4.6
中危
54 个模型检测该样本为恶意!
重新分析
更多

69a34116377032442c113adb0490c641f4af86b04fb8a2027f094d3678674915

a27883ff5f9107b0a013ea777b591fbe.exe

分析耗时

96s

最近分析

文件大小

991.5KB
静态报毒 动态报毒 100% 9M0@AYG7LAJ AGENSLA AGENTTESLA AI SCORE=82 ANDC ATTRIBUTE BLADABINDI BUCQDA CONFIDENCE ELDORADO FAREIT GDSDA GENERICKD GOLROTED GUFQZ HIGH CONFIDENCE HIGHCONFIDENCE HQMEAI IGENT KCLOUD KRYPT KRYPTIK LKXC M7QV MALICIOUS PE MALWARE@#1M6KCE6KS8SZ6 MASSLOGGER NANOCORE PACKEDNET PSWTROJ PWSX QQPASS QQROB QVM03 SCORE STATIC AI THIBGBO UNSAFE YAKBEEXMSIL ZEMSILF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FVS!A27883FF5F91 20201211 6.0.6.653
Baidu 20190318 1.0.0.2
Avast Win32:PWSX-gen [Trj] 20201210 21.1.5827.0
Alibaba TrojanSpy:MSIL/Golroted.03d3c616 20190527 0.3.0.5
Kingsoft Win32.PSWTroj.Undef.(kcloud) 20201211 2017.9.26.565
Tencent Msil.Trojan-qqpass.Qqrob.Lkxc 20201211 1.0.0.1
CrowdStrike win/malicious_confidence_100% (W) 20190702 1.0
静态指标
Checks if process is being debugged by a debugger (2 个事件)
Time & API Arguments Status Return Repeated
1619781473.62475
IsDebuggerPresent
failed 0 0
1619781473.62475
IsDebuggerPresent
failed 0 0
Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 个事件)
Time & API Arguments Status Return Repeated
1619781473.62475
GlobalMemoryStatusEx
success 1 0
行为判定
动态指标
Allocates read-write-execute memory (usually to unpack itself) (45 个事件)
Time & API Arguments Status Return Repeated
1619781473.10875
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 786432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00430000
success 0 0
1619781473.10875
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x004b0000
success 0 0
1619781473.53075
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 1376256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00b60000
success 0 0
1619781473.53075
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00c70000
success 0 0
1619781473.56175
NtProtectVirtualMemory
process_identifier: 1320
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b91000
success 0 0
1619781473.62475
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 589824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00a10000
success 0 0
1619781473.62475
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00a60000
success 0 0
1619781473.62475
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0046a000
success 0 0
1619781473.62475
NtProtectVirtualMemory
process_identifier: 1320
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 8192
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x73b92000
success 0 0
1619781473.62475
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00462000
success 0 0
1619781473.88975
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00472000
success 0 0
1619781473.96875
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00495000
success 0 0
1619781473.96875
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0049b000
success 0 0
1619781473.96875
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00497000
success 0 0
1619781474.12475
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00473000
success 0 0
1619781474.26475
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00474000
success 0 0
1619781474.26475
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00475000
success 0 0
1619781474.28075
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0047c000
success 0 0
1619781474.88975
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00476000
success 0 0
1619781474.88975
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00477000
success 0 0
1619781474.88975
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00478000
success 0 0
1619781475.01475
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00850000
success 0 0
1619781475.04675
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00479000
success 0 0
1619781475.12475
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0048a000
success 0 0
1619781475.12475
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00487000
success 0 0
1619781475.17175
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b40000
success 0 0
1619781475.17175
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b41000
success 0 0
1619781475.21875
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00851000
success 0 0
1619781475.21875
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00486000
success 0 0
1619781476.37475
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b42000
success 0 0
1619781476.45275
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b43000
success 0 0
1619781476.48375
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0x7ef40000
success 0 0
1619781476.48375
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef40000
success 0 0
1619781476.48375
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef40000
success 0 0
1619781476.48375
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef48000
success 0 0
1619781476.48375
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
base_address: 0x7ef30000
success 0 0
1619781476.48375
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x7ef30000
success 0 0
1619781476.56175
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00852000
success 0 0
1619781476.57775
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b44000
success 0 0
1619781476.57775
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00853000
success 0 0
1619781476.62475
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x0047d000
success 0 0
1619781476.82775
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b45000
success 0 0
1619781476.85875
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 12288
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00854000
success 0 0
1619781477.10875
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00b46000
success 0 0
1619781477.10875
NtAllocateVirtualMemory
process_identifier: 1320
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00857000
success 0 0
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.478325396138098 section {'size_of_data': '0x000f6c00', 'virtual_address': '0x00002000', 'entropy': 7.478325396138098, 'name': '.text', 'virtual_size': '0x000f6b14'} description A section with a high entropy has been found
entropy 0.9959636730575177 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 个事件)
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKD.34279963
FireEye Generic.mg.a27883ff5f9107b0
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4
McAfee Fareit-FVS!A27883FF5F91
Cylance Unsafe
VIPRE Trojan.Win32.Generic!BT
AegisLab Trojan.Win32.Generic.m7QV
Sangfor Malware
K7AntiVirus Trojan ( 0056bd901 )
BitDefender Trojan.GenericKD.34279963
K7GW Trojan ( 0056bd901 )
Arcabit Trojan.Generic.D20B121B
BitDefenderTheta Gen:NN.ZemsilF.34670.9m0@ayG7laj
Cyren W32/MSIL_Kryptik.BHD.gen!Eldorado
Symantec ML.Attribute.HighConfidence
APEX Malicious
Avast Win32:PWSX-gen [Trj]
Kaspersky HEUR:Trojan-PSW.MSIL.Agensla.gen
Alibaba TrojanSpy:MSIL/Golroted.03d3c616
NANO-Antivirus Trojan.Win32.Agensla.hqmeai
Ad-Aware Trojan.GenericKD.34279963
Sophos Mal/Generic-S
Comodo Malware@#1m6kce6ks8sz6
F-Secure Trojan.TR/AD.Golroted.gufqz
DrWeb Trojan.PackedNET.403
TrendMicro Trojan.MSIL.NANOCORE.THIBGBO
McAfee-GW-Edition Fareit-FVS!A27883FF5F91
Emsisoft Trojan.GenericKD.34279963 (B)
SentinelOne Static AI - Malicious PE
Jiangmin Trojan.PSW.MSIL.andc
Avira TR/AD.Golroted.gufqz
Antiy-AVL Trojan/MSIL.Kryptik
Kingsoft Win32.PSWTroj.Undef.(kcloud)
Gridinsoft Trojan.Win32.Kryptik.oa
Microsoft Trojan:MSIL/AgentTesla.VN!MTB
ZoneAlarm HEUR:Trojan-PSW.MSIL.Agensla.gen
GData Trojan.GenericKD.34279963
Cynet Malicious (score: 90)
AhnLab-V3 Trojan/Win32.Bladabindi.C357055
ALYac Trojan.GenericKD.34279963
MAX malware (ai score=82)
Malwarebytes Spyware.MassLogger
Panda Trj/GdSda.A
ESET-NOD32 a variant of MSIL/Kryptik.XEI
TrendMicro-HouseCall Trojan.MSIL.NANOCORE.THIBGBO
Tencent Msil.Trojan-qqpass.Qqrob.Lkxc
Yandex Trojan.Igent.bUcQdA.34
Ikarus Trojan.MSIL.Krypt
Fortinet MSIL/Kryptik.XCR!tr
Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 个事件)
dead_host 172.217.24.14:443
dead_host 172.217.160.110:443
dead_host 172.217.160.78:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2082-03-29 17:46:48

Imports

Library mscoree.dll:
0x402000 _CorExeMain

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57236 114.114.114.114 53
192.168.56.101 63429 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 50568 224.0.0.252 5355
192.168.56.101 51963 224.0.0.252 5355
192.168.56.101 53210 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 53657 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.