Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Aug. 8, 2024, 4:48 p.m.	Aug. 8, 2024, 4:50 p.m.

Size	8.6MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`6eaf878c7f1449d65f4b99d49aa9844a`
SHA256	`719be172d349897c78f1674a09f9a8cbbbc74445938f8da93845b4b03ef6a43e`
CRC32	`3402E579`
ssdeep	`196608:JoRIA7SzZqdAzjNZrVG5Jf8S8zZHUVkSrdZHBjkYCDHi2Qo1RqvCpE:JaTsZqdAf7kf8PzZ0VkSrLHBjgO2qH`
Yara	Malicious_Library_Zero - Malicious_Library Admin_Tool_IN_Zero - Admin Tool Sysinternals PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer IsPE32 - (no description) UPX_Zero - UPX packed file Generic_Malware_Zero - Generic Malware mzp_file_format - MZP(Delphi) file format OS_Processor_Check_Zero - OS Processor Check

카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.exe "C:\Users\test22\AppData\Local\Temp\카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.exe"
2540
- 카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.tmp "C:\Users\test22\AppData\Local\Temp\is-NMQ0M.tmp\카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.tmp" /SL5="$80178,1572778,839680,C:\Users\test22\AppData\Local\Temp\카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.exe"
  2620
  - 카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.exe "C:\Users\test22\AppData\Local\Temp\카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.exe" /VERYSILENT /NORESTART
    2692
    - 카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.tmp "C:\Users\test22\AppData\Local\Temp\is-BEJMA.tmp\카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.tmp" /SL5="$90178,1572778,839680,C:\Users\test22\AppData\Local\Temp\카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.exe" /VERYSILENT /NORESTART
      2764
      - PING.EXE "ping" -n 11 127.0.0.1
        2816
      - cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
        2936
        
        tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
        2996
        
        find.exe find /I "wrsa.exe"
        3032
      - cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
        800
        
        tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
        2068
        
        find.exe find /I "opssvc.exe"
        2192
      - cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
        2408
        
        tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
        2480
        
        find.exe find /I "avastui.exe"
        2572
      - cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
        2676
        
        tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
        2756
        
        find.exe find /I "avgui.exe"
        2828
      - cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
        648
        
        tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
        1512
        
        find.exe find /I "nswscsvc.exe"
        1064
      - cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
        2976
        
        tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
        1864
        
        find.exe find /I "sophoshealth.exe"
        1216
      - cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\test22\AppData\Local\Realtek HD Audio Universal Service\\RudderOverlap.bat"
        2220
        
        chcp.com chcp.com 437
        2260
        
        find.exe fiNd
        2444
        
        findstr.exe findstr /L /I set "C:\Users\test22\AppData\Local\Realtek HD Audio Universal Service\\RudderOverlap.bat"
        2652
        
        findstr.exe findstr /L /I goto "C:\Users\test22\AppData\Local\Realtek HD Audio Universal Service\\RudderOverlap.bat"
        2688
        
        findstr.exe findstr /L /I echo "C:\Users\test22\AppData\Local\Realtek HD Audio Universal Service\\RudderOverlap.bat"
        2496
        
        findstr.exe findstr /L /I pause "C:\Users\test22\AppData\Local\Realtek HD Audio Universal Service\\RudderOverlap.bat"
        2784
        
        cmd.exe C:\Windows\system32\cmd.exe /c type tmp
        300
        
        find.exe find
        2604
        
        cmd.exe C:\Windows\system32\cmd.exe /c type tmp
        1792
        
        AutoIt3.exe "C:\Users\test22\AppData\Local\Realtek HD Audio Universal Service\AutoIt3.exe" "C:\Users\test22\AppData\Local\Realtek HD Audio Universal Service\mssign32.sys"
        2956
        
        rundll32.exe C:\Windows\SysWOW64\rundll32.exe
        812

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (7 events)

Time & API	Arguments	Status	Return
GetComputerNameW Aug. 8, 2024, 4:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 8, 2024, 4:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 8, 2024, 4:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 8, 2024, 4:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 8, 2024, 4:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 8, 2024, 4:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Aug. 8, 2024, 4:48 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (3 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Aug. 8, 2024, 4:48 p.m.			0	0
IsDebuggerPresent Aug. 8, 2024, 4:48 p.m.			0	0
IsDebuggerPresent Aug. 8, 2024, 4:49 p.m.			0	0

Command line console output was observed (3 events)

Time & API	Arguments	Status	Return
WriteConsoleW Aug. 8, 2024, 4:48 p.m.	buffer: C:\Windows\system32> console_handle: 0x00000007	1	1
WriteConsoleW Aug. 8, 2024, 4:48 p.m.	buffer: nul console_handle: 0x00000007	1	1
WriteConsoleW Aug. 8, 2024, 4:48 p.m.	buffer: cls console_handle: 0x00000007	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Aug. 8, 2024, 4:48 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	.itext
section	.didata

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Aug. 8, 2024, 4:48 p.m.	stacktrace: BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xeedfade exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 2226368 registers.edi: 0 registers.eax: 2226368 registers.ebp: 2226448 registers.edx: 0 registers.ebx: 3 registers.esi: 2 registers.ecx: 7	1	0	0

Allocates read-write-execute memory (usually to unpack itself) (16 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 688128 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e41000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ef7000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 139264 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ef9000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73422000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2620 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73422000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2620 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2692 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e40000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2692 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 688128 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00e41000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2692 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ef7000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2692 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 139264 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ef9000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2692 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73662000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73662000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Aug. 8, 2024, 4:48 p.m.	process_identifier: 2764 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00cf0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2024, 4:49 p.m.	process_identifier: 2956 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bb2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Aug. 8, 2024, 4:49 p.m.	process_identifier: 2956 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 180224 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00da8000 process_handle: 0xffffffff	1

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Temp\is-HV0UU.tmp\_isetup\_iscrypt.dll
file	C:\Users\test22\AppData\Local\Temp\is-BLI8T.tmp\_isetup\_iscrypt.dll

Creates a suspicious process (9 events)

cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH \| find /I "avgui.exe"
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH \| find /I "sophoshealth.exe"
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH \| find /I "opssvc.exe"
cmdline	C:\Windows\system32\cmd.exe /c type tmp
cmdline	cmd.exe /c "C:\Users\test22\AppData\Local\Realtek HD Audio Universal Service\\RudderOverlap.bat"
cmdline	"C:\Windows\System32\cmd.exe" /c "C:\Users\test22\AppData\Local\Realtek HD Audio Universal Service\\RudderOverlap.bat"
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH \| find /I "wrsa.exe"
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH \| find /I "nswscsvc.exe"
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH \| find /I "avastui.exe"

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\is-HV0UU.tmp\_isetup\_iscrypt.dll

Executes one or more WMI queries (6 events)

wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'

A process created a hidden window (2 events)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW Aug. 8, 2024, 4:48 p.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.exe parameters: /VERYSILENT /NORESTART filepath: C:\Users\test22\AppData\Local\Temp\카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.exe	1	1	0
ShellExecuteExW Aug. 8, 2024, 4:48 p.m.	show_type: 0 filepath_r: cmd.exe parameters: /c "C:\Users\test22\AppData\Local\Realtek HD Audio Universal Service\\RudderOverlap.bat" filepath: cmd.exe	1	1	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (6 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW Aug. 8, 2024, 4:48 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 8, 2024, 4:48 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 8, 2024, 4:48 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 8, 2024, 4:48 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 8, 2024, 4:48 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Aug. 8, 2024, 4:48 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Queries for potentially installed applications (1 event)

Time & API	Arguments	Status	Return	Repeated
RegOpenKeyExW Aug. 8, 2024, 4:48 p.m.	regkey_r: Software\Microsoft\Windows\CurrentVersion\Uninstall\{00095544-14AB-4312-8A9E-F2C5F5C8144B}}_is1 base_handle: 0x80000001 key_handle: 0x00000000 options: 0 access: 0x00000101 regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{00095544-14AB-4312-8A9E-F2C5F5C8144B}}_is1		2	0

Uses Windows utilities for basic Windows functionality (13 events)

cmdline	tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH \| find /I "avgui.exe"
cmdline	chcp.com 437
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH \| find /I "sophoshealth.exe"
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH \| find /I "opssvc.exe"
cmdline	tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
cmdline	tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
cmdline	tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH \| find /I "wrsa.exe"
cmdline	tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH \| find /I "nswscsvc.exe"
cmdline	"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH \| find /I "avastui.exe"
cmdline	tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH

Deletes executed files from disk (1 event)

file	C:\Users\test22\AppData\Local\Temp\is-BEJMA.tmp\카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.tmp

File has been identified by 18 AntiVirus engines on VirusTotal as malicious (18 events)

Bkav	W32.AIDetectMalware
ALYac	Spyware.Infostealer.Lumma
Sangfor	Trojan.Win32.Agent.Vz0j
Symantec	Trojan.Gen.MBT
McAfee	Artemis!6EAF878C7F14
Avast	FileRepMalware [Misc]
Kaspersky	Trojan.Win32.Strab.nni
Alibaba	Trojan:Win32/Generic.5fccfb25
TrendMicro	TrojanSpy.Win32.LUMMASTEALER.YXEHEZ
McAfeeD	ti!719BE172D349
Sophos	Mal/Generic-S
Microsoft	Trojan:Win32/Razy!MTB
ZoneAlarm	Trojan.Win32.Strab.nni
DeepInstinct	MALICIOUS
Ikarus	Trojan.Win32.Razy
TrendMicro-HouseCall	TrojanSpy.Win32.LUMMASTEALER.YXEHEZ
AVG	FileRepMalware [Misc]
CrowdStrike	win/grayware_confidence_60% (D)

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2220 resumed a thread in remote process 2956
NtResumeThread Aug. 8, 2024, 4:49 p.m.	thread_handle: 0x00000098 suspend_count: 0 process_identifier: 2956	1	0	0

Detects the presence of Wine emulator (4 events)

Time & API	Arguments	Return
LdrGetProcedureAddress Aug. 8, 2024, 4:48 p.m.	ordinal: 0 function_address: 0x00e4f7a8 function_name: wine_get_version module: ntdll module_address: 0x76f10000	3221225785
LdrGetProcedureAddress Aug. 8, 2024, 4:48 p.m.	ordinal: 0 function_address: 0x00ef17b0 function_name: wine_get_version module: ntdll module_address: 0x76f10000	3221225785
LdrGetProcedureAddress Aug. 8, 2024, 4:48 p.m.	ordinal: 0 function_address: 0x00e4f7a8 function_name: wine_get_version module: ntdll module_address: 0x76f10000	3221225785
LdrGetProcedureAddress Aug. 8, 2024, 4:48 p.m.	ordinal: 0 function_address: 0x00d317b0 function_name: wine_get_version module: ntdll module_address: 0x76f10000	3221225785

카카오 엔터테인먼트의 지식재산권 침해 내용.PDF.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All