMÞéwM¼évMLßévMMßévMtLßévMRichÞévMPEd Ì<að" ¶øTZ`¬z(àà°ÜðX8ÐX0Ð.textÅµ¶ ` request_handle: 0x00cc000c	1	1
InternetReadFile Nov. 4, 2021, 2:44 p.m.	buffer: MZÿÿ¸@øº´ Í!¸LÍ!This program cannot be run in DOS mode. $¿´ºûiÚéûiÚéûiÚéïÙèñiÚéïßèaiÚéðÞèêiÚéðÙèìiÚéðßèÑiÚéïÞèîiÚéïÛèòiÚéûiÛéiÚé=ÓèþiÚé=%éúiÚé=ØèúiÚéRichûiÚéPELÚeaà,ðe¤@@P@°ãdè ¸%¶8À¶@@È.textß+, `.rdata ®@°0@@.dataìðà@À.rsrcèì@@.reloc¸% &î@BUìhØE¹àFèþhÀ;Eè´Ä]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌSÜìäðÄUkl$ìì¡ðE3ÅEü3ÀEß3ÉMÞ3ÒUÝEßEØMÞMÔUÝUÐÇE¸EÇE¼äÀñE¸E M¼M¤ÇE°x>XÇE´ÑHU°U¨E´E¬M MÈÇEà7k®ÇEääÀñÇEèx>XÇEìÑH3ÒUÜEÜEÌ(Eà)EMÈ)E(EfïE)pÿÿÿ(pÿÿÿUÈEÈEÄMÄQ¹øFèõhÐ;Eè«ÄMü3Íè&å]ã[ÃÌÌÌÌÌÌÌUìQMüEüÇ4BE3ÉUüÂ JEüÀPMÁQèÄEüå]ÂÌÌÌÌUìQMüEüÇ4BEMüÁQèÀÄå]ÃÌÌÌÌÌÌÌÌÌÌÌÌÌUììMüEüxtMüQUøëÇEø¬EEøå]ÃÌÌÌÌÌUìQMüEüÇ4BEMüÁQè`ÄUâtjEüPèÓÄEüå]ÂÌÌUìQMüEüÇ4BE3ÉUüÂ JEüÇ@ÀEMüÇ@BEUüÇ¼BEEüå]ÃUììMôè²ÿÿÿh<âEEôPè_¡å]ÃUìQMüEüÇ4BE3ÉUüÂ JEüÀPMÁQèIÄUüÇ@BEEüÇ¼BEEüå]ÂÌÌUìQMüEüÇ4BE3ÉUüÂ JEüÀPMÁQèùÄUüÇ@BEEüå]ÂÌÌÌÌÌÌÌÌÌÌÌUììEÁ#U EMôºkÂÿMôUøÇEðE+MøMü}ür}ü#wë èÅ3Òu÷3ÀuåMUøå]ÃÌÌÌÌÌÌÌÌÌÌÌUìjÿhxEd¡Pìx¡ðE3ÅEðPEôd£ÇEMØè)ÇEüÇEÐÇEÌEEMéM}`UEÇM request_handle: 0x00cc0014	1	1
InternetReadFile Nov. 4, 2021, 2:44 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $bT¨&5ëû&5ëû&5ëû2^èú,5ëû2^îú´5ëû2^ïú45ëû-Zïú75ëû-Zèú05ëû-Zîú 5ëû2^êú%5ëû&5êû{5ëûàZâú%5ëûàZû'5ëû&5\|û'5ëûàZéú'5ëûRich&5ëûPELe>maà^ú0p@@ÁØÓ(¸]`0Ã°Ã@p,.textò\^ `.rdatarjplb@@.dataTà Î@À.rsrc¸]^Ø@@.reloc0`6@Bh¨ÁA¹ èAèa=h lAè_YÃÌÌÌÌÌUìäðì Ç$Tµ=;$ÇD$YA¡QÇD$a[ÖÇD$j8à($ÇD$e=;ÇD$YA¡ÇD$a[ÖÇD$j8àfïL$)$ÇõAÇõAÆüôAAÀuù+Ê$QP¹üôAèÑ=hplAè¿Äå]Ãh¨ÁA¹¸èAè¡<h°lAèYÃÌÌÌÌÌ¸õAÃÌÌÌÌÌÌÌÌÌÌUìVñWÀFPÇôrAfÖEÀPèPÄÆ^]ÂÌÌÌI¸<ÁAÉEÁÃÌÌUìVñFÇôrAPèÄöEtjVè7ÄÆ^]ÂAÇôrAPèWYÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌWÀÁfÖAÇAPÁAÇìvAÃÌÌÌÌÌÌÌÌUììMôèÒÿÿÿh¬ÓAEôPègÌÌÌÌUìVñWÀFPÇôrAfÖEÀPèÄÇìvAÆ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌUìVñWÀFPÇôrAfÖEÀPè@ÄÇsAÆ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌUììEEðESEôMðEôÈVWu)EðMôÀEðÑMôEEðEEôMðEôÈtØEðºFMôÑ¤ÿÿEð¿NÚÉÑÿMôEðMôlÿÿÿEðÑÿMôMðÁ]ô÷â]üEðòÁ¹F÷çøUôÃ÷áÈÚEüºNÚÉ÷âÎEüÓùMôÑ}è3ÀÙMüÀË_Ð¬Ñ ^MðÁê UôEðMô'¶ÝEðÑÿMôEðUô[å]ÂÌÌÌÌUìì EMðEàñMäÇEðÇEôÇEø³P ÇEüÇEèäÂ£ÇEìUøVuüEðÐMôñÂUðÖuôEèMìUàuä+ÐUàñuäuàUäMðEôPQRVèVREàUäEàUä^å]ÂÌÌÌSÜìäðÄUkl$ììÈ¡àA request_handle: 0x00cc000c	1	1
InternetReadFile Nov. 4, 2021, 2:44 p.m.	buffer: [£3ª£Q'£HwK££®££4£££££££ ¨£R¬Ç£RRO£RRO£R°£££££Á¡¿¿1¿ñ¿ð¿ô¿ö¿÷¿÷¾¾¾G¾¾? q (@@ (B00 ¨% ¨ hMZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELEçºYà" 0¶vÕ à `$ÕOàðìÓ H.text¤µ ¶ `.rsrcðà¸@@.reloc¾@BXÕHÉ<<Ð°2~(7 6~(8 F~ (7 t"6~ (8 F~(7 t"6~(8 F~(7 ¥J~(8 6~(9 6~(: F~(7 ¥J~(; 0ft%(< u®(= , (< ,(< u®þþ++o(> (< s? %~o@ oA v(B rp(C u}0(D {-*{oE request_handle: 0x00cc000c	1	1
InternetReadFile Nov. 4, 2021, 3:03 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $I4! Uîr Uîr Uîr>êsUîr>ísUîr>ësUîr:êsUîr:ísUîr:ës$Uîr>ïsUîr UïroUîrË:çsUîrË:rUîrË:ìsUîrRich UîrPEd\Ì<að"z\|7@P`TÔ(0è´@Ðµ8¶0¨.text¥yz `.rdataTMN~@@.dataàÌ@À.pdata´Ø@@_RDATA î@@.rsrcè0ð@@.reloc@ò@BH 9yéÌ$ÌÌÌÌHAíÃÌÌÌÌÌÌÌÌHT$LD$LL$ SVWHì0HúHt$`HÙèÊÿÿÿE3ÉHt$ LÇHÓHè<HÄ0_^[ÃÌÌÌÌÌÌÌÌÌÌÌÌ@SHì HÙHÂH õWÀHSHHHèc1HÃHÄ [ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌHQH%HÒHEÂÃÌÌÌÌÌÌÌÌÌÌÌÌÌH\$WHì HHùHÚHÁè1öÃt ºHÏèì#H\$0HÇHÄ _ÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌHQHHÁéY1ÌÌÌÌÌÌÌÌÌÌÌÌÌH±HÇAHAH¾HHÁÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌHìHHL$ èÂÿÿÿH³ÂHL$ è!3Ì@SHì HÙHÂH ÕWÀHSHHHèC0HXHHÃHÄ [ÃÌÌÌÌ@SHì HÙHÂH WÀHSHHHè0HHHÃHÄ [ÃÌÌÌÌH\$Ht$WHìpHçÍH3ÄH$`3öÿ<~ø3ÒNÿï}HØHD$ HøÿtF3ÒA¸0HL$0è·4ÇD$00HT$0HËÿ}Àt9\|$8tHT$0HËÿÁ}ëæt$PHûÿt HËÿ´}ÆH$`H3ÌèL$pI[IsIã_ÃÌÌÌÌÌÌÌÌÌÌÌÌÌH\$WHìHÍH3ÄH$HÙ3ÀHHAHA3ÒHÿ}HøHD$ Høÿ3ÒA¸0HL$Pèâ3ÇD$P0HT$PHÏÿ¬\|Àt_LD$XHT$\|HL$(èÜHÐHKH;Ktè*HC(ëLÂHÑHËè¥HL$(èKHT$PHÏÿ¥\|Àu©Hÿÿt HÏÿ\|HÃH$H3ÌègH$¨HÄ_ÃÌÌÌÌÌÌ@SHì HQHÙHú request_handle: 0x00cc000c	1	1
InternetReadFile Nov. 4, 2021, 3:03 p.m.	buffer: rSÑ<¡ö?ÀÐ:Gö?hhö?g6qö?ù"Qjìaö?£J;ORö?d!YÈBö?ÞÀ¸V3ö?@bwú#ö?®1h³ö?X`ö?ü-)4döõ?çÐ¸[çõ?¥âìÃgØõ?W+Éõ?úGÆ¼ºõ?ÀZk¬õ?ªÌ#ñaõ?íX0Òõ?`XVõ?:kP<íqõ?âR\|ºcõ?UUUUUUõ?þ»æ%Gõ?ëôH 9õ?K¨Vÿõ?øâêõ?ÅÄá"õ?PPõ?LÝbóô?9/§àåô?L,Ü¾CØô?n¯%¸Êô?á¦Ý>½ô?[¿R Ö¯ô?Jv¢ô?gÐ²ã9ô?H"ô?{®Gázô?f`Y4Îmô?ÏõÇË`ô?ÊvÇâÙSô?ûÙbeøFô?Mî«0':ô?Õ%f-ô?QY^&µ ô?ô?feÑô?û°?ûó?¯¥Bîó?©ä¼,âó?ÆuªÙÕó?ç«{¤Éó?U)#Ù`½ó?;±;±ó?"Èz8$¥ó?c,ó?fÓ"ó?88ó?îEÉÑ[uó?HÞóió?ø_Î]ó?Áx+ûRó?Fà¬yFó?²¼W[ä:ó?újí\/ó?¿+Jã#ó?¶ëéXwó?Ñ0 ó?`ÄÈó?h/¡½öò?KÑþ¡Nëò?KÀ%àò? P- Õò? ,MûÉò?7Zù¾ò?@+´ò?Áó©ò?ä)Aò?¥¸[rò?°°ò?MÎ¡8ú}ò?5'¸Psò?'Ö\|³hò?ñp"^ò?²w~Sò?$I$Iò?[`·>ò?ß¼xV4ò? "*ò?xû!·ò?æUHyò?ÙÀgGò? ò?pÁ}÷ñ?L¸<ôìñ?t¸?;ïâñ?½J.gõØñ?¢Ïñ?Yàü"Åñ?)íF@J»ñ?ãºòg\|±ñ?{a¹§ñ?àñ?¢Sñ?Û+°ñ?ñ?Öwñ?ysBnñ?2üPdñ? 'u_[ñ?ÉÕý£¹Qñ?;Í _Hñ?$G4?ñ?È5È5ñ?¬Àí,ñ?30]çX#ñ?&H§0ñ?ñ?¾ûñ?ðþðþð?¢%³úíõð?ækõìð?`Uäð?F¨ Ûð?:5VDÒð?;Ú¼OqÉð?qA§Àð?È%ìæ·ð?µì.r/¯ð?§h ¦ð?`¯¦Ûð?T 9?ð?âeu³«ð?B!ð?âê¸){ð?Æ÷G &sð?ûyµjð?ü©ñÒMbð?ur îYð?4×÷Qð?ÅdÌIIð?AAð?üG·Æ8ð?^µ0ð?é)wüd(ð?@ ð?7zQ6$ð?ð?ð?ð?log10ÿÿÿÿÿÿ?Cÿÿÿÿÿÿ?ÃUnknown exceptionbad array new lengthabcdefghijklmnopqrstuvwxyz0123456789_ABCDEFGHIJKLMNOPQRSTUVWXYZpidhtmpfile.tmp.dllpidHTSIGwbTaskmgr.exekernel32.dll%uLoadLibraryAvector too longstring too longMZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $ÞévMÞévMÞévMÊrLÕévMÊuLØévMÊsLGévMÕrLÐévMÕuL×évMÕsLýévMÊwLÝévMÞéwM¼évMLßévMMßévMtLßévMRichÞévMPEd Ì<að" ¶øTZ`¬z(àà°ÜðX8ÐX0Ð.textÅµ¶ ` request_handle: 0x00cc000c	1	1
InternetReadFile Nov. 4, 2021, 3:03 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $AÍå¬h¶¬h¶¬h¶Çl·¬h¶Çk· ¬h¶Çm·½¬h¶½Ým·"¬h¶½Ýk·¬h¶WÙl·¬h¶WÙk·¬h¶WÙm·_¬h¶Çi·¬h¶¬i¶×¬h¶°Ùa· ¬h¶°Ù¶¬h¶°Ùj·¬h¶Rich¬h¶PEdUnoað"P>t.@`LëxÀ8ð¼Ðì @_pa(°_8`0.text@NP `.rdata`T@@.dataDîºò@À.pdata¼ð¾¬@@_RDATAô°j@@.rsrc8Àl@@.relocì Ð"p@BHì(èb H àGHÄ(éÌÌÌHì(H ¨è0ï H mIHÄ(éìH ÅIéàH ]IéÔH &ªéÄ÷ Hì(H ªèìî H ÑIHÄ(é¨Hì(A¹HoªE3ÀH õ©è÷ H IHÄ(éxHì(¹èöfHÐH 8ªèCö H ÔIHÄ(éKÌÌÌHì(H «èlî H ýIHÄ(é(H IéÌÌÌÌ·qH âIf£ï¶nqïéñÌÌÌÌÌÌÌÌÌH )JéÜÌÌÌÌH JéÌÌÌÌÌHì(=ÆÄuèÎ«Æ¸ÄfooHðE3ÀHæÄH çÄóçÄAPèf3ÉHåÄ çÄHÇHÑÄHHH .JHÄ(éMÌÌÌÌÌHì(=FÄuèN«Æ8ÄfoïHpE3ÀHÄH ÄóÄAPèæ¬3ÉHÄ ÄHÇHÄHHH îIHÄ(éÍÌÌÌÌÌHì(=ÆÃuèÎªÆ¸ÃfooHðE3ÀH¶ÃH ·Ãó·ÃAPèf¬3ÉHµÃ ·ÃHH¥ÃHHH ²IHÄ(éQÌÌÌÌÌÌÌÌÌé[ªÌÌÌÌÌÌÌÌÌÌÌHì(E3ÀH 2îAPèy`H=1îH2îv*HÇH "îLîHÁIètIÁà3Òè¾ H wIHÄ(éÖÌÌÌÌÌÌÌÌÌÌÌÌÌÌHì(E3ÀH ¢í3Òè`H IH¥íHÄ(éÌÌÌÌHì(H ½íèàÇH ÐíèÓÇÆäíH IHÄ(édÌÌÌÌÌÌÌÌÌÌÌÌHì(H ÍíèH ðíèsÆîH ÅIHÄ(é request_handle: 0x00cc0030	1	1
InternetReadFile Nov. 4, 2021, 3:03 p.m.	buffer: MZÿÿ¸@èº´ Í!¸LÍ!This program cannot be run in DOS mode. $uÀ)1¡GV1¡GV1¡GVg:V%¡GVg*Vh¡GVò®V0¡GVg)V¡GVò®V6¡GV1¡FVR¡GVg5V0¡GVg?V0¡GVRich1¡GVPELlö\|aàÀ`%Ð@@'õP0° request_handle: 0x00cc0018	1	1
InternetReadFile Nov. 4, 2021, 3:03 p.m.	buffer: MZÿÿ¸@èº´ Í!¸LÍ!This program cannot be run in DOS mode. $PELSY»^à \T p@Ð²äÜªd`iÀq@@pl.text [\ `.rdata CpD`@@.dataÄÀ¤@À.lileziwrP¼@@.rsrci`jÀ@@ÁàÃ3D$Â3D$Â®6ïÆÃÃUìì(¡ÓAeüEä¡ÓAV3W{EÜEüÇEà¹y7èÃÿÿÿEür=lBÈu.h<AØóÿÿPÿ`pA3ÀPPPÿXpAjjØûÿÿPÿ\pA¡ÓAEè¡ÓAEØÇEì ÇEôEôÆMøèCÿÿÿEølBEèú©u ÇhB@.ëíúëu%TèAMüÎQÇdB.ÎPèÿÿÿMôEøÆÓèEØ3Eø+øúujÿ4pA%»RÀ]ÇMøèÓþÿÿMÜÇÁèEðEðèÝþÿÿEüÇPEøEäè¾þÿÿEøPEðMøè¦þÿÿ%PèA+uøEà)EüÿMì/ÿÿÿ{_3^ÉÃUì¡lB døAìVÁè3ö;ÆvbSWÙø=lBé uCÿpAVEüPVüûÿÿPVÿ0pAVü÷ÿÿPVÿTpAVVÿ@pAVVhHAhAÿDpAè&þÿÿÃOu¦_[^ÉÃUìQ\>B3ÉV5døA9 lBvUü¸;-EüEü1A; lBrã^ÉÃÿ5lBjÿPpA£døAÃ3ÀèAÈãA@ÉuïÃj@hÿ5lBjÿ<pA£døAÃUììSV3ö=lB W=hpAuVVÿdqAÿuüVÿ,pAVÿ$pAVVÿ×Vè¯Ç$) hêè^hÜAhàAèºVè>VVVèMÙîÄÝT$Ý$èËÄÝØÄ0pèúÝØVVèÄ3Ûÿ(pAûR }VVÿ×VVVVÿpAû5 Cûu^\|ÓèþþÿÿhÈãAÿLpAhøAP£`Bÿ8pA£\BèÄþÿÿèçþÿÿ¡ÜÓA£\>Bèuþÿÿ3ÿ95lBv)=lBDuVEüPVVVÿ0pAVVVÿ pAG;=lBr×3ÿ¡l*BÇø^u.VüûÿÿPVÿHpAVü÷ÿÿPVhAVVÿdpAVVVÿpAG request_handle: 0x00cc003c	1	1
InternetReadFile Nov. 4, 2021, 3:05 p.m.	buffer: MZPÿÿ¸@º´ Í!¸LÍ!This program must be run under Win32 $7PEL^BàÐø¥°@Ð@@ÐP (¿ðCODE0 `DATAP°¢@ÀBSSÀ¦À.idataP Ð ¦@À.tlsà°À.rdatað°@P.relocÄ@P.rsrc(¿À²@P@è@P string<@m@Ä)@¬(@Ô(@)@$)@Free0)@InitInstanceL)@CleanupInstanceh(@ ClassTypel(@ ClassName(@ClassNameIs¨(@ClassParentÀ)@ ClassInfoø(@InstanceSize°)@InheritsFromÈ)@Dispatchð)@ MethodAddress<@ MethodNamex*@FieldAddressÄ)@DefaultHandler¬(@NewInstanceÔ(@FreeInstanceTObject@Ã@ÿ% Ñ@Àÿ%Ñ@Àÿ%Ñ@Àÿ%Ñ@Àÿ%Ñ@Àÿ%Ñ@Àÿ%Ñ@Àÿ%(Ñ@Àÿ%Ñ@Àÿ%Ñ@Àÿ%üÐ@Àÿ%øÐ@Àÿ%ôÐ@Àÿ%ðÐ@Àÿ%ìÐ@Àÿ%èÐ@Àÿ%äÐ@Àÿ%àÐ@Àÿ%ÜÐ@Àÿ%ØÐ@Àÿ%ÔÐ@Àÿ%@Ñ@Àÿ%<Ñ@Àÿ%8Ñ@Àÿ%4Ñ@Àÿ%0Ñ@Àÿ%ÐÐ@Àÿ%ÌÐ@Àÿ%ÈÐ@Àÿ%ÄÐ@Àÿ%ÀÐ@Àÿ%¼Ð@Àÿ%¸Ð@Àÿ%´Ð@ÀSV¾8Ä@>u:hDjè¨ÿÿÿÈÉu3À^[Ã¡4Ä@ 4Ä@3ÒÂÀDÁBúduì^[Ã@ÃÀSVòØèÿÿÿÀu3À^[ÃPVPXB°^[ÃP Q8Ä@£8Ä@ÃSVWUQñ$è]$PV;CÐS;uÃè·ÿÿÿCCFëV;Âu ÃèÿÿÿCFß;ëuÂÖÅèUÿÿÿÀu3ÀZ]_^[Ã@SVWUÄøØû2C;ðrlÎJèk;Íw^;ðuBCB)C{uDÃè5ÿÿÿë; rÎø{;Ïu)së& J$+ù request_handle: 0x00cc000c	1	1

Expresses interest in specific running processes (4 events)

process	nxqcihi4dhafu5y_bxtcl9sz.exe
process	mfnhcrsuh288skw9unwxa_70.exe
process	ww_testfs_0211_single.exe
process	8d9cqvkfuqeq1rjjunhil2th.exe

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 1702 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0
Process32NextW Nov. 4, 2021, 2:36 p.m.	snapshot_handle: 0x0000000000000028 process_name: nx吐睗 process_identifier: 3048		0	0

Uses Windows utilities for basic Windows functionality (2 events)

cmdline	schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST
cmdline	schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST

Communicates with host for which no DNS query was performed (3 events)

host	212.192.241.62
host	45.133.1.107
host	45.133.1.182

Installs itself for autorun at Windows startup (2 events)

cmdline	schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST
cmdline	schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST

Attempts to create or modify system certificates (2 events)

registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob

Network activity contains more than one unique useragent (2 events)

process	ww_testFS_0211_single.exe				useragent	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
process	ww_testFS_0211_single.exe				useragent	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Uses Sysinternals tools in order to add additional command line functionality (2 events)

cmdline	schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl LG" /sc ONLOGON /rl HIGHEST
cmdline	schtasks /create /f /RU "test22" /tr "C:\Program Files (x86)\PowerControl\PowerControl_Svc.exe" /tn "PowerControl HR" /sc HOURLY /rl HIGHEST

Generates some ICMP traffic

File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 events)

Lionic	Trojan.Win32.Convagent.i!c
MicroWorld-eScan	Gen:Variant.Fragtor.36743
Cylance	Unsafe
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/TrojanDownloader.Agent.FXP
APEX	Malicious
Avast	Win32:DropperX-gen [Drp]
Ad-Aware	Gen:Variant.Fragtor.36743
Sophos	Mal/Generic-S
BitDefenderTheta	Gen:NN.ZexaF.34236.ku0@aGavv0aO
FireEye	Generic.mg.4ea672ca05b3c1e7
Emsisoft	Gen:Variant.Fragtor.36743 (B)
Ikarus	Trojan-Downloader.Win32.Agent
Jiangmin	Trojan.PSW.Convagent.o
ZoneAlarm	HEUR:Trojan-PSW.Win32.Convagent.gen
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
AhnLab-V3	Dropper/Win.DropperX-gen.C4745768
VBA32	BScope.TrojanRansom.FileCryptor
Malwarebytes	Trojan.Downloader
Tencent	Win32.Trojan-downloader.Agent.Pgxa
Fortinet	W32/Agent.FXP!tr.dldr
AVG	Win32:DropperX-gen [Drp]
Paloalto	generic.ml

Disables Windows Security features (8 events)

description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableRoutinelyTakingAction
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\DisableAntiSpyware
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRawWriteNotification
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
description	attempts to modify windows defender policies	registry	HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 events)

dead_host	192.168.56.101:49295
dead_host	192.168.56.101:49274
dead_host	192.168.56.101:49227

ww_testFS_0211_single.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All