Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 11, 2023, 10:36 p.m.	June 11, 2023, 10:38 p.m.

Size	116.0KB
Type	PE32 executable (DLL) (console) Intel 80386, for MS Windows
MD5	`c66b0840fb234a69216f2a8762c0d6cc`
SHA256	`08dcca7c39e0c6b529c13290856b32427800bc5e721305442b1633bc78c84a71`
CRC32	`17CE57CE`
ssdeep	`1536:STHyv5Zb8g9D720iWDrrZDvvyBnzD6nMVV4J1C2cffcWQVGsk/MY:dvj7biWDRvvKPyHyfcW2Gsk/H`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library Malicious_Packer_Zero - Malicious Packer PE_Header_Zero - PE File Signature Win_Backdoor_Farfli - gives threat-actors several options of gaining access to the affected system. Antivirus - Contains references to security software IsPE32 - (no description)

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\datelog.dll,fuckyou
2544
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\datelog.dll,
2628

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
104.76.70.102	Active	Moloch
134.122.135.4	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 11, 2023, 10:22 p.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 11, 2023, 10:22 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (16 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73be5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75bf1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76281000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75bc1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75d21000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c11000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73660000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73571000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x734e1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x734a4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73572000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bb1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75941000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x764b1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73291000 process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 event)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW June 11, 2023, 10:22 p.m.	total_number_of_free_bytes: 13323546624 free_bytes_available: 13323546624 root_path: C:\ total_number_of_bytes: 34252779520	1	1	0

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (41 events)

Time & API	Arguments	Status	Return
Process32FirstW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: [System Process] process_identifier: 0	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: System process_identifier: 4	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: smss.exe process_identifier: 224	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: csrss.exe process_identifier: 304	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: wininit.exe process_identifier: 352	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: csrss.exe process_identifier: 360	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: winlogon.exe process_identifier: 400	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: services.exe process_identifier: 444	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: lsass.exe process_identifier: 460	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: lsm.exe process_identifier: 468	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: svchost.exe process_identifier: 572	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: svchost.exe process_identifier: 652	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: svchost.exe process_identifier: 724	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: svchost.exe process_identifier: 784	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: svchost.exe process_identifier: 832	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: audiodg.exe process_identifier: 900	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: svchost.exe process_identifier: 992	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: svchost.exe process_identifier: 292	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: spoolsv.exe process_identifier: 324	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: svchost.exe process_identifier: 1048	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: srvany.exe process_identifier: 1284	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: KMService.exe process_identifier: 1436	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 1448	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: taskhost.exe process_identifier: 1600	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: sppsvc.exe process_identifier: 1820	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: svchost.exe process_identifier: 1896	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: dwm.exe process_identifier: 1260	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: explorer.exe process_identifier: 1452	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: pw.exe process_identifier: 988	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: SearchIndexer.exe process_identifier: 1160	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: SearchProtocolHost.exe process_identifier: 936	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: SearchFilterHost.exe process_identifier: 2000	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: mobsync.exe process_identifier: 2272	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: pw.exe process_identifier: 2316	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: wsqmcons.exe process_identifier: 2352	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: taskhost.exe process_identifier: 2360	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: sdclt.exe process_identifier: 2376	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: rundll32.exe process_identifier: 2544	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: schtasks.exe process_identifier: 2700	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 2708	1	1
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (50 out of 80 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0
Process32NextW June 11, 2023, 10:22 p.m.	snapshot_handle: 0x0000027c process_name: conhost.exe process_identifier: 6815854		0	0

Communicates with host for which no DNS query was performed (2 events)

host	104.76.70.102
host	134.122.135.4

File has been identified by 57 AntiVirus engines on VirusTotal as malicious (50 out of 57 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Zegost.4!c
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
ALYac	Generic.Malware.LcPfoPk!134.207C2B57
Cylance	unsafe
Zillya	Trojan.Farfli.Win32.40952
Sangfor	Suspicious.Win32.Save.ins
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Generic.Malware.LcPfoPk!134.207C2B57
K7GW	Trojan ( 00569b3c1 )
K7AntiVirus	Trojan ( 00569b3c1 )
Baidu	Win32.Backdoor.Farfli.b
Cyren	W32/Farfli.GW.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/Farfli.DAV
APEX	Malicious
ClamAV	Win.Dropper.Gh0stRAT-7696262-0
Kaspersky	Backdoor.Win32.Zegost.mttqq
Alibaba	Backdoor:Win32/Farfli.baa9f886
NANO-Antivirus	Trojan.Win32.Zegost.jowlpx
ViRobot	Trojan.Win.Z.Farfli.118784.AT
MicroWorld-eScan	Generic.Malware.LcPfoPk!134.207C2B57
Avast	Win32:Farfli-BH [Trj]
Rising	Backdoor.Agent!1.9E1E (CLASSIC)
Emsisoft	Generic.Malware.LcPfoPk!134.207C2B57 (B)
F-Secure	Backdoor.BDS/Zegost.klzeimd
DrWeb	BackDoor.Farfli.171
VIPRE	Generic.Malware.LcPfoPk!134.207C2B57
TrendMicro	TROJ_GEN.R002C0DEN23
McAfee-GW-Edition	BehavesLike.Win32.Ransomware.ch
FireEye	Generic.mg.c66b0840fb234a69
Sophos	Mal/Generic-S
Ikarus	Trojan.Win32.Farfli
GData	Generic.Malware.LcPfoPk!134.207C2B57
Jiangmin	Backdoor.Zegost.atw
Avira	BDS/Zegost.klzeimd
Antiy-AVL	Trojan/Win32.Farfli
Arcabit	Generic.Malware.LcPfoPk!134.207C2B57
ZoneAlarm	Backdoor.Win32.Zegost.mttqq
Microsoft	Trojan:Win32/Vindor!pz
Google	Detected
AhnLab-V3	Trojan/Win32.Magania.R66525
McAfee	GenericRXRX-EK!C66B0840FB23
MAX	malware (ai score=81)
VBA32	Backdoor.Zegost
Malwarebytes	Backdoor.Farfli
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_GEN.R002C0DEN23
Tencent	Backdoor.Win32.Zegost.ha

datelog.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All