Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 4, 2025, 9:32 a.m.	April 4, 2025, 9:34 a.m.

Size	841.7KB
Type	ASCII text, with very long lines
MD5	`fa6618d283a0d6482c7e238caf915aed`
SHA256	`c3f13102022fc7a6444117df441bbd4c7288e191f38c10adbef60cc270905a4f`
CRC32	`6619EC1D`
ssdeep	`12288:m5xrKP5KleEgMVIRuIe2vjRYPq6TpjfyFJcBpCSBBh/CqU5t5lLW7jMDOxkec7Wp:m5xC52HMezPqef2vAKqo5w7A6y+`
Yara	None matched

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\UCHI.ps1
2548

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (47 events)

Time & API	Arguments	Status	Return
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: Method invocation failed because [System.Security.Cryptography.AesManaged] does console_handle: 0x00000023	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: n't contain a method named 'new'. console_handle: 0x0000002f	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: At C:\Users\test22\AppData\Local\Temp\UCHI.ps1:8 char:54 console_handle: 0x0000003b	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + $Aes = [System.Security.Cryptography.AesManaged]::new <<<< () console_handle: 0x00000047	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + CategoryInfo : InvalidOperation: (new:String) [], RuntimeExcept console_handle: 0x00000053	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: ion console_handle: 0x0000005f	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + FullyQualifiedErrorId : MethodNotFound console_handle: 0x0000006b	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: Property 'Key' cannot be found on this object; make sure it exists and is setta console_handle: 0x0000008b	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: ble. console_handle: 0x00000097	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: At C:\Users\test22\AppData\Local\Temp\UCHI.ps1:9 char:6 console_handle: 0x000000a3	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + $Aes. <<<< Key = $KeyBytes console_handle: 0x000000af	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + CategoryInfo : InvalidOperation: (Key:String) [], RuntimeExcept console_handle: 0x000000bb	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: ion console_handle: 0x000000c7	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + FullyQualifiedErrorId : PropertyNotFound console_handle: 0x000000d3	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: Property 'IV' cannot be found on this object; make sure it exists and is settab console_handle: 0x000000f3	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: le. console_handle: 0x000000ff	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: At C:\Users\test22\AppData\Local\Temp\UCHI.ps1:10 char:6 console_handle: 0x0000010b	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + $Aes. <<<< IV = $IV console_handle: 0x00000117	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + CategoryInfo : InvalidOperation: (IV:String) [], RuntimeExcepti console_handle: 0x00000123	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: on console_handle: 0x0000012f	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + FullyQualifiedErrorId : PropertyNotFound console_handle: 0x0000013b	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: You cannot call a method on a null-valued expression. console_handle: 0x0000015b	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: At C:\Users\test22\AppData\Local\Temp\UCHI.ps1:11 char:34 console_handle: 0x00000167	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + $Decryptor = $Aes.CreateDecryptor <<<< () console_handle: 0x00000173	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + CategoryInfo : InvalidOperation: (CreateDecryptor:String) [], R console_handle: 0x0000017f	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: untimeException console_handle: 0x0000018b	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + FullyQualifiedErrorId : InvokeMethodOnNull console_handle: 0x00000197	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: Exception calling "Write" with "3" argument(s): "Object reference not set to an console_handle: 0x000001b7	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: instance of an object." console_handle: 0x000001c3	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: At C:\Users\test22\AppData\Local\Temp\UCHI.ps1:14 char:20 console_handle: 0x000001cf	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + $CryptoStream.Write <<<< ($EncryptedBytes, 0, $EncryptedBytes.Length) console_handle: 0x000001db	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + CategoryInfo : NotSpecified: (:) [], MethodInvocationException console_handle: 0x000001e7	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + FullyQualifiedErrorId : DotNetMethodException console_handle: 0x000001f3	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: Exception calling "Close" with "0" argument(s): "Object reference not set to an console_handle: 0x00000213	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: instance of an object." console_handle: 0x0000021f	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: At C:\Users\test22\AppData\Local\Temp\UCHI.ps1:15 char:20 console_handle: 0x0000022b	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + $CryptoStream.Close <<<< () console_handle: 0x00000237	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + CategoryInfo : NotSpecified: (:) [], MethodInvocationException console_handle: 0x00000243	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + FullyQualifiedErrorId : DotNetMethodException console_handle: 0x0000024f	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: Invoke-Expression : Cannot bind argument to parameter 'Command' because it is a console_handle: 0x0000026f	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: n empty string. console_handle: 0x0000027b	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: At C:\Users\test22\AppData\Local\Temp\UCHI.ps1:18 char:18 console_handle: 0x00000287	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + Invoke-Expression <<<< $DecodedScript console_handle: 0x00000293	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + CategoryInfo : InvalidData: (:) [Invoke-Expression], ParameterB console_handle: 0x0000029f	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: indingValidationException console_handle: 0x000002ab	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAl console_handle: 0x000002b7	1	1
WriteConsoleW April 4, 2025, 9:32 a.m.	buffer: lowed,Microsoft.PowerShell.Commands.InvokeExpressionCommand console_handle: 0x000002c3	1	1

Uses Windows APIs to generate a cryptographic key (8 events)

Time & API	Arguments	Status	Return
CryptExportKey April 4, 2025, 9:32 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04fe8d60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 4, 2025, 9:32 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04fe8d60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 4, 2025, 9:32 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04fe8d60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 4, 2025, 9:32 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04fe8d60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 4, 2025, 9:32 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04fe8d60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 4, 2025, 9:32 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04fe8d60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 4, 2025, 9:32 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04fe8d60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 4, 2025, 9:32 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x04fe8d60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 4, 2025, 9:32 a.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (33 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0229b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022af000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e49000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07310000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 2228224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07320000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07500000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07501000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07502000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07503000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07311000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07312000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07313000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07314000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07315000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef30000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef30000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05561000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07504000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07505000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07506000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 69632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0750a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07316000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0751b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0751c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0751d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0751e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0751f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x07317000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e4d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 4, 2025, 9:32 a.m.	process_identifier: 2548 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05750000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

File has been identified by 15 AntiVirus engines on VirusTotal as malicious (15 events)

CTX	powershell.trojan.generic
Skyhigh	BehavesLike.PS.Dropper.cn
VIPRE	Trojan.GenericKD.76163784
Arcabit	Trojan.Generic.D48A2AC8
ESET-NOD32	PowerShell/TrojanDropper.Agent.AQD
BitDefender	Trojan.GenericKD.76163784
MicroWorld-eScan	Trojan.GenericKD.76163784
Emsisoft	Trojan.GenericKD.76163784 (B)
DrWeb	PowerShell.Packed.180
FireEye	Trojan.GenericKD.76163784
Google	Detected
Microsoft	Trojan:Script/Wacatac.B!ml
GData	Trojan.GenericKD.76163784
Varist	PSH/Agent.TG
Ikarus	Trojan-Dropper.PowerShell.Agent

UCHI.ps1

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All