Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 11, 2023, 7:26 a.m.	July 11, 2023, 7:29 a.m.

Size	496.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`c415c178036686bf3a3fbd8dc296a686`
SHA256	`0bdde3cb5bc10aa2aa88e00599e59b6ebfb1ce24fe78dc2871ba3c8118f61c91`
CRC32	`4632DC18`
ssdeep	`12288:L1I+ZdhnhN/xayCvZPcdDFuP/27MsrfH0tj10YJ:RI+ZDhTikRuP/C/0`
Yara	Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Is_DotNET_EXE - (no description) PE_Header_Zero - PE File Signature IsPE32 - (no description)

csrssd.exe "C:\Users\test22\AppData\Local\Temp\csrssd.exe"
2564
- RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2724

Name	Response	Post-Analysis Lookup
www.effmkg.top	A 206.119.167.205	206.119.167.205
www.date-store.info	A 162.43.104.75	162.43.104.75
www.ansuzmedia.store
www.uty186.com	CNAME 3xin5.zhanghonghong.com A 122.10.20.248	122.10.20.248
www.framedeals.buzz	A 104.21.73.200 A 172.67.165.207	104.21.73.200
www.snazzy.top	A 203.161.55.144	203.161.55.144
www.niubiseo158.top	A 192.250.196.82	192.250.196.82
www.sqlite.org	A 45.33.6.223	45.33.6.223
www.homesalerealtywi.com	A 204.11.56.48	204.11.56.48
www.dinohoki85.online
www.baotrang-jewelry.com	A 54.179.30.8 A 13.215.123.39 CNAME dns.ladipage.com A 52.74.11.229	13.215.123.39
www.investmentmastr.com	CNAME investmentmastr.com A 68.178.150.54	68.178.150.54

IP Address	Status	Action
122.10.20.248	Active	Moloch
162.43.104.75	Active	Moloch
164.124.101.2	Active	Moloch
172.67.165.207	Active	Moloch
192.250.196.82	Active	Moloch
203.161.55.144	Active	Moloch
204.11.56.48	Active	Moloch
206.119.167.205	Active	Moloch
45.33.6.223	Active	Moloch
54.179.30.8	Active	Moloch
68.178.150.54	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:52753 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic
TCP 192.168.56.101:49174 -> 192.250.196.82:80	2023882	ET INFO HTTP Request to a *.top domain	Potentially Bad Traffic
TCP 192.168.56.101:49173 -> 203.161.55.144:80	2031089	ET HUNTING Request to .TOP Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49178 -> 172.67.165.207:80	2032991	ET INFO HTTP Request to a *.buzz domain	Potentially Bad Traffic
TCP 192.168.56.101:49179 -> 172.67.165.207:80	2032991	ET INFO HTTP Request to a *.buzz domain	Potentially Bad Traffic
TCP 192.168.56.101:49181 -> 206.119.167.205:80	2031089	ET HUNTING Request to .TOP Domain with Minimal Headers	Potentially Bad Traffic
TCP 192.168.56.101:49175 -> 192.250.196.82:80	2031089	ET HUNTING Request to .TOP Domain with Minimal Headers	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 11, 2023, 7:26 a.m.			0	0
IsDebuggerPresent July 11, 2023, 7:26 a.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 11, 2023, 7:26 a.m.		1	1	0

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ July 11, 2023, 7:27 a.m.	stacktrace: 0x6c1541 0x6c145a 0x6c1390 0x6c1310 0x6c1253 0x6c11f7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x727c9efd CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x727c9fa2 DllGetClassObjectInternal+0x8bed4 CorDllMainForThunk-0x627 clr+0x150f4d @ 0x728f0f4d DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x727bbcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x727a2ae9 0x6c0ebb DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x727c9efd CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x727c9fa2 DllGetClassObjectInternal+0x8bed4 CorDllMainForThunk-0x627 clr+0x150f4d @ 0x728f0f4d DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x727bbcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x727a2ae9 0x6c0e67 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x727c9efd CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x727c9fa2 LogHelp_TerminateOnAssert+0x16b0b GetPrivateContextsPerfCounters-0x2937 clr+0x8564b @ 0x7282564b CreateAssemblyNameObject+0x2e9ca GetMetaDataInternalInterface-0x9aa5 clr+0x5be63 @ 0x727fbe63 CreateAssemblyNameObject+0x2e4ff GetMetaDataInternalInterface-0x9f70 clr+0x5b998 @ 0x727fb998 CreateAssemblyNameObject+0x2e28d GetMetaDataInternalInterface-0xa1e2 clr+0x5b726 @ 0x727fb726 CreateAssemblyNameObject+0x2eacf GetMetaDataInternalInterface-0x99a0 clr+0x5bf68 @ 0x727fbf68 CreateAssemblyNameObject+0x2e84b GetMetaDataInternalInterface-0x9c24 clr+0x5bce4 @ 0x727fbce4 DllRegisterServerInternal+0xa898 CoUninitializeEE-0x2ba0 clr+0x1cca4 @ 0x727bcca4 DllRegisterServerInternal+0xa92b CoUninitializeEE-0x2b0d clr+0x1cd37 @ 0x727bcd37 DllGetClassObjectInternal+0x437c8 CorDllMainForThunk-0x48d33 clr+0x108841 @ 0x728a8841 LogHelp_TerminateOnAssert+0x129a9 GetPrivateContextsPerfCounters-0x6a99 clr+0x814e9 @ 0x728214e9 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x6c0da9 0x6c09e9 0x6c09b6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 CoUninitializeEE+0x789b CreateAssemblyNameObject-0x63ba clr+0x270df @ 0x727c70df LogHelp_TerminateOnAssert+0x55ee GetPrivateContextsPerfCounters-0x13e54 clr+0x7412e @ 0x7281412e mscorlib+0x2f1c22 @ 0x71ad1c22 mscorlib+0x2f1b99 @ 0x71ad1b99 mscorlib+0x2f0814 @ 0x71ad0814 mscorlib+0x307407 @ 0x71ae7407 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a exception.instruction_r: 83 78 04 00 0f 85 4b 2b 00 00 c7 85 dc fd ff ff exception.instruction: cmp dword ptr [eax + 4], 0 exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6c2754 registers.esp: 3328148 registers.edi: 3329588 registers.eax: 0 registers.ebp: 3329600 registers.edx: 0 registers.ebx: 3329984 registers.esi: 3372 registers.ecx: 6704920	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

July 11, 2023, 7:27 a.m.

stacktrace:

0x6c1541
0x6c145a
0x6c1390
0x6c1310
0x6c1253
0x6c11f7
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f
CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x727c9efd
CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x727c9fa2
DllGetClassObjectInternal+0x8bed4 CorDllMainForThunk-0x627 clr+0x150f4d @ 0x728f0f4d
DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x727bbcd5
DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x727a2ae9
0x6c0ebb
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f
CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x727c9efd
CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x727c9fa2
DllGetClassObjectInternal+0x8bed4 CorDllMainForThunk-0x627 clr+0x150f4d @ 0x728f0f4d
DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x727bbcd5
DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x727a2ae9
0x6c0e67
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f
CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x727c9efd
CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x727c9fa2
LogHelp_TerminateOnAssert+0x16b0b GetPrivateContextsPerfCounters-0x2937 clr+0x8564b @ 0x7282564b
CreateAssemblyNameObject+0x2e9ca GetMetaDataInternalInterface-0x9aa5 clr+0x5be63 @ 0x727fbe63
CreateAssemblyNameObject+0x2e4ff GetMetaDataInternalInterface-0x9f70 clr+0x5b998 @ 0x727fb998
CreateAssemblyNameObject+0x2e28d GetMetaDataInternalInterface-0xa1e2 clr+0x5b726 @ 0x727fb726
CreateAssemblyNameObject+0x2eacf GetMetaDataInternalInterface-0x99a0 clr+0x5bf68 @ 0x727fbf68
CreateAssemblyNameObject+0x2e84b GetMetaDataInternalInterface-0x9c24 clr+0x5bce4 @ 0x727fbce4
DllRegisterServerInternal+0xa898 CoUninitializeEE-0x2ba0 clr+0x1cca4 @ 0x727bcca4
DllRegisterServerInternal+0xa92b CoUninitializeEE-0x2b0d clr+0x1cd37 @ 0x727bcd37
DllGetClassObjectInternal+0x437c8 CorDllMainForThunk-0x48d33 clr+0x108841 @ 0x728a8841
LogHelp_TerminateOnAssert+0x129a9 GetPrivateContextsPerfCounters-0x6a99 clr+0x814e9 @ 0x728214e9
mscorlib+0x2d36ad @ 0x71ab36ad
mscorlib+0x308f2d @ 0x71ae8f2d
0x6c0da9
0x6c09e9
0x6c09b6
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95
CoUninitializeEE+0x789b CreateAssemblyNameObject-0x63ba clr+0x270df @ 0x727c70df
LogHelp_TerminateOnAssert+0x55ee GetPrivateContextsPerfCounters-0x13e54 clr+0x7412e @ 0x7281412e
mscorlib+0x2f1c22 @ 0x71ad1c22
mscorlib+0x2f1b99 @ 0x71ad1b99
mscorlib+0x2f0814 @ 0x71ad0814
mscorlib+0x307407 @ 0x71ae7407
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a

exception.instruction_r: 83 78 04 00 0f 85 4b 2b 00 00 c7 85 dc fd ff ff
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x6c2754
registers.esp: 3328148
registers.edi: 3329588
registers.eax: 0
registers.ebp: 3329600
registers.edx: 0
registers.ebx: 3329984
registers.esi: 3372
registers.ecx: 6704920

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (8 events)

suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.baotrang-jewelry.com/8mwu/?AtRS=EU3iIBTa7/FiG89Zkn9giTIgWQjAgZeKQjtjqA56CDWeG/Y64M9bd0fUJ8VEDSTetbKxDk1W+HVeVL/Bv/O0oK42dWysymJF/Fz7e18=&L08E=VdmpZkW2d
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.date-store.info/8mwu/?AtRS=QCWughoEBLNWlxoKJazXJvFVptHaudS5CtBHXaoHYx4YCXEq+K4liCb7WZlVD+RMuH5kCBUqy3mcV+3Nr6i4SxN+kY5cxzsbKOKS/94=&L08E=VdmpZkW2d
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.investmentmastr.com/8mwu/?AtRS=PsH7VurMFQyD6ju4MnYVKLsngyhRF0i3kpEyk+bvF+v2WbyUoo2xQnfNKDF27FubHa/Uq1yd2iymJaC1K/rhLY6C/0yWRYEJmyt9xCA=&L08E=VdmpZkW2d
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.snazzy.top/8mwu/?AtRS=hq4LUNPbOJJ32NO4taYz6MbqZKFszgoxkz2vk6DroaZ2ot5/vFuGkg9TSETWpPkUvR5zvHY4W4/OsVbmF+Jpeu4hTeI286k5D1jdj0E=&L08E=VdmpZkW2d
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.niubiseo158.top/8mwu/?AtRS=DpBsY/EqeNdrZFzJBhJgkE6I4JhtuhKG/ihhRdK7+ZddsX/RTtTF+8Mul1ZbonjYts59d9bhAh3cEH3KC86wGfwsRy2myXMRgqa2uDs=&L08E=VdmpZkW2d
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.homesalerealtywi.com/8mwu/?AtRS=oINJ/gp/aJeJF1lmtDttIp5zYupEQ9+i41jy+2inlUmQPi8yQegxtF+73D7Viv9VJKhdmECNx8qtF80OZhRsVw7SvxMGhJ4ooOkNn5A=&L08E=VdmpZkW2d
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.framedeals.buzz/8mwu/?AtRS=VWM5CmNEXV0Wws5lOi41B/CT5DkRJBR63DKPnwmZQhPPNIeL3HbUg+RwDwZOLCkdO7WSUUICcQ5s3r8q/6yBYhvdm+7LZZAalqtbZFE=&L08E=VdmpZkW2d
suspicious_features	GET method with no useragent header	suspicious_request	GET http://www.effmkg.top/8mwu/?AtRS=cuz6fZ9rAQU+AblclZ0dz+AWyQnWqvDu1YxezGquJoJchTSyh9fWxECepA/LrKXAq+eZ/F2gxCu5cJ8yEGWuS25DvJh6mlleb3H+l3g=&L08E=VdmpZkW2d

Performs some HTTP requests (18 events)

request	POST http://www.baotrang-jewelry.com/8mwu/
request	GET http://www.baotrang-jewelry.com/8mwu/?AtRS=EU3iIBTa7/FiG89Zkn9giTIgWQjAgZeKQjtjqA56CDWeG/Y64M9bd0fUJ8VEDSTetbKxDk1W+HVeVL/Bv/O0oK42dWysymJF/Fz7e18=&L08E=VdmpZkW2d
request	GET http://www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip
request	POST http://www.date-store.info/8mwu/
request	GET http://www.date-store.info/8mwu/?AtRS=QCWughoEBLNWlxoKJazXJvFVptHaudS5CtBHXaoHYx4YCXEq+K4liCb7WZlVD+RMuH5kCBUqy3mcV+3Nr6i4SxN+kY5cxzsbKOKS/94=&L08E=VdmpZkW2d
request	POST http://www.investmentmastr.com/8mwu/
request	GET http://www.investmentmastr.com/8mwu/?AtRS=PsH7VurMFQyD6ju4MnYVKLsngyhRF0i3kpEyk+bvF+v2WbyUoo2xQnfNKDF27FubHa/Uq1yd2iymJaC1K/rhLY6C/0yWRYEJmyt9xCA=&L08E=VdmpZkW2d
request	POST http://www.snazzy.top/8mwu/
request	GET http://www.snazzy.top/8mwu/?AtRS=hq4LUNPbOJJ32NO4taYz6MbqZKFszgoxkz2vk6DroaZ2ot5/vFuGkg9TSETWpPkUvR5zvHY4W4/OsVbmF+Jpeu4hTeI286k5D1jdj0E=&L08E=VdmpZkW2d
request	POST http://www.niubiseo158.top/8mwu/
request	GET http://www.niubiseo158.top/8mwu/?AtRS=DpBsY/EqeNdrZFzJBhJgkE6I4JhtuhKG/ihhRdK7+ZddsX/RTtTF+8Mul1ZbonjYts59d9bhAh3cEH3KC86wGfwsRy2myXMRgqa2uDs=&L08E=VdmpZkW2d
request	POST http://www.homesalerealtywi.com/8mwu/
request	GET http://www.homesalerealtywi.com/8mwu/?AtRS=oINJ/gp/aJeJF1lmtDttIp5zYupEQ9+i41jy+2inlUmQPi8yQegxtF+73D7Viv9VJKhdmECNx8qtF80OZhRsVw7SvxMGhJ4ooOkNn5A=&L08E=VdmpZkW2d
request	POST http://www.framedeals.buzz/8mwu/
request	GET http://www.framedeals.buzz/8mwu/?AtRS=VWM5CmNEXV0Wws5lOi41B/CT5DkRJBR63DKPnwmZQhPPNIeL3HbUg+RwDwZOLCkdO7WSUUICcQ5s3r8q/6yBYhvdm+7LZZAalqtbZFE=&L08E=VdmpZkW2d
request	POST http://www.effmkg.top/8mwu/
request	GET http://www.effmkg.top/8mwu/?AtRS=cuz6fZ9rAQU+AblclZ0dz+AWyQnWqvDu1YxezGquJoJchTSyh9fWxECepA/LrKXAq+eZ/F2gxCu5cJ8yEGWuS25DvJh6mlleb3H+l3g=&L08E=VdmpZkW2d
request	POST http://www.uty186.com/8mwu/

Sends data using the HTTP POST Method (9 events)

request	POST http://www.baotrang-jewelry.com/8mwu/
request	POST http://www.date-store.info/8mwu/
request	POST http://www.investmentmastr.com/8mwu/
request	POST http://www.snazzy.top/8mwu/
request	POST http://www.niubiseo158.top/8mwu/
request	POST http://www.homesalerealtywi.com/8mwu/
request	POST http://www.framedeals.buzz/8mwu/
request	POST http://www.effmkg.top/8mwu/
request	POST http://www.uty186.com/8mwu/

Resolves a suspicious Top Level Domain (TLD) (3 events)

domain	www.effmkg.top	description	Generic top level domain TLD
domain	www.niubiseo158.top	description	Generic top level domain TLD
domain	www.snazzy.top	description	Generic top level domain TLD

Allocates read-write-execute memory (usually to unpack itself) (37 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory July 11, 2023, 7:26 a.m.	process_identifier: 2564 region_size: 1376256 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005f0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:26 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00700000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 11, 2023, 7:26 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 11, 2023, 7:26 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:26 a.m.	process_identifier: 2564 region_size: 1900544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a90000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:26 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:26 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00552000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:26 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00585000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:26 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0058b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:26 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00587000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:26 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0056c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:26 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:26 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0055a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00576000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0056a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0057a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00577000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 24576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x050a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 49152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x050a1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x050ad000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x050ae000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04430000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74004000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04e80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 20480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04e81000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0056d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04e86000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04e88000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0444f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04440000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04e89000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04e8a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2564 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04e8b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2724 region_size: 3158016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02500000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1

Creates hidden or system file (1 event)

Time & API	Arguments	Status	Return	Repeated
SetFileAttributesW July 11, 2023, 7:27 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Local\Temp\csrssd.exe filepath: C:\Users\test22\AppData\Local\Temp\csrssd.exe	1	1	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0007b600', u'virtual_address': u'0x00002000', u'entropy': 7.987944989470192, u'name': u'.text', u'virtual_size': u'0x0007b484'}

entropy

7.98794498947

description

A section with a high entropy has been found

entropy

0.995963673058

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 events)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW July 11, 2023, 7:27 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0
LookupPrivilegeValueW July 11, 2023, 7:27 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (8 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

One or more of the buffers contains an embedded PE file (3 events)

buffer	Buffer with sha1: ea121214f0c1e113d5c5195cc03bc9940bb30337
buffer	Buffer with sha1: bcb82abaa44a9b800ae8daa65d86277781bff579
buffer	Buffer with sha1: 37b3d413b95991b9dadbb2d6d66eabb3d25405ac

Allocates execute permission to another process indicative of possible code injection (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2724 region_size: 200704 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000026c	1	0	0

Potential code injection by writing to the memory of another process (2 events)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory July 11, 2023, 7:27 a.m.	buffer: MZERèXè ÈÀ<ÁÀ(ÿá¸º´ Í!¸LÍ!This program cannot be run in DOS mode. $y =`gó=`gó=`gó¦¨ó:`gó¦ªó<`gó¦«ó<`góRich=`góPELûsSàúÀ@@.textøú ` base_address: 0x00400000 process_identifier: 2724 process_handle: 0x0000026c	1	1	0
WriteProcessMemory July 11, 2023, 7:27 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2724 process_handle: 0x0000026c	1	1	0

Code injection by writing an executable or DLL to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory July 11, 2023, 7:27 a.m.	buffer: MZERèXè ÈÀ<ÁÀ(ÿá¸º´ Í!¸LÍ!This program cannot be run in DOS mode. $y =`gó=`gó=`gó¦¨ó:`gó¦ªó<`gó¦«ó<`góRich=`góPELûsSàúÀ@@.textøú ` base_address: 0x00400000 process_identifier: 2724 process_handle: 0x0000026c	1	1	0

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2564 called NtSetContextThread to modify thread in remote process 2724
NtSetContextThread July 11, 2023, 7:27 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4199872 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000268 process_identifier: 2724	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2564 resumed a thread in remote process 2724
NtResumeThread July 11, 2023, 7:27 a.m.	thread_handle: 0x00000268 suspend_count: 1 process_identifier: 2724	1	0	0

File has been identified by 29 AntiVirus engines on VirusTotal as malicious (29 events)

Elastic	malicious (high confidence)
Malwarebytes	MachineLearning/Anomalous.100%
Cybereason	malicious.79a3c9
VirIT	Trojan.Win32.MSIL_Heur.A
Cyren	W32/MSIL_Agent.FSA.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/GenKryptik.GLLR
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	VHO:Trojan-PSW.MSIL.Stealer.gen
Avast	Win32:PWSX-gen [Trj]
F-Secure	Heuristic.HEUR/AGEN.1308654
McAfee-GW-Edition	BehavesLike.Win32.Generic.gc
Trapmine	malicious.moderate.ml.score
FireEye	Generic.mg.c415c178036686bf
Sophos	ML/PE-A
SentinelOne	Static AI - Malicious PE
Avira	HEUR/AGEN.1308654
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
ZoneAlarm	VHO:Trojan-PSW.MSIL.Stealer.gen
Google	Detected
Cylance	unsafe
Rising	Stealer.Agent!8.C2 (TFE:dGZlOgxp+E3j6SmjpQ)
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.AJAC!tr
BitDefenderTheta	Gen:NN.ZemsilF.36302.Fm0@aWMmXXi
AVG	Win32:PWSX-gen [Trj]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_90% (D)

Executed a process and injected code into it, probably while unpacking (11 events)

Time & API	Arguments	Status	Return
NtResumeThread July 11, 2023, 7:26 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2564	1	0
NtResumeThread July 11, 2023, 7:26 a.m.	thread_handle: 0x00000154 suspend_count: 1 process_identifier: 2564	1	0
NtResumeThread July 11, 2023, 7:26 a.m.	thread_handle: 0x00000190 suspend_count: 1 process_identifier: 2564	1	0
CreateProcessInternalW July 11, 2023, 7:27 a.m.	thread_identifier: 2728 thread_handle: 0x00000268 process_identifier: 2724 current_directory: filepath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe track: 1 command_line: filepath_r: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x0000026c	1	1
NtGetContextThread July 11, 2023, 7:27 a.m.	thread_handle: 0x00000268	1	0
NtAllocateVirtualMemory July 11, 2023, 7:27 a.m.	process_identifier: 2724 region_size: 200704 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000026c	1	0
WriteProcessMemory July 11, 2023, 7:27 a.m.	buffer: MZERèXè ÈÀ<ÁÀ(ÿá¸º´ Í!¸LÍ!This program cannot be run in DOS mode. $y =`gó=`gó=`gó¦¨ó:`gó¦ªó<`gó¦«ó<`góRich=`góPELûsSàúÀ@@.textøú ` base_address: 0x00400000 process_identifier: 2724 process_handle: 0x0000026c	1	1
WriteProcessMemory July 11, 2023, 7:27 a.m.	buffer: base_address: 0x00401000 process_identifier: 2724 process_handle: 0x0000026c	1	1
WriteProcessMemory July 11, 2023, 7:27 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2724 process_handle: 0x0000026c	1	1
NtSetContextThread July 11, 2023, 7:27 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4199872 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000268 process_identifier: 2724	1	0
NtResumeThread July 11, 2023, 7:27 a.m.	thread_handle: 0x00000268 suspend_count: 1 process_identifier: 2724	1	0

csrssd.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All