Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 21, 2023, 5:58 p.m.	April 21, 2023, 6:01 p.m.

Size	324.5KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`d0eb40fe08f409805aed3f5312bfb5b8`
SHA256	`2689a2c221cb723b4f35e912efa5c1f6df415d9f656b44c1c9cbbccf248ad1c6`
CRC32	`C094B3A6`
ssdeep	`6144:Z16f9MWbC0l7fKduveCMI9VqzpxICGwZKlC21AHNdOEs27iM+:OfjpKSXVizIZRlCpUR27`
PDB Path	C:\yoceriyiyupa54 jebuvipi23_kobakitakere\tisugi.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsPE32 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library

build2.exe "C:\Users\test22\AppData\Local\Temp\build2.exe"
2544
- build2.exe "C:\Users\test22\AppData\Local\Temp\build2.exe"
  2640

Name	Response	Post-Analysis Lookup
t.me	A 149.154.167.99	149.154.167.99
steamcommunity.com	A 104.88.222.199	23.198.103.114

IP Address	Status	Action
104.88.222.199	Active	Moloch
116.203.7.73	Active	Moloch
149.154.167.99	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49164 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.101:49164 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49164 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 149.154.167.99:443 -> 192.168.56.101:49166	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49165 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.101:49165 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49165 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.101:49169 -> 116.203.7.73:80	2027262	ET INFO Dotted Quad Host ZIP Request	Potentially Bad Traffic
TCP 192.168.56.101:49168 -> 104.88.222.199:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49164 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.101:49165 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49168 104.88.222.199:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	b1:30:5e:4c:ee:14:70:87:a7:d7:1c:77:07:b5:3c:2c:99:13:aa:c5

Queries for the computername (3 events)

Time & API	Arguments	Status	Return
GetComputerNameA April 21, 2023, 5:58 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA April 21, 2023, 5:58 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA April 21, 2023, 5:58 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent April 21, 2023, 5:58 p.m.			0	0

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

This executable has a PDB path (1 event)

pdb_path

C:\yoceriyiyupa54 jebuvipi23_kobakitakere\tisugi.pdb

The file contains an unknown PE resource name possibly indicative of a packer (4 events)

resource name	AFX_DIALOG_LAYOUT
resource name	SIFIZ
resource name	VATIGAJACOZOSOM
resource name	ZOFOLIPELIREWOHEJEGIBIJ

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ April 21, 2023, 5:58 p.m.	stacktrace: LdrResFindResourceDirectory+0x606 RtlEncodeSystemPointer-0x3d ntdll+0x3e01b @ 0x76f4e01b LdrLoadDll+0x2f5 _strcmpi-0x8a ntdll+0x3c72f @ 0x76f4c72f RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x76f4c389 RtlFlsAlloc+0x993 EtwNotificationRegister-0x13c ntdll+0x3f3f6 @ 0x76f4f3f6 RtlEncodeSystemPointer+0x33d RtlFindClearBits-0x454 ntdll+0x3e395 @ 0x76f4e395 RtlSetBits+0x115 RtlFlsAlloc-0x5e ntdll+0x3ea05 @ 0x76f4ea05 RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x76f4ea52 RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x76f4e94d RtlInitializeSid+0x35 RtlEncodePointer-0x3c ntdll+0x40f8f @ 0x76f50f8f RtlSetBits+0xea RtlFlsAlloc-0x89 ntdll+0x3e9da @ 0x76f4e9da RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x76f4ea52 RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x76f4e94d RtlInitializeSid+0x35 RtlEncodePointer-0x3c ntdll+0x40f8f @ 0x76f50f8f RtlSetBits+0xea RtlFlsAlloc-0x89 ntdll+0x3e9da @ 0x76f4e9da RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x76f4ea52 RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x76f4e94d RtlInitializeSid+0x35 RtlEncodePointer-0x3c ntdll+0x40f8f @ 0x76f50f8f RtlSetBits+0xea RtlFlsAlloc-0x89 ntdll+0x3e9da @ 0x76f4e9da RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x76f4ea52 RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x76f4e94d LdrResSearchResource+0x943 LdrResFindResourceDirectory-0x376 ntdll+0x3d69f @ 0x76f4d69f LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x76f4c4b5 New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x734dd4cf LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75981d2a LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x75981d7a LoadLibraryA+0x31 HeapCreate-0x25 kernel32+0x14a08 @ 0x755c4a08 build2+0x17234 @ 0x417234 build2+0x17491 @ 0x417491 build2+0x1d546 @ 0x41d546 build2+0x105b5 @ 0x4105b5 build2+0x11437 @ 0x411437 build2+0x2db1a @ 0x42db1a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 83 38 48 0f 82 39 ff 01 00 8b 48 40 85 c9 0f 84 exception.symbol: LdrResFindResourceDirectory+0x9f RtlEncodeSystemPointer-0x5a4 ntdll+0x3dab4 exception.instruction: cmp dword ptr [eax], 0x48 exception.module: ntdll.dll exception.exception_code: 0xc0000006 exception.offset: 252596 exception.address: 0x76f4dab4 registers.esp: 1514428 registers.edi: 1 registers.eax: 268468152 registers.ebp: 1514432 registers.edx: 268468152 registers.ebx: 268435456 registers.esi: 1996562944 registers.ecx: 64	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

April 21, 2023, 5:58 p.m.

stacktrace:

LdrResFindResourceDirectory+0x606 RtlEncodeSystemPointer-0x3d ntdll+0x3e01b @ 0x76f4e01b
LdrLoadDll+0x2f5 _strcmpi-0x8a ntdll+0x3c72f @ 0x76f4c72f
RtlRunOnceComplete+0x3a4 LdrLoadDll-0xb1 ntdll+0x3c389 @ 0x76f4c389
RtlFlsAlloc+0x993 EtwNotificationRegister-0x13c ntdll+0x3f3f6 @ 0x76f4f3f6
RtlEncodeSystemPointer+0x33d RtlFindClearBits-0x454 ntdll+0x3e395 @ 0x76f4e395
RtlSetBits+0x115 RtlFlsAlloc-0x5e ntdll+0x3ea05 @ 0x76f4ea05
RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x76f4ea52
RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x76f4e94d
RtlInitializeSid+0x35 RtlEncodePointer-0x3c ntdll+0x40f8f @ 0x76f50f8f
RtlSetBits+0xea RtlFlsAlloc-0x89 ntdll+0x3e9da @ 0x76f4e9da
RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x76f4ea52
RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x76f4e94d
RtlInitializeSid+0x35 RtlEncodePointer-0x3c ntdll+0x40f8f @ 0x76f50f8f
RtlSetBits+0xea RtlFlsAlloc-0x89 ntdll+0x3e9da @ 0x76f4e9da
RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x76f4ea52
RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x76f4e94d
RtlInitializeSid+0x35 RtlEncodePointer-0x3c ntdll+0x40f8f @ 0x76f50f8f
RtlSetBits+0xea RtlFlsAlloc-0x89 ntdll+0x3e9da @ 0x76f4e9da
RtlSetBits+0x162 RtlFlsAlloc-0x11 ntdll+0x3ea52 @ 0x76f4ea52
RtlSetBits+0x5d RtlFlsAlloc-0x116 ntdll+0x3e94d @ 0x76f4e94d
LdrResSearchResource+0x943 LdrResFindResourceDirectory-0x376 ntdll+0x3d69f @ 0x76f4d69f
LdrLoadDll+0x7b _strcmpi-0x304 ntdll+0x3c4b5 @ 0x76f4c4b5
New_ntdll_LdrLoadDll@16+0x7b New_ntdll_LdrUnloadDll@4-0xb7 @ 0x734dd4cf
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x75981d2a
LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x75981d7a
LoadLibraryA+0x31 HeapCreate-0x25 kernel32+0x14a08 @ 0x755c4a08
build2+0x17234 @ 0x417234
build2+0x17491 @ 0x417491
build2+0x1d546 @ 0x41d546
build2+0x105b5 @ 0x4105b5
build2+0x11437 @ 0x411437
build2+0x2db1a @ 0x42db1a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 83 38 48 0f 82 39 ff 01 00 8b 48 40 85 c9 0f 84
exception.symbol: LdrResFindResourceDirectory+0x9f RtlEncodeSystemPointer-0x5a4 ntdll+0x3dab4
exception.instruction: cmp dword ptr [eax], 0x48
exception.module: ntdll.dll
exception.exception_code: 0xc0000006
exception.offset: 252596
exception.address: 0x76f4dab4
registers.esp: 1514428
registers.edi: 1
registers.eax: 268468152
registers.ebp: 1514432
registers.edx: 268468152
registers.ebx: 268435456
registers.esi: 1996562944
registers.ecx: 64

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 events)

suspicious_features	Connection to IP address				suspicious_request	GET http://116.203.7.73/
suspicious_features	Connection to IP address				suspicious_request	GET http://116.203.7.73/install.zip

Performs some HTTP requests (3 events)

request	GET http://116.203.7.73/
request	GET http://116.203.7.73/install.zip
request	GET https://steamcommunity.com/profiles/76561199497218285

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 21, 2023, 5:58 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 200704 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0054e000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 21, 2023, 5:58 p.m.	process_identifier: 2544 region_size: 356352 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 21, 2023, 5:58 p.m.	process_identifier: 2640 region_size: 995328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x61e00000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (6 events)

file	C:\ProgramData\vcruntime140.dll
file	C:\ProgramData\msvcp140.dll
file	C:\ProgramData\nss3.dll
file	C:\ProgramData\freebl3.dll
file	C:\ProgramData\mozglue.dll
file	C:\ProgramData\softokn3.dll

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0003f800', u'virtual_address': u'0x00001000', u'entropy': 7.871717082783653, u'name': u'.text', u'virtual_size': u'0x0003f6bc'}

entropy

7.87171708278

description

A section with a high entropy has been found

entropy

0.785162287481

description

Overall entropy of this PE file is high

Potentially malicious URLs were found in the process memory dump (2 events)

url	https://t.me/tg_duckworld
url	https://steamcommunity.com/profiles/76561199497218285

Yara rule detected in process memory (10 events)

description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	Win32 PWS Loki	rule	Win32_PWS_Loki_Zero
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Communicates with host for which no DNS query was performed (1 event)

host

116.203.7.73

Allocates execute permission to another process indicative of possible code injection (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory April 21, 2023, 5:58 p.m.	process_identifier: 2640 region_size: 442368 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000a8	1	0	0

Potential code injection by writing to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory April 21, 2023, 5:58 p.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2640 process_handle: 0x000000a8	1	1	0

Network activity contains more than one unique useragent (2 events)

process	build2.exe				useragent	Mozilla/5.0 (Windows NT 10.0; x64 rv:107.0) Gecko / 20100101 Firefox / 107.0
process	build2.exe				useragent	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36 Vivaldi/3.7

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2544 called NtSetContextThread to modify thread in remote process 2640
NtSetContextThread April 21, 2023, 5:58 p.m.	registers.eip: 1995571652 registers.esp: 1638384 registers.edi: 0 registers.eax: 4381549 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000000a4 process_identifier: 2640	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2544 resumed a thread in remote process 2640
NtResumeThread April 21, 2023, 5:58 p.m.	thread_handle: 0x000000a4 suspend_count: 1 process_identifier: 2640	1	0	0

Executed a process and injected code into it, probably while unpacking (7 events)

Time & API	Arguments	Status	Return
CreateProcessInternalW April 21, 2023, 5:58 p.m.	thread_identifier: 2644 thread_handle: 0x000000a4 process_identifier: 2640 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\build2.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\build2.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\build2.exe stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000000a8	1	1
NtGetContextThread April 21, 2023, 5:58 p.m.	thread_handle: 0x000000a4	1	0
NtUnmapViewOfSection April 21, 2023, 5:58 p.m.	base_address: 0x00400000 region_size: 4096 process_identifier: 2640 process_handle: 0x000000a8	1	0
NtAllocateVirtualMemory April 21, 2023, 5:58 p.m.	process_identifier: 2640 region_size: 442368 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000a8	1	0
WriteProcessMemory April 21, 2023, 5:58 p.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2640 process_handle: 0x000000a8	1	1
NtSetContextThread April 21, 2023, 5:58 p.m.	registers.eip: 1995571652 registers.esp: 1638384 registers.edi: 0 registers.eax: 4381549 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000000a4 process_identifier: 2640	1	0
NtResumeThread April 21, 2023, 5:58 p.m.	thread_handle: 0x000000a4 suspend_count: 1 process_identifier: 2640	1	0

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 events)

Bkav	W32.ChaikoBonwX.Trojan
Lionic	Trojan.Win32.Injuke.16!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKDZ.98837
ClamAV	Win.Packer.pkr_ce1a-9980177-0
FireEye	Generic.mg.d0eb40fe08f40980
CAT-QuickHeal	Ransom.Stop.P5
McAfee	Artemis!D0EB40FE08F4
Malwarebytes	Trojan.MalPack.GS
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00516fdf1 )
Alibaba	Trojan:Win32/Injuke.a5f1e891
K7GW	Trojan ( 005a3bda1 )
CrowdStrike	win/malicious_confidence_100% (W)
Arcabit	Trojan.Generic.D18215
VirIT	Trojan.Win32.GenusB.DGBG
Cyren	W32/Stealer.DA.gen!Eldorado
Symantec	Trojan Horse
ESET-NOD32	a variant of Win32/Kryptik.HTIW
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Injuke.gen
BitDefender	Trojan.GenericKDZ.98837
Avast	Win32:BootkitX-gen [Rtk]
Sophos	Mal/Generic-S
VIPRE	Trojan.GenericKDZ.98837
TrendMicro	TrojanSpy.Win32.VIDAR.YXDDRZ
McAfee-GW-Edition	BehavesLike.Win32.Lockbit.fc
Trapmine	malicious.moderate.ml.score
Emsisoft	Trojan.GenericKDZ.98837 (B)
SentinelOne	Static AI - Suspicious PE
Webroot	W32.Injuke
Antiy-AVL	Trojan/Win32.Injuke
Gridinsoft	Spy.Win32.Vidar.bot
Xcitium	Malware@#2xut7z8jjl6t5
Microsoft	Ransom:Win32/StopCrypt.SEB!MTB
ZoneAlarm	HEUR:Trojan.Win32.Injuke.gen
GData	Trojan.GenericKDZ.98837
Google	Detected
AhnLab-V3	Trojan/Win.Generic.R572924
Acronis	suspicious
ALYac	Trojan.GenericKDZ.98837
MAX	malware (ai score=89)
VBA32	Malware-Cryptor.2LA.gen
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TrojanSpy.Win32.VIDAR.YXDDRZ
Rising	Trojan.Generic@AI.98 (RDML:UQLe61GtHbWxS4Lpe5iFsA)
Ikarus	Trojan.Win32.Crypt

build2.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All