Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 28, 2023, 1:43 p.m.	May 28, 2023, 2:17 p.m.

Size	4.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5	`e2c4c4dd8c6a357eca164955a8fe040c`
SHA256	`f3efe3b57a0f5cc46963dbd8832ceecd5768117685b4cee684b1235d9e74ebe5`
CRC32	`0DB00DCB`
ssdeep	`98304:3c9jNgez/S9bL+M0QVtYD0JCqfZlVcc9uNSwfrNaSQHbfU0qC:s95zk0mtyTqj6W4SGYSQ/qC`
Yara	Malicious_Library_Zero - Malicious_Library NSIS_Installer - Null Soft Installer PE_Header_Zero - PE File Signature IsPE32 - (no description)

BaldiTrojan-x64.exe "C:\Users\test22\AppData\Local\Temp\BaldiTrojan-x64.exe"
1932
- cmd.exe cmd /c CleanZUpdater.bat
  2196
  - Baldi.exe C:\Baldi\Baldi.exe
    2260
    - taskkill.exe "C:\Windows\System32\taskkill.exe" /f /im explorer.exe
      2344
  - DisableUAC.exe C:\Baldi\DisableUAC.exe
    2476
    - cmd.exe "C:\Windows\system32\cmd" /c "C:\Users\test22\AppData\Local\Temp\D22F.tmp\D240.bat C:\Baldi\DisableUAC.exe"
      2564
      - reg.exe reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f
        2608
      - shutdown.exe shutdown -r -t 1 -c "BALDI EVIL..."
        2656

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW May 28, 2023, 1:43 p.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 28, 2023, 1:36 p.m.			0	0

Command line console output was observed (2 events)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW May 28, 2023, 1:43 p.m.	buffer: SUCCESS: The process "explorer.exe" with PID 1236 has been terminated. console_handle: 0x00000007	1	1	0
WriteConsoleW May 28, 2023, 1:36 p.m.	buffer: The operation completed successfully. console_handle: 0x0000000000000007	1	1	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 28, 2023, 1:43 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.ndata

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ May 28, 2023, 1:43 p.m.	stacktrace: IWICColorContext_InitializeFromMemory_Proxy+0x37187 windowscodecs+0xd8660 @ 0x73d98660 WICConvertBitmapSource+0x2472b WICMapGuidToShortName-0x10e74 windowscodecs+0x8f797 @ 0x73d4f797 DllGetClassObject+0x12362 WICSerializeMetadataContent-0x7277 windowscodecs+0x23362 @ 0x73ce3362 DllGetClassObject+0x118b1 WICSerializeMetadataContent-0x7d28 windowscodecs+0x228b1 @ 0x73ce28b1 DllGetClassObject+0x11788 WICSerializeMetadataContent-0x7e51 windowscodecs+0x22788 @ 0x73ce2788 DllGetClassObject+0x12659 WICSerializeMetadataContent-0x6f80 windowscodecs+0x23659 @ 0x73ce3659 DllGetClassObject+0x8e24 WICSerializeMetadataContent-0x107b5 windowscodecs+0x19e24 @ 0x73cd9e24 DllGetClassObject+0x8c6d WICSerializeMetadataContent-0x1096c windowscodecs+0x19c6d @ 0x73cd9c6d iconcodecservice+0x14c8 @ 0x73dc14c8 SetKeyboardState+0xe587 CliImmSetHotKey-0x52d4 user32+0x4fa39 @ 0x7562fa39 LookupIconIdFromDirectoryEx+0x362 DdeCreateDataHandle-0x622 user32+0x2f316 @ 0x7560f316 CopyImage+0x4f SetWindowPlacement-0x5e user32+0x24a58 @ 0x75604a58 CopyImage+0xa3 SetWindowPlacement-0xa user32+0x24aac @ 0x75604aac DdeConnectList+0xcec GetKeyNameTextW-0xc20 user32+0x5fb81 @ 0x7563fb81 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a GetThemeBool+0x84e GetThemeTextExtent-0x1b5f uxtheme+0x16e9f @ 0x74566e9f GetThemeBool+0x8c0 GetThemeTextExtent-0x1aed uxtheme+0x16f11 @ 0x74566f11 SystemParametersInfoW+0x40 GetWindowThreadProcessId-0xa1 user32+0x19113 @ 0x755f9113 TMethodImplementationIntercept+0x15a148 dbkFCallWrapperAddr-0x17b88 baldi+0x21dab4 @ 0x61dab4 TMethodImplementationIntercept+0x11f467 dbkFCallWrapperAddr-0x52869 baldi+0x1e2dd3 @ 0x5e2dd3 TMethodImplementationIntercept+0x11f073 dbkFCallWrapperAddr-0x52c5d baldi+0x1e29df @ 0x5e29df TMethodImplementationIntercept+0x11f024 dbkFCallWrapperAddr-0x52cac baldi+0x1e2990 @ 0x5e2990 TMethodImplementationIntercept+0x12a661 dbkFCallWrapperAddr-0x4766f baldi+0x1edfcd @ 0x5edfcd TMethodImplementationIntercept+0x163d9e dbkFCallWrapperAddr-0xdf32 baldi+0x22770a @ 0x62770a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc0000002 exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 1634444 registers.edi: 18720136 registers.eax: 1634444 registers.ebp: 1634524 registers.edx: 89 registers.ebx: 4094 registers.esi: 18719488 registers.ecx: 90	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

May 28, 2023, 1:43 p.m.

stacktrace:

IWICColorContext_InitializeFromMemory_Proxy+0x37187 windowscodecs+0xd8660 @ 0x73d98660
WICConvertBitmapSource+0x2472b WICMapGuidToShortName-0x10e74 windowscodecs+0x8f797 @ 0x73d4f797
DllGetClassObject+0x12362 WICSerializeMetadataContent-0x7277 windowscodecs+0x23362 @ 0x73ce3362
DllGetClassObject+0x118b1 WICSerializeMetadataContent-0x7d28 windowscodecs+0x228b1 @ 0x73ce28b1
DllGetClassObject+0x11788 WICSerializeMetadataContent-0x7e51 windowscodecs+0x22788 @ 0x73ce2788
DllGetClassObject+0x12659 WICSerializeMetadataContent-0x6f80 windowscodecs+0x23659 @ 0x73ce3659
DllGetClassObject+0x8e24 WICSerializeMetadataContent-0x107b5 windowscodecs+0x19e24 @ 0x73cd9e24
DllGetClassObject+0x8c6d WICSerializeMetadataContent-0x1096c windowscodecs+0x19c6d @ 0x73cd9c6d
iconcodecservice+0x14c8 @ 0x73dc14c8
SetKeyboardState+0xe587 CliImmSetHotKey-0x52d4 user32+0x4fa39 @ 0x7562fa39
LookupIconIdFromDirectoryEx+0x362 DdeCreateDataHandle-0x622 user32+0x2f316 @ 0x7560f316
CopyImage+0x4f SetWindowPlacement-0x5e user32+0x24a58 @ 0x75604a58
CopyImage+0xa3 SetWindowPlacement-0xa user32+0x24aac @ 0x75604aac
DdeConnectList+0xcec GetKeyNameTextW-0xc20 user32+0x5fb81 @ 0x7563fb81
KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a
GetThemeBool+0x84e GetThemeTextExtent-0x1b5f uxtheme+0x16e9f @ 0x74566e9f
GetThemeBool+0x8c0 GetThemeTextExtent-0x1aed uxtheme+0x16f11 @ 0x74566f11
SystemParametersInfoW+0x40 GetWindowThreadProcessId-0xa1 user32+0x19113 @ 0x755f9113
TMethodImplementationIntercept+0x15a148 dbkFCallWrapperAddr-0x17b88 baldi+0x21dab4 @ 0x61dab4
TMethodImplementationIntercept+0x11f467 dbkFCallWrapperAddr-0x52869 baldi+0x1e2dd3 @ 0x5e2dd3
TMethodImplementationIntercept+0x11f073 dbkFCallWrapperAddr-0x52c5d baldi+0x1e29df @ 0x5e29df
TMethodImplementationIntercept+0x11f024 dbkFCallWrapperAddr-0x52cac baldi+0x1e2990 @ 0x5e2990
TMethodImplementationIntercept+0x12a661 dbkFCallWrapperAddr-0x4766f baldi+0x1edfcd @ 0x5edfcd
TMethodImplementationIntercept+0x163d9e dbkFCallWrapperAddr-0xdf32 baldi+0x22770a @ 0x62770a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0xc0000002
exception.offset: 46887
exception.address: 0x7559b727
registers.esp: 1634444
registers.edi: 18720136
registers.eax: 1634444
registers.ebp: 1634524
registers.edx: 89
registers.ebx: 4094
registers.esi: 18719488
registers.ecx: 90

Allocates read-write-execute memory (usually to unpack itself) (10 events)

Time & API	Arguments	Status
NtProtectVirtualMemory May 28, 2023, 1:43 p.m.	process_identifier: 1932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74091000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 28, 2023, 1:43 p.m.	process_identifier: 1932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f61000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 28, 2023, 1:43 p.m.	process_identifier: 1932 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75291000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 28, 2023, 1:43 p.m.	process_identifier: 2260 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory May 28, 2023, 1:43 p.m.	process_identifier: 2260 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e51000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 28, 2023, 1:43 p.m.	process_identifier: 2260 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e21000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 28, 2023, 1:43 p.m.	process_identifier: 2260 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73dc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 28, 2023, 1:43 p.m.	process_identifier: 2260 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73cc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 28, 2023, 1:43 p.m.	process_identifier: 2260 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72a91000 process_handle: 0xffffffff	1
NtProtectVirtualMemory May 28, 2023, 1:43 p.m.	process_identifier: 2344 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73e21000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (6 events)

file	C:\Baldi\DisableUAC.exe
file	C:\Baldi\CleanZUpdater.bat
file	C:\Baldi\kill.exe
file	C:\Baldi\mbr.exe
file	C:\Users\test22\AppData\Local\Temp\D22F.tmp\D240.bat
file	C:\Baldi\Baldi.exe

Executes one or more WMI queries (1 event)

wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "explorer.exe")

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW May 28, 2023, 1:43 p.m.	show_type: 0 filepath_r: taskkill.exe parameters: /f /im explorer.exe filepath: taskkill.exe	1	1	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW May 28, 2023, 1:43 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Potentially malicious URLs were found in the process memory dump (5 events)

url	https://vk.com/endnet
url	http://www.microsoft.com/schemas/ie8tldlistdescription/1.0
url	http://purl.org/rss/1.0/
url	http://www.passport.com
url	https://www.youtube.com/channel/UCsKC-cU51wQN_jz-jUrzu-A

Yara rule detected in process memory (50 out of 65 events)

description	Create a windows service	rule	Create_Service
description	Communication using DGA	rule	Network_DGA
description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Communications use DNS	rule	Network_DNS
description	Hijack network configuration	rule	Hijack_Network
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	Communications over HTTP	rule	Network_HTTP
description	PWS Memory	rule	Generic_PWS_Memory_Zero
description	Record Audio	rule	Sniff_Audio
description	Steal credential	rule	local_credential_Steal
description	Match Windows Http API call	rule	Str_Win32_Http_API
description	Communications over P2P network	rule	Network_P2P_Win
description	Match Windows Inet API call	rule	Str_Win32_Internet_API
description	Escalate priviledges	rule	Escalate_priviledges
description	File Downloader	rule	Network_Downloader
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerCheck__RemoteAPI
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__ConsoleCtrl
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	(no description)	rule	Check_Dlls
description	Checks if being debugged	rule	anti_dbg
description	Anti-Sandbox checks for ThreatExpert	rule	antisb_threatExpert
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook
description	Install itself for autorun at Windows startup	rule	Persistence
description	Communications over FTP	rule	Network_FTP
description	Run a KeyLogger	rule	KeyLogger
description	Take ScreenShot	rule	ScreenShot
description	Create a windows service	rule	Create_Service
description	Communication using DGA	rule	Network_DGA
description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Communications use DNS	rule	Network_DNS
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	Communications over HTTP	rule	Network_HTTP
description	PWS Memory	rule	Generic_PWS_Memory_Zero
description	Record Audio	rule	Sniff_Audio
description	Steal credential	rule	local_credential_Steal
description	Match Windows Http API call	rule	Str_Win32_Http_API
description	Communications over P2P network	rule	Network_P2P_Win
description	Match Windows Inet API call	rule	Str_Win32_Internet_API
description	Escalate priviledges	rule	Escalate_priviledges
description	File Downloader	rule	Network_Downloader
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerCheck__RemoteAPI

Terminates another process (2 events)

Time & API	Arguments	Status	Return	Repeated
NtTerminateProcess May 28, 2023, 1:43 p.m.	status_code: 0x00000001 process_identifier: 1236 process_handle: 0x000001f4		0	0
NtTerminateProcess May 28, 2023, 1:43 p.m.	status_code: 0x00000001 process_identifier: 1236 process_handle: 0x000001f4	1	0	0

Uses Windows utilities for basic Windows functionality (5 events)

cmdline	"C:\Windows\system32\cmd" /c "C:\Users\test22\AppData\Local\Temp\D22F.tmp\D240.bat C:\Baldi\DisableUAC.exe"
cmdline	shutdown -r -t 1 -c "BALDI EVIL..."
cmdline	"C:\Windows\System32\taskkill.exe" /f /im explorer.exe
cmdline	reg ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f
cmdline	taskkill.exe /f /im explorer.exe

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\GG.exe

reg_value

C:\Baldi\Baldi.exe

Disables Windows' Task Manager (1 event)

registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr

Attempts to modify desktop wallpaper (1 event)

registry

HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper

Resumed a suspended thread in a remote process potentially indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2196 resumed a thread in remote process 2260
Process injection	Process 2196 resumed a thread in remote process 2476
NtResumeThread May 28, 2023, 1:43 p.m.	thread_handle: 0x00000130 suspend_count: 0 process_identifier: 2260	1	0	0
NtResumeThread May 28, 2023, 1:43 p.m.	thread_handle: 0x0000012c suspend_count: 0 process_identifier: 2476	1	0	0

Disables Windows Security features (1 event)

description

attempts to disable user access control

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Lionic	Trojan.Win32.Generic.4!c
Cynet	Malicious (score: 99)
McAfee	Artemis!E2C4C4DD8C6A
Malwarebytes	Malware.AI.3711542626
VIPRE	Trojan.GenericKD.50408638
Sangfor	Trojan.Win32.Diztakun.Vlb0
K7AntiVirus	Trojan ( 005492061 )
Alibaba	Trojan:Win32/Diztakun.43d6e53d
K7GW	Trojan ( 005492061 )
Cybereason	malicious.d8c6a3
Arcabit	Trojan.Generic.D3012CBE
Elastic	malicious (moderate confidence)
ESET-NOD32	multiple detections
APEX	Malicious
ClamAV	Win.Downloader.Banload-9844978-0
Kaspersky	UDS:Trojan.Win32.Generic
BitDefender	Trojan.GenericKD.50408638
NANO-Antivirus	Trojan.Win32.Mlw.fmsuod
MicroWorld-eScan	Trojan.GenericKD.50408638
Avast	Win32:Malware-gen
Tencent	Win32.Trojan.Generic.Lcnw
Emsisoft	Trojan.GenericKD.50408638 (B)
F-Secure	Trojan.TR/BAS.Samca.amdgw
DrWeb	Trojan.KillProc.57809
Zillya	Trojan.Diztakun.Win32.7105
TrendMicro	TROJ_GEN.R002C0PEB23
McAfee-GW-Edition	BehavesLike.Win32.VBObfus.rc
FireEye	Trojan.GenericKD.50408638
Sophos	Mal/Generic-S
Jiangmin	Trojan.Generic.arosj
Avira	TR/BAS.Samca.amdgw
MAX	malware (ai score=81)
Antiy-AVL	Trojan/Win32.Azden
Xcitium	Malware@#21ltmztsk52pc
Microsoft	Trojan:Win32/Wacatac.B!ml
ViRobot	Trojan.Win.Z.Agent.4444053
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Trojan.GenericKD.50408638
Google	Detected
AhnLab-V3	Malware/Win64.Generic.C2704848
BitDefenderTheta	Gen:NN.ZelphiF.36196.@Z0@a4dR6Iji
ALYac	Trojan.GenericKD.50408638
VBA32	TScope.Trojan.Delf
Cylance	unsafe
Panda	Trj/CI.A
TrendMicro-HouseCall	TROJ_GEN.R002C0PEB23
Rising	Trojan.Azden!8.F0E3 (CLOUD)
Yandex	Trojan.Agent!rnR6+Wc6Brg
Ikarus	Trojan.Win32.LockScreen
Fortinet	W32/KillMBR.NCW!tr

BaldiTrojan-x64.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All