Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Oct. 30, 2024, 9:27 a.m.	Oct. 30, 2024, 9:30 a.m.

Size	3.8MB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`f6814a59c53218b84eb943ef07fcb74c`
SHA256	`c7eaff9d735d8eef42c73be4c093f7b31cf7d0df18c98d135eb915c13409d077`
CRC32	`7CBC9345`
ssdeep	`98304:fyzs10ZzmBarm735MyHkWKA7kFCQi7MahHr5Gt40JY8:fyQfBamD5QM7Mms4ah`
PDB Path	D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

m.dat "C:\Users\test22\AppData\Local\Temp\m.dat"
2556
- wscript.exe "C:\Windows\System32\WScript.exe" "C:\Windows\debug\m\n.vbs"
  2688
  - cmd.exe cmd /c ""C:\Windows\debug\m\c1.bat" "
    2812
    - lsass.exe lsass.exe install "Windows Updata" winlogon.exe
      2872
    - regedit.exe C:\Windows\regedit /s server.reg
      2920
    - 1sass.exe C:\PerfLogs\Admin\1sass.exe install "Windows Management" C:\PerfLogs\Admin\csrss.exe
      2964
    - regedit.exe C:\Windows\regedit /s server2.reg
      3012
    - sc.exe sc start "Windows Updata"
      3056
    - sc.exe sc start "Windows Management"
      2120
    - attrib.exe attrib C:\Windows\debug\m +h +a
      2364
    - attrib.exe attrib C:\Windows\debug\m\*.json +h +a +s +r
      2492
    - attrib.exe attrib C:\Windows\debug\m\*.exe +h +a +s +r
      2592
    - attrib.exe attrib C:\PerfLogs\Admin\*.exe +h +a +s +r
      2352
    - netsh.exe netsh advfirewall firewall add rule name="tcp all" dir=in protocol=tcp localport=0-65535 action=allow
      2708

Name	Response	Post-Analysis Lookup
k2ygoods.ydns.eu		46.29.162.246
k2yisgood.top		45.89.228.144

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:61950 -> 8.8.8.8:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic
UDP 192.168.56.101:52815 -> 164.124.101.2:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic
UDP 192.168.56.101:59002 -> 8.8.8.8:53	2023883	ET DNS Query to a *.top domain - Likely Hostile	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 94 events)

Time & API	Arguments	Status	Return
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: A subdirectory or file C:\PerfLogs\Admin already exists. console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: 1 file(s) copied. console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: 1 file(s) copied. console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: Could Not Find C:\windows\debug\m.exe console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: Could Not Find C:\Windows\debug\m\n.vbs console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: The batch file cannot be found. console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: S console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: r console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: v console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: c console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: W console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: d console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: o console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: w console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: s console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: U console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: p console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: d console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: t console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: i console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: n console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: s console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: t console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: a console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: l console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: l console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: d console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: s console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: u console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: c console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: c console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: s console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: s console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: f console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: u console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: l console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: l console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: y console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: S console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: e console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 30, 2024, 9:20 a.m.	buffer: r console_handle: 0x000000000000000f	1	1

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

This executable has a PDB path (1 event)

pdb_path

D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.gfids

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

PNG

Resolves a suspicious Top Level Domain (TLD) (1 event)

domain

k2yisgood.top

description

Generic top level domain TLD

Allocates read-write-execute memory (usually to unpack itself) (2 events)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 30, 2024, 9:20 a.m.	process_identifier: 2556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0
NtProtectVirtualMemory Oct. 30, 2024, 9:20 a.m.	process_identifier: 2688 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1	0	0

Foreign language identified in PE resource (27 events)

name

PNG

language

LANG_CHINESE

filetype

PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007118c

size

0x000015a9

name

PNG

language

LANG_CHINESE

filetype

PNG image data, 186 x 604, 8-bit/color RGB, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007118c

size

0x000015a9

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00077ea8

size

0x00003d71

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00077ea8

size

0x00003d71

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00077ea8

size

0x00003d71

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00077ea8

size

0x00003d71

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00077ea8

size

0x00003d71

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00077ea8

size

0x00003d71

name

RT_ICON

language

LANG_CHINESE

filetype

PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x00077ea8

size

0x00003d71

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007c288

size

0x000001ce

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007c288

size

0x000001ce

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007c288

size

0x000001ce

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007c288

size

0x000001ce

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007c288

size

0x000001ce

name

RT_DIALOG

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007c288

size

0x000001ce

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007cb9c

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007cb9c

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007cb9c

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007cb9c

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007cb9c

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007cb9c

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007cb9c

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007cb9c

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007cb9c

size

0x0000006a

name

RT_STRING

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007cb9c

size

0x0000006a

name

RT_GROUP_ICON

language

LANG_CHINESE

filetype

data

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007cc08

size

0x00000068

name

RT_MANIFEST

language

LANG_CHINESE

filetype

XML 1.0 document, ASCII text, with CRLF line terminators

sublanguage

SUBLANG_CHINESE_SIMPLIFIED

offset

0x0007cc70

size

0x00000640

Creates executable files on the filesystem (7 events)

file	C:\Windows\debug\m\lsass.exe
file	C:\Windows\debug\m\csrss.exe
file	C:\Windows\debug\m\server.reg
file	C:\Windows\debug\m\c1.bat
file	C:\Windows\debug\m\server2.reg
file	C:\Windows\debug\m\winlogon.exe
file	C:\Windows\debug\m\n.vbs

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW Oct. 30, 2024, 9:20 a.m.	show_type: 0 filepath_r: C:\Windows\debug\m\c1.bat parameters: filepath: C:\Windows\debug\m\c1.bat	1	1	0

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x0000d400', u'virtual_address': u'0x00070000', u'entropy': 6.853371632250611, u'name': u'.rsrc', u'virtual_size': u'0x0000d2b0'}

entropy

6.85337163225

description

A section with a high entropy has been found

Yara rule detected in process memory (8 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Uses Windows utilities for basic Windows functionality (7 events)

cmdline	attrib C:\PerfLogs\Admin\*.exe +h +a +s +r
cmdline	attrib C:\Windows\debug\m +h +a
cmdline	netsh advfirewall firewall add rule name="tcp all" dir=in protocol=tcp localport=0-65535 action=allow
cmdline	sc start "Windows Updata"
cmdline	sc start "Windows Management"
cmdline	attrib C:\Windows\debug\m\*.json +h +a +s +r
cmdline	attrib C:\Windows\debug\m\*.exe +h +a +s +r

Installs itself for autorun at Windows startup (2 events)

service_name	Windows Updata				service_path	C:\Windows\debug\m\lsass.exe
service_name	Windows Management				service_path	C:\PerfLogs\Admin\1sass.exe

Operates on local firewall's policies and settings (1 event)

cmdline

netsh advfirewall firewall add rule name="tcp all" dir=in protocol=tcp localport=0-65535 action=allow

Created a service where a service was also not started (2 events)

Time & API	Arguments	Status	Return	Repeated
CreateServiceW Oct. 30, 2024, 9:20 a.m.	service_start_name: start_type: 2 password: display_name: Windows Updata filepath: C:\Windows\debug\m\lsass.exe service_name: Windows Updata filepath_r: C:\Windows\debug\m\lsass.exe desired_access: 983551 service_handle: 0x00000000002a3a60 error_control: 1 service_type: 16 service_manager_handle: 0x00000000002a3a30	1	2767456	0
CreateServiceW Oct. 30, 2024, 9:20 a.m.	service_start_name: start_type: 2 password: display_name: Windows Management filepath: C:\PerfLogs\Admin\1sass.exe service_name: Windows Management filepath_r: C:\PerfLogs\Admin\1sass.exe desired_access: 983551 service_handle: 0x00000000003b3be0 error_control: 1 service_type: 16 service_manager_handle: 0x00000000003b3bb0	1	3881952	0

Deletes executed files from disk (1 event)

file	C:\Windows\debug\m\c1.bat

Drops a binary and executes it (3 events)

file	C:\Windows\debug\m\n.vbs
file	C:\Windows\debug\m\c1.bat
file	C:\Windows\debug\m\lsass.exe

One or more non-whitelisted processes were created (2 events)

parent_process	wscript.exe				martian_process	"C:\Windows\debug\m\c1.bat"
parent_process	wscript.exe				martian_process	C:\Windows\debug\m\c1.bat

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2556 resumed a thread in remote process 2688
NtResumeThread Oct. 30, 2024, 9:20 a.m.	thread_handle: 0x000000000000026c suspend_count: 1 process_identifier: 2688	1	0	0

Created a process named as a common system process (1 event)

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW Oct. 30, 2024, 9:20 a.m.	thread_identifier: 2876 thread_handle: 0x000000000000000c process_identifier: 2872 current_directory: C:\Windows\debug\m filepath: C:\Windows\debug\m\lsass.exe track: 1 command_line: lsass.exe install "Windows Updata" winlogon.exe filepath_r: C:\Windows\debug\m\lsass.exe stack_pivoted: 0 creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 1 process_handle: 0x0000000000000068	1	1	0

File has been identified by 53 AntiVirus engines on VirusTotal as malicious (50 out of 53 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Starter.4!c
Cynet	Malicious (score: 99)
Skyhigh	BehavesLike.Win64.Generic.wc
ALYac	Dump:Generic.Dacic.1.BitCoinMiner.A.6B8D600F
Cylance	Unsafe
VIPRE	Trojan.GenericKD.67026473
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKD.67026473
K7GW	Trojan ( 005a7b801 )
K7AntiVirus	Trojan ( 005a7b801 )
Arcabit	Trojan.Generic.D3FEBE29 [many]
Symantec	Trojan.Gen.MBT
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Generik.MVPLCEB
APEX	Malicious
Avast	BV:Miner-HA [PUP]
Kaspersky	Trojan.VBS.Starter.lr
Alibaba	Trojan:Win32/Coinminer.449
NANO-Antivirus	Trojan.Win64.Mlw.kaajnb
MicroWorld-eScan	Trojan.GenericKD.67026473
Rising	HackTool.XMRMiner!1.C2EC (CLASSIC)
Emsisoft	Trojan.GenericKD.67026473 (B)
F-Secure	Trojan.TR/Dldr.Agent.aemwb
DrWeb	Trojan.Siggen29.1091
TrendMicro	Trojan.JS.MALXMR.SMBBS
McAfeeD	ti!C7EAFF9D735D
CTX	exe.miner.dacic
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious SFX
FireEye	Trojan.GenericKD.67026473
Google	Detected
Avira	TR/Dldr.Agent.aemwb
Antiy-AVL	GrayWare/Win64.CoinMiner.po
Kingsoft	Win32.Troj.Unknown.a
Gridinsoft	Trojan.Win64.CoinMiner.ca
Microsoft	Trojan:Win64/DisguisedXMRigMiner
ZoneAlarm	Trojan.VBS.Starter.lr
GData	Win64.Application.Coinminer.CP
Varist	W64/ABRisk.IIZZ-9065
McAfee	Artemis!F6814A59C532
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware.AI.DDS
Ikarus	Trojan.WinGo.Shellcoderunner
Panda	Trj/CI.A
TrendMicro-HouseCall	Trojan.JS.MALXMR.SMBBS
Tencent	Vbs.Trojan.Starter.Bzlw
Yandex	Trojan.Agent!RFJWQSbKDgk
huorong	Trojan/VBS.Starter.e
Fortinet	W32/Agent.FU!tr.dldr

m.dat

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All