Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 11, 2023, 10:52 p.m.	June 11, 2023, 11:12 p.m.

Size	4.1MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`78e481470c6fd24865ad8d47f83ad31d`
SHA256	`7c1095d23541c4e85c0eed22db92d62c3227f5c483a6931fa0701fe651f4d422`
CRC32	`9998F7F1`
ssdeep	`98304:GddGCc8fJUD9ggHTYC8zQpk3sQUz+z1RRYuTFPSPa:wcCLQL8Mcsd+3FK`
Yara	UPX_Zero - UPX packed file Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)

YaBtc.exe "C:\Users\test22\AppData\Local\Temp\YaBtc.exe"
1460
- YaBtc.exe "C:\Users\test22\AppData\Local\Temp\YaBtc.exe"
  2448

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 11, 2023, 10:22 p.m.			0	0
IsDebuggerPresent June 11, 2023, 10:22 p.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 11, 2023, 10:22 p.m.		1	1	0

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ June 11, 2023, 10:23 p.m.	stacktrace: ReadFile+0x54 CreateFileW-0x35 kernel32+0x13f27 @ 0x757f3f27 yabtc+0x1321 @ 0x401321 yabtc+0x136e @ 0x40136e yabtc+0x195d @ 0x40195d BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 89 03 eb ac 3d 11 00 00 c0 75 05 83 23 00 eb a0 exception.symbol: ReadFile+0x138 WriteFile-0x3a kernelbase+0xd0e5 exception.instruction: mov dword ptr [ebx], eax exception.module: KERNELBASE.dll exception.exception_code: 0xc0000005 exception.offset: 53477 exception.address: 0x7559d0e5 registers.esp: 3600768 registers.edi: 96 registers.eax: 4332032 registers.ebp: 3600824 registers.edx: 2130566132 registers.ebx: 0 registers.esi: 0 registers.ecx: 2263023616	1	0	0

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (21 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 458752 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003b0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f32000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 1703936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02450000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003b2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00425000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00427000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003cc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003da000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003d7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003ba000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0091f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00910000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005c1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:22 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003ca000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 11, 2023, 10:23 p.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005c2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x003bca00', u'virtual_address': u'0x00002000', u'entropy': 7.992324944377908, u'name': u'.text', u'virtual_size': u'0x003bc97c'}

entropy

7.99232494438

description

A section with a high entropy has been found

entropy

0.904609929078

description

Overall entropy of this PE file is high

Yara rule detected in process memory (9 events)

description	Communications use DNS	rule	Network_DNS
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Allocates execute permission to another process indicative of possible code injection (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory June 11, 2023, 10:23 p.m.	process_identifier: 2448 region_size: 28672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000264	1	0	0

Potential code injection by writing to the memory of another process (5 events)

Time & API	Arguments	Status	Return
WriteProcessMemory June 11, 2023, 10:23 p.m.	buffer: MZÿÿ¸@Àº´ Í!¸LÍ!This program cannot be run in DOS mode. $Ã°¢ÜÑÌÑÌÑÌÑÍ ÑÌT£ÍÑÌ^¬ÅÑÌ^¬ÎÑÌRichÑÌPEL§dà#W0@p@42d`¬ð080 .text `.rdata.0@@.data@@À.CRTP@@.reloc¬`@B base_address: 0x00400000 process_identifier: 2448 process_handle: 0x00000264	1	1
WriteProcessMemory June 11, 2023, 10:23 p.m.	buffer: 55î4h4T4J484444b3n3333¤3Â3Ø3æ3ô34Ò4À4®44483H3tsqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-_abcdefghijklmnop§d ô@1@§dGCTL .text$di ~.text$mn0 .idata$5 0.rdata(1.rdata$voltmd@1ô.rdata$zzzdbg42P.idata$22.idata$32 .idata$483ö.idata$6@.bssP.CRT$XCU3V3t0¨2x40ô2â4\02 5055î4h4T4J484444b3n3333¤3Â3Ø3æ3ô34Ò4À4®44483H3tsfreeaddrinfogetaddrinfoWS2_32.dllReadFileGetModuleFileNameA,WriteFileUlstrlenASleepTGetFileInformationByHandleMGetFileAttributesAQGlobalSizeËCreateFileABGlobalAllocCloseHandleZHeapAllocMGlobalLockjExitProcessÄGetProcessHeapWinExec½CreateDirectoryATGlobalUnlockKERNEL32.dllSetClipboardData4GetClipboardDataèEmptyClipboardOCloseClipboardOpenClipboardUSER32.dllµRegSetValueExApRegCreateKeyExAhRegCloseKeyADVAPI32.dll base_address: 0x00403000 process_identifier: 2448 process_handle: 0x00000264	1	1
WriteProcessMemory June 11, 2023, 10:23 p.m.	buffer: @ base_address: 0x00405000 process_identifier: 2448 process_handle: 0x00000264	1	1
WriteProcessMemory June 11, 2023, 10:23 p.m.	buffer: 070=0J0Q0^0d0q0x0é0111,141:1C1L1Y1{11£1±1·1Ô1ö1ü132?2Q2c2q2 2±2ä2ë233X3t3337[7e7\|777¦7¿7Î788%8B8t88£8²8ì8 99 9-939;9D9r99À9å9ò9:::P0 base_address: 0x00406000 process_identifier: 2448 process_handle: 0x00000264	1	1
WriteProcessMemory June 11, 2023, 10:23 p.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2448 process_handle: 0x00000264	1	1

Code injection by writing an executable or DLL to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory June 11, 2023, 10:23 p.m.	buffer: MZÿÿ¸@Àº´ Í!¸LÍ!This program cannot be run in DOS mode. $Ã°¢ÜÑÌÑÌÑÌÑÍ ÑÌT£ÍÑÌ^¬ÅÑÌ^¬ÎÑÌRichÑÌPEL§dà#W0@p@42d`¬ð080 .text `.rdata.0@@.data@@À.CRTP@@.reloc¬`@B base_address: 0x00400000 process_identifier: 2448 process_handle: 0x00000264	1	1	0

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 1460 called NtSetContextThread to modify thread in remote process 2448
NtSetContextThread June 11, 2023, 10:23 p.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4200023 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000260 process_identifier: 2448	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 1460 resumed a thread in remote process 2448
NtResumeThread June 11, 2023, 10:23 p.m.	thread_handle: 0x00000260 suspend_count: 1 process_identifier: 2448	1	0	0

Executed a process and injected code into it, probably while unpacking (14 events)

Time & API	Arguments	Status	Return
NtResumeThread June 11, 2023, 10:22 p.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 1460	1	0
NtResumeThread June 11, 2023, 10:22 p.m.	thread_handle: 0x00000154 suspend_count: 1 process_identifier: 1460	1	0
NtResumeThread June 11, 2023, 10:22 p.m.	thread_handle: 0x00000194 suspend_count: 1 process_identifier: 1460	1	0
CreateProcessInternalW June 11, 2023, 10:23 p.m.	thread_identifier: 2452 thread_handle: 0x00000260 process_identifier: 2448 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\YaBtc.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\YaBtc.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\YaBtc.exe stack_pivoted: 0 creation_flags: 4 (CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000264	1	1
NtGetContextThread June 11, 2023, 10:23 p.m.	thread_handle: 0x00000260	1	0
NtAllocateVirtualMemory June 11, 2023, 10:23 p.m.	process_identifier: 2448 region_size: 28672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000264	1	0
WriteProcessMemory June 11, 2023, 10:23 p.m.	buffer: MZÿÿ¸@Àº´ Í!¸LÍ!This program cannot be run in DOS mode. $Ã°¢ÜÑÌÑÌÑÌÑÍ ÑÌT£ÍÑÌ^¬ÅÑÌ^¬ÎÑÌRichÑÌPEL§dà#W0@p@42d`¬ð080 .text `.rdata.0@@.data@@À.CRTP@@.reloc¬`@B base_address: 0x00400000 process_identifier: 2448 process_handle: 0x00000264	1	1
WriteProcessMemory June 11, 2023, 10:23 p.m.	buffer: base_address: 0x00401000 process_identifier: 2448 process_handle: 0x00000264	1	1
WriteProcessMemory June 11, 2023, 10:23 p.m.	buffer: 55î4h4T4J484444b3n3333¤3Â3Ø3æ3ô34Ò4À4®44483H3tsqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-_abcdefghijklmnop§d ô@1@§dGCTL .text$di ~.text$mn0 .idata$5 0.rdata(1.rdata$voltmd@1ô.rdata$zzzdbg42P.idata$22.idata$32 .idata$483ö.idata$6@.bssP.CRT$XCU3V3t0¨2x40ô2â4\02 5055î4h4T4J484444b3n3333¤3Â3Ø3æ3ô34Ò4À4®44483H3tsfreeaddrinfogetaddrinfoWS2_32.dllReadFileGetModuleFileNameA,WriteFileUlstrlenASleepTGetFileInformationByHandleMGetFileAttributesAQGlobalSizeËCreateFileABGlobalAllocCloseHandleZHeapAllocMGlobalLockjExitProcessÄGetProcessHeapWinExec½CreateDirectoryATGlobalUnlockKERNEL32.dllSetClipboardData4GetClipboardDataèEmptyClipboardOCloseClipboardOpenClipboardUSER32.dllµRegSetValueExApRegCreateKeyExAhRegCloseKeyADVAPI32.dll base_address: 0x00403000 process_identifier: 2448 process_handle: 0x00000264	1	1
WriteProcessMemory June 11, 2023, 10:23 p.m.	buffer: @ base_address: 0x00405000 process_identifier: 2448 process_handle: 0x00000264	1	1
WriteProcessMemory June 11, 2023, 10:23 p.m.	buffer: 070=0J0Q0^0d0q0x0é0111,141:1C1L1Y1{11£1±1·1Ô1ö1ü132?2Q2c2q2 2±2ä2ë233X3t3337[7e7\|777¦7¿7Î788%8B8t88£8²8ì8 99 9-939;9D9r99À9å9ò9:::P0 base_address: 0x00406000 process_identifier: 2448 process_handle: 0x00000264	1	1
WriteProcessMemory June 11, 2023, 10:23 p.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2448 process_handle: 0x00000264	1	1
NtSetContextThread June 11, 2023, 10:23 p.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4200023 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000260 process_identifier: 2448	1	0
NtResumeThread June 11, 2023, 10:23 p.m.	thread_handle: 0x00000260 suspend_count: 1 process_identifier: 2448	1	0

File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.67448383
ALYac	Trojan.GenericKD.67448383
Cylance	unsafe
Sangfor	Trojan.Win32.Save.a
Alibaba	Trojan:MSIL/Kryptik.b74a1f55
K7GW	Trojan ( 0059df7d1 )
CrowdStrike	win/malicious_confidence_100% (W)
Cyren	W32/ABRisk.UWBE-8456
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.AHUA
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	HEUR:Trojan.MSIL.Scarsi.gen
BitDefender	Trojan.GenericKD.67448383
Avast	Win32:RATX-gen [Trj]
Tencent	Msil.Trojan.Scarsi.Ztjl
Emsisoft	Trojan.GenericKD.67448383 (B)
F-Secure	Trojan.TR/Kryptik.kuvgv
VIPRE	Trojan.GenericKD.67448383
McAfee-GW-Edition	BehavesLike.Win32.Generic.rc
Trapmine	malicious.high.ml.score
FireEye	Generic.mg.78e481470c6fd248
Sophos	Mal/Generic-S
Ikarus	Trojan.MSIL.Crypt
GData	Trojan.GenericKD.67448383
Webroot	W32.Trojan.Gen
Avira	TR/Kryptik.kuvgv
Antiy-AVL	Trojan/MSIL.Kryptik
Arcabit	Trojan.Generic.D4052E3F
Microsoft	Trojan:Win32/Casdet!rfn
Google	Detected
AhnLab-V3	Trojan/Win.Generic.C5439560
Acronis	suspicious
McAfee	Artemis!78E481470C6F
MAX	malware (ai score=85)
Malwarebytes	Trojan.Crypt.MSIL
Panda	Trj/Chgt.AD
Rising	Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:/qgvdjCcIy9brWu3A30UzQ)
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.ADWG!tr
BitDefenderTheta	Gen:NN.ZemsilF.36250.@p0@auAAbIjG
AVG	Win32:RATX-gen [Trj]
DeepInstinct	MALICIOUS

YaBtc.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All