SmartHawk

5.6

高危

48 个模型检测该样本为恶意！

重新分析

下载样本

cdddaa32a17f3dfb1d00f35354c29a0b949d709839785d879ea203cf18c57f24

9a6e44f7179f2aa4f7ee7d127b5112be.exe

分析耗时

90s

最近分析

文件大小

416.0KB

静态报毒动态报毒 A VARIANT OF GENERIK AI SCORE=85 AUTO BFHR CLASSIC CONFIDENCE FAREIT FORMBOOK GENERIC DROPPER GENERICKD HIGH CONFIDENCE INJUKE LHJYTMU LOKIBOT MALICIOUS PE NONAME@0 NSIS NSISPACKER PWSTEAL QVM42 R049C0OH420 UNSAFE XRHD 更多

未检测暂无鹰眼引擎检测结果

查杀引擎	查杀结果	查杀时间	查杀版本
McAfee	RDN/Generic Dropper	20200817	6.0.6.653
Alibaba	Trojan:Win32/Pwsteal.7df7c6e1	20190527	0.3.0.5
Avast	Win32:Malware-gen	20200816	18.4.3895.0
Tencent	Win32.Backdoor.Fareit.Auto	20200817	1.0.0.1
Baidu		20190318	1.0.0.2
Kingsoft		20200817	2013.8.14.323
CrowdStrike	win/malicious_confidence_60% (W)	20190702	1.0

Checks if process is being debugged by a debugger (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620812011.590625 IsDebuggerPresent		failed	0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620808744.40575 GlobalMemoryStatusEx		success	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 个事件)

section

.ndata

One or more processes crashed (1 个事件)

Time & API	Arguments	Status	Return	Repeated
1620812011.653625 __exception__	stacktrace: LdrGetProcedureAddressEx+0x11f wcsstr-0x99d ntdll+0x302ea @ 0x77d602ea LdrGetProcedureAddress+0x18 LdrGetProcedureAddressEx-0x9 ntdll+0x301c2 @ 0x77d601c2 New_ntdll_LdrGetProcedureAddress@16+0x59 New_ntdll_LdrLoadDll@16-0xfb @ 0x745fd359 GetProcAddress+0x44 GetVersion-0x38 kernelbase+0x111c4 @ 0x778f11c4 SE_ProcessDying+0xce ApphelpCheckExe-0x5d02 apphelp+0x1008b @ 0x745a008b SE_ProcessDying+0x64 ApphelpCheckExe-0x5d6c apphelp+0x10021 @ 0x745a0021 hook+0x173 hook_get_mem-0x33a @ 0x745e4e8e monitor_hook+0x5d monitor_unhook-0x1c @ 0x745e162d hook_library+0x1a unhook_library-0x3 @ 0x745ec6b9 New_ntdll_LdrLoadDll@16+0x112 New_ntdll_LdrUnloadDll@4-0x20 @ 0x745fd566 LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x778f1d7a LoadLibraryA+0x31 HeapCreate-0x25 kernel32+0x14a08 @ 0x76354a08 winhttp+0x613c @ 0x7525613c registers.esp: 1436548 registers.edi: 1033164613 registers.eax: 0 registers.ebp: 1436672 registers.edx: 2001928192 registers.ebx: 1036180037 registers.esi: 2001933840 registers.ecx: 1436770 exception.instruction_r: 8b 0c 87 03 ca 8b 55 e0 89 55 0c 8b 55 0c 8a 12 exception.symbol: LdrGetDllHandleEx+0x3c2 LdrGetProcedureAddress-0xd0 ntdll+0x300da exception.instruction: mov ecx, dword ptr [edi + eax*4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 196826 exception.address: 0x77d600da	success	0	0

Time & API

Arguments

Status

Return

Repeated

1620812011.653625
__exception__

stacktrace:

LdrGetProcedureAddressEx+0x11f wcsstr-0x99d ntdll+0x302ea @ 0x77d602ea
LdrGetProcedureAddress+0x18 LdrGetProcedureAddressEx-0x9 ntdll+0x301c2 @ 0x77d601c2
New_ntdll_LdrGetProcedureAddress@16+0x59 New_ntdll_LdrLoadDll@16-0xfb @ 0x745fd359
GetProcAddress+0x44 GetVersion-0x38 kernelbase+0x111c4 @ 0x778f11c4
SE_ProcessDying+0xce ApphelpCheckExe-0x5d02 apphelp+0x1008b @ 0x745a008b
SE_ProcessDying+0x64 ApphelpCheckExe-0x5d6c apphelp+0x10021 @ 0x745a0021
hook+0x173 hook_get_mem-0x33a @ 0x745e4e8e
monitor_hook+0x5d monitor_unhook-0x1c @ 0x745e162d
hook_library+0x1a unhook_library-0x3 @ 0x745ec6b9
New_ntdll_LdrLoadDll@16+0x112 New_ntdll_LdrUnloadDll@4-0x20 @ 0x745fd566
LoadLibraryExW+0x178 LoadLibraryExA-0x2a kernelbase+0x11d2a @ 0x778f1d2a
LoadLibraryExA+0x26 FreeLibrary-0x18 kernelbase+0x11d7a @ 0x778f1d7a
LoadLibraryA+0x31 HeapCreate-0x25 kernel32+0x14a08 @ 0x76354a08
winhttp+0x613c @ 0x7525613c

registers.esp: 1436548
registers.edi: 1033164613
registers.eax: 0
registers.ebp: 1436672
registers.edx: 2001928192
registers.ebx: 1036180037
registers.esi: 2001933840
registers.ecx: 1436770
exception.instruction_r: 8b 0c 87 03 ca 8b 55 e0 89 55 0c 8b 55 0c 8a 12
exception.symbol: LdrGetDllHandleEx+0x3c2 LdrGetProcedureAddress-0xd0 ntdll+0x300da
exception.instruction: mov ecx, dword ptr [edi + eax*4]
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 196826
exception.address: 0x77d600da

success

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (12 个事件)

Time & API	Arguments	Status
1620812011.574625 NtProtectVirtualMemory	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x1000c000	success
1620812011.574625 NtProtectVirtualMemory	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x77531000	success
1620812011.590625 NtProtectVirtualMemory	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x75380000	success
1620812011.621625 NtProtectVirtualMemory	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x74571000	success
1620812011.621625 NtAllocateVirtualMemory	process_identifier: 3040 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00780000	success
1620812011.621625 NtAllocateVirtualMemory	process_identifier: 3040 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00790000	success
1620812011.637625 NtProtectVirtualMemory	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x77531000	success
1620812011.637625 NtProtectVirtualMemory	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x75251000	success
1620812011.637625 NtProtectVirtualMemory	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x75101000	success
1620812011.637625 NtProtectVirtualMemory	process_identifier: 3040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 61440 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff base_address: 0x75250000	success
1620812011.637625 NtAllocateVirtualMemory	process_identifier: 3040 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x007d0000	success
1620812011.653625 NtAllocateVirtualMemory	process_identifier: 3040 region_size: 147456 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) process_handle: 0xffffffff allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) base_address: 0x00860000	success

Creates executable files on the filesystem (15 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\vcencbld.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\ref\csproj\language\44.opends60.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\sqldbg.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\undname.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\45.opends60.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\ref\csproj\language\WizardFrameworkVS.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\KedKeelboat.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\IIEHost.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\DevCfgUI.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\RSObjectsUI.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\MicrosoftVSDesignerUI.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\ilasm.exe
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\ref\csproj\language\dbsvcui.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\ref\csproj\language\u2l2000.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\.exe

Drops an executable to the user AppData folder (10 个事件)

file	C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\KedKeelboat.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\sqldbg.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\RSObjectsUI.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\DevCfgUI.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\ref\csproj\language\WizardFrameworkVS.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\IIEHost.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\ref\csproj\language\dbsvcui.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\ref\csproj\language\u2l2000.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\vcencbld.dll
file	C:\Users\Administrator.Oskar-PC\AppData\Roaming\nz\MicrosoftVSDesignerUI.dll

Communicates with host for which no DNS query was performed (2 个事件)

host	113.108.239.196
host	172.217.24.14

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 个事件)

Elastic	malicious (high confidence)
DrWeb	Trojan.PWS.Stealer.28998
MicroWorld-eScan	Trojan.GenericKD.43586206
FireEye	Generic.mg.9a6e44f7179f2aa4
CAT-QuickHeal	Trojan.Injuke
McAfee	RDN/Generic Dropper
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 0056be571 )
Alibaba	Trojan:Win32/Pwsteal.7df7c6e1
K7GW	Trojan ( 0056be571 )
Cybereason	malicious.f5eeb5
Invincea	heuristic
Symantec	Packed.NSISPacker!g6
ESET-NOD32	a variant of Generik.LHJYTMU
TrendMicro-HouseCall	TROJ_GEN.R049C0OH420
Avast	Win32:Malware-gen
GData	Trojan.GenericKD.43586206
Kaspersky	HEUR:Trojan.Win32.Injuke.gen
BitDefender	Trojan.GenericKD.43586206
Paloalto	generic.ml
ViRobot	Trojan.Win32.S.Agent.425952
Tencent	Win32.Backdoor.Fareit.Auto
Ad-Aware	Trojan.GenericKD.43586206
Comodo	fls.noname@0
Zillya	Trojan.Injuke.Win32.792
TrendMicro	TROJ_GEN.R049C0OH420
SentinelOne	DFI - Malicious PE
Sophos	Troj/Agent-BFHR
Ikarus	Trojan-Spy.FormBook
Cyren	W32/Trojan.XRHD-7534
Arcabit	Trojan.Generic.D299129E
AegisLab	Trojan.Win32.Malicious.4!c
ZoneAlarm	HEUR:Trojan.Win32.Injuke.gen
Microsoft	Trojan:Win32/Pwsteal.Q!rfn
AhnLab-V3	Dropper/Win32.Agent.C4097578
VBA32	Trojan.Injuke
ALYac	Trojan.Agent.FormBook
Malwarebytes	Spyware.LokiBot
APEX	Malicious
Rising	Trojan.Injector/NSIS!1.CA4F (CLASSIC)
MAX	malware (ai score=85)
Fortinet	W32/Injuke.BFHR!tr
Webroot	W32.Trojan.Gen
AVG	Win32:Malware-gen
CrowdStrike	win/malicious_confidence_60% (W)
Qihoo-360	Generic/HEUR/QVM42.3.FDE1.Malware.Gen

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (2 个事件)

dead_host	172.217.24.14:443
dead_host	172.217.160.110:443

暂无二进制图像该样本未生成二进制可视化图像

暂无运行截图该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手，可以帮您分析和解读恶意软件报告。请随时向我提问！

🔍 主要威胁分析

⚡ 行为特征

🛡️ 防护建议

🔧 技术手段

🎯 检测方法

🤖

Static Analysis
Strings

PE Compile Time

2019-12-16 08:51:03

Imports

Library KERNEL32.dll:

• 0x408070 SetEnvironmentVariableA

• 0x408074 CreateFileA

• 0x408078 GetFileSize

• 0x40807c GetModuleFileNameA

• 0x408080 ReadFile

• 0x408084 GetCurrentProcess

• 0x408088 CopyFileA

• 0x40808c Sleep

• 0x408090 GetTickCount

• 0x408094 GetWindowsDirectoryA

• 0x408098 GetTempPathA

• 0x40809c GetCommandLineA

• 0x4080a0 lstrlenA

• 0x4080a4 GetVersion

• 0x4080a8 SetErrorMode

• 0x4080ac lstrcpynA

• 0x4080b0 ExitProcess

• 0x4080b4 SetFileAttributesA

• 0x4080b8 GlobalLock

• 0x4080bc CreateThread

• 0x4080c0 GetLastError

• 0x4080c4 CreateDirectoryA

• 0x4080c8 CreateProcessA

• 0x4080cc RemoveDirectoryA

• 0x4080d0 GetTempFileNameA

• 0x4080d4 WriteFile

• 0x4080d8 lstrcpyA

• 0x4080dc MoveFileExA

• 0x4080e0 lstrcatA

• 0x4080e4 GetSystemDirectoryA

• 0x4080e8 GetProcAddress

• 0x4080ec GetExitCodeProcess

• 0x4080f0 WaitForSingleObject

• 0x4080f4 CompareFileTime

• 0x4080f8 SetFileTime

• 0x4080fc GetFileAttributesA

• 0x408100 SetCurrentDirectoryA

• 0x408104 MoveFileA

• 0x408108 GetFullPathNameA

• 0x40810c GetShortPathNameA

• 0x408110 SearchPathA

• 0x408114 CloseHandle

• 0x408118 lstrcmpiA

• 0x40811c GlobalUnlock

• 0x408120 GetDiskFreeSpaceA

• 0x408124 lstrcmpA

• 0x408128 DeleteFileA

• 0x40812c FindFirstFileA

• 0x408130 FindNextFileA

• 0x408134 FindClose

• 0x408138 SetFilePointer

• 0x40813c GetPrivateProfileStringA

• 0x408140 WritePrivateProfileStringA

• 0x408144 MulDiv

• 0x408148 MultiByteToWideChar

• 0x40814c FreeLibrary

• 0x408150 LoadLibraryExA

• 0x408154 GetModuleHandleA

• 0x408158 GlobalAlloc

• 0x40815c GlobalFree

• 0x408160 ExpandEnvironmentStringsA

Library USER32.dll:

• 0x408184 GetSystemMenu

• 0x408188 SetClassLongA

• 0x40818c EnableMenuItem

• 0x408190 IsWindowEnabled

• 0x408194 SetWindowPos

• 0x408198 GetSysColor

• 0x40819c GetWindowLongA

• 0x4081a0 SetCursor

• 0x4081a4 LoadCursorA

• 0x4081a8 CheckDlgButton

• 0x4081ac GetMessagePos

• 0x4081b0 CallWindowProcA

• 0x4081b4 IsWindowVisible

• 0x4081b8 CloseClipboard

• 0x4081bc SetClipboardData

• 0x4081c0 EmptyClipboard

• 0x4081c4 OpenClipboard

• 0x4081c8 ScreenToClient

• 0x4081cc GetWindowRect

• 0x4081d0 GetDlgItem

• 0x4081d4 GetSystemMetrics

• 0x4081d8 SetDlgItemTextA

• 0x4081dc GetDlgItemTextA

• 0x4081e0 MessageBoxIndirectA

• 0x4081e4 CharPrevA

• 0x4081e8 DispatchMessageA

• 0x4081ec PeekMessageA

• 0x4081f0 GetDC

• 0x4081f4 ReleaseDC

• 0x4081f8 EnableWindow

• 0x4081fc InvalidateRect

• 0x408200 SendMessageA

• 0x408204 DefWindowProcA

• 0x408208 BeginPaint

• 0x40820c GetClientRect

• 0x408210 FillRect

• 0x408214 EndDialog

• 0x408218 RegisterClassA

• 0x40821c SystemParametersInfoA

• 0x408220 CreateWindowExA

• 0x408224 GetClassInfoA

• 0x408228 DialogBoxParamA

• 0x40822c CharNextA

• 0x408230 ExitWindowsEx

• 0x408234 LoadImageA

• 0x408238 CreateDialogParamA

• 0x40823c SetTimer

• 0x408240 SetWindowTextA

• 0x408244 SetForegroundWindow

• 0x408248 ShowWindow

• 0x40824c SetWindowLongA

• 0x408250 SendMessageTimeoutA

• 0x408254 FindWindowExA

• 0x408258 IsWindow

• 0x40825c AppendMenuA

• 0x408260 TrackPopupMenu

• 0x408264 CreatePopupMenu

• 0x408268 DrawTextA

• 0x40826c EndPaint

• 0x408270 DestroyWindow

• 0x408274 wsprintfA

• 0x408278 PostQuitMessage

Library GDI32.dll:

• 0x40804c SelectObject

• 0x408050 SetTextColor

• 0x408054 SetBkMode

• 0x408058 CreateFontIndirectA

• 0x40805c CreateBrushIndirect

• 0x408060 DeleteObject

• 0x408064 GetDeviceCaps

• 0x408068 SetBkColor

Library SHELL32.dll:

• 0x408168 SHGetSpecialFolderLocation

• 0x40816c ShellExecuteExA

• 0x408170 SHGetPathFromIDListA

• 0x408174 SHBrowseForFolderA

• 0x408178 SHGetFileInfoA

• 0x40817c SHFileOperationA

Library ADVAPI32.dll:

• 0x408000 AdjustTokenPrivileges

• 0x408004 RegCreateKeyExA

• 0x408008 RegOpenKeyExA

• 0x40800c SetFileSecurityA

• 0x408010 OpenProcessToken

• 0x408014 LookupPrivilegeValueA

• 0x408018 RegEnumValueA

• 0x40801c RegDeleteKeyA

• 0x408020 RegDeleteValueA

• 0x408024 RegCloseKey

• 0x408028 RegSetValueExA

• 0x40802c RegQueryValueExA

• 0x408030 RegEnumKeyA

Library COMCTL32.dll:

• 0x408038 ImageList_Create

• 0x40803c ImageList_AddMasked

• 0x408040

• 0x408044 ImageList_Destroy

Library ole32.dll:

• 0x408280 OleUninitialize

• 0x408284 OleInitialize

• 0x408288 CoTaskMemFree

• 0x40828c CoCreateInstance

Hosts

No hosts contacted.

DNS

Name	Response	Post-Analysis Lookup
time.windows.com	A 20.189.79.72 CNAME time.microsoft.akadns.net
clients2.google.com	A 172.217.160.110 CNAME clients.l.google.com	142.250.66.110
dns.msftncsi.com	AAAA fd3e:4f5a:5b81::1	131.107.255.255
dns.msftncsi.com	A 131.107.255.255	131.107.255.255
teredo.ipv6.microsoft.com

TCP

No TCP connections recorded.

UDP

Source	Source Port	Destination	Destination Port
192.168.56.101	51808	114.114.114.114	53
192.168.56.101	51963	114.114.114.114	53
192.168.56.101	55368	114.114.114.114	53
192.168.56.101	56539	114.114.114.114	53
192.168.56.101	60384	114.114.114.114	53
192.168.56.101	137	192.168.56.255	137
192.168.56.101	138	192.168.56.255	138
192.168.56.101	123	20.189.79.72 time.windows.com	123
192.168.56.101	49713	224.0.0.252	5355
192.168.56.101	51378	224.0.0.252	5355
192.168.56.101	53237	224.0.0.252	5355
192.168.56.101	56804	224.0.0.252	5355
192.168.56.101	58367	224.0.0.252	5355
192.168.56.101	60123	224.0.0.252	5355
192.168.56.101	61680	224.0.0.252	5355
192.168.56.101	62191	224.0.0.252	5355
192.168.56.101	62318	224.0.0.252	5355
192.168.56.101	65004	224.0.0.252	5355
192.168.56.101	1900	239.255.255.250	1900
192.168.56.101	51379	239.255.255.250	3702

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.

Sorry! No dropped buffers.