9.6
极危
55 个模型检测该样本为恶意!
重新分析
更多

3828d8f812af534eecf5a0f8d8ba8a1d3d1d4e10c5f25b3015e753d2c40cd51a

e6aa23dfa1df271046ba903fe3da5434.exe

分析耗时

45s

最近分析

文件大小

763.5KB
静态报毒 动态报毒 AI SCORE=89 AIDETECTVM AUTO BANKER1 BTVD2J CLASSIC CONFIDENCE DELF DELPHILESS ELXR EMHC FAREIT FORMBOOK GENERICKDZ GENETIC HIGH CONFIDENCE HKQNFW IGENT KRYPTIK LOKIBOT MALWARE2 MALWARE@#18L3HCV8ABVHI MAZYH R + MAL R03BC0DJT20 RMRF SCORE TSCOPE UNSAFE VGW@AQQ9TTLI X2066 ZELPHIF 更多
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
查杀引擎 查杀结果 查杀时间 查杀版本
McAfee Fareit-FTB!E6AA23DFA1DF 20201211 6.0.6.653
Alibaba Trojan:Win32/FormBook.c89b716d 20190527 0.3.0.5
CrowdStrike win/malicious_confidence_90% (W) 20190702 1.0
Baidu 20190318 1.0.0.2
Avast Win32:Trojan-gen 20201210 21.1.5827.0
Kingsoft 20201211 2017.9.26.565
Tencent Win32.Trojan.Inject.Auto 20201211 1.0.0.1
静态指标
The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 个事件)
section CODE
section DATA
section BSS
The executable uses a known packer (1 个事件)
packer BobSoft Mini Delphi -> BoB / BobSoft
One or more processes crashed (1 个事件)
Time & API Arguments Status Return Repeated
1619964351.448499
__exception__
stacktrace: 
CreateFileMappingW+0xe5 OpenFileMappingW-0x29 kernelbase+0xdc73 @ 0x778edc73
GetFileVersion+0xa7 ND_RI2-0x2eb mscoreei+0xe97b @ 0x73a4e97b
GetFileVersion+0x1bb ND_RI2-0x1d7 mscoreei+0xea8f @ 0x73a4ea8f
RegisterShimImplCallback+0x48e5 CLRCreateInstance-0x13e6 mscoreei+0xb25a @ 0x73a4b25a
RegisterShimImplCallback+0x4b52 CLRCreateInstance-0x1179 mscoreei+0xb4c7 @ 0x73a4b4c7
RegisterShimImplCallback+0x4300 CLRCreateInstance-0x19cb mscoreei+0xac75 @ 0x73a4ac75
RegisterShimImplCallback+0x4561 CLRCreateInstance-0x176a mscoreei+0xaed6 @ 0x73a4aed6
CreateConfigStream+0xc89 _CorExeMain-0x62 mscoreei+0x5511 @ 0x73a45511
_CorExeMain+0x2b _CorExeMain2-0x141 mscoreei+0x559e @ 0x73a4559e
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74107f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74104de3
e6aa23dfa1df271046ba903fe3da5434+0x5aa4d @ 0x45aa4d
e6aa23dfa1df271046ba903fe3da5434+0x53254 @ 0x453254
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x763533ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77d69ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77d69ea5

registers.esp: 1634372
registers.edi: 2
registers.eax: 1
registers.ebp: 1634412
registers.edx: 228
registers.ebx: 983045
registers.esi: 1634532
registers.ecx: 228
exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0xfcb614ad
success 0 0
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Allocates read-write-execute memory (usually to unpack itself) (30 个事件)
Time & API Arguments Status Return Repeated
1619951368.40675
NtAllocateVirtualMemory
process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x007d0000
success 0 0
1619951368.48475
NtProtectVirtualMemory
process_identifier: 2520
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 32768
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00468000
success 0 0
1619951368.48475
NtAllocateVirtualMemory
process_identifier: 2520
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x01fc0000
success 0 0
1619964339.698499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00400000
success 0 0
1619964339.745499
NtAllocateVirtualMemory
process_identifier: 2860
region_size: 458752
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x00560000
success 0 0
1619964339.745499
NtAllocateVirtualMemory
process_identifier: 2860
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00590000
success 0 0
1619964339.745499
NtAllocateVirtualMemory
process_identifier: 2860
region_size: 335872
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x005d0000
success 0 0
1619964339.745499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 307200
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x005d2000
success 0 0
1619964342.964499
NtAllocateVirtualMemory
process_identifier: 2860
region_size: 393216
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 8192 (MEM_RESERVE)
base_address: 0x01e50000
success 0 0
1619964342.964499
NtAllocateVirtualMemory
process_identifier: 2860
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x01e70000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x77d4f000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76353000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76354000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x00342000
success 0 0
1619964351.417499
NtProtectVirtualMemory
process_identifier: 2860
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffff
base_address: 0x76351000
success 0 0
Creates executable files on the filesystem (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\file.vbs
The binary likely contains encrypted or compressed data indicative of a packer (2 个事件)
entropy 7.326634283263792 section {'size_of_data': '0x00044c00', 'virtual_address': '0x00080000', 'entropy': 7.326634283263792, 'name': '.rsrc', 'virtual_size': '0x00044a70'} description A section with a high entropy has been found
entropy 0.36065573770491804 description Overall entropy of this PE file is high
网络通信
Communicates with host for which no DNS query was performed (1 个事件)
host 172.217.24.14
Allocates execute permission to another process indicative of possible code injection (1 个事件)
Time & API Arguments Status Return Repeated
1619951369.10975
NtAllocateVirtualMemory
process_identifier: 2248
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000100
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
Installs itself for autorun at Windows startup (1 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\file.vbs
Creates a thread using NtQueueApcThread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2520 created a thread in remote process 2248
Time & API Arguments Status Return Repeated
1619951369.10975
NtQueueApcThread
thread_handle: 0x000000fc
process_identifier: 2248
function_address: 0x000b05c0
parameter: 0x000c0000
success 0 0
Potential code injection by writing to the memory of another process (2 个事件)
Time & API Arguments Status Return Repeated
1619951369.10975
WriteProcessMemory
process_identifier: 2248
buffer: Q¹0d‹‹@ ‹@ ‹‹‹@‰$‹$YÃVWR¾§ÆgNè„Yƒøv· ¿Zwf;Ït ¿Ntf;ÏuƒÂƒè…Àt‹ÎÁá‹þÁïϾ:Ï3ñBHué_‹Æ^ÃU‹ìQQ‹MSVW…Ét;¸MZf9u1‹A<Át*8PEu"‹@xƒeüÁ‹x‹X$‹p ‹@ùÙñ‰Eø…Àu 3À_^[ÉËM‹Eü‹†ÑèOÿÿÿ;E t ÿEü‹Eü;Eøràë׋Eü·C‹‡EëÊU‹ìQSW3ÿWWjWjh@ÿuÿV‹Øƒûÿu3Àë&WWWS‰}üÿV0W‹}EüPWÿu SÿV SÿV3À9}ü”À_[ÉÅÉtè•…Àt3Éf‰ÃU‹ììV‹ð…äüÿÿP3ÀPPjPÿVl…À…Žj\Xf‰Eü3Àj.f‰EþXjvf‰EðXf‰EòjbXf‰EôjsXf‰Eö3Àf‰EøUü…äüÿÿèÖ‹U è΍UðèÆÿu…ìþÿÿÿuPÿVxƒÄ …äüÿÿPÿV…ìþÿÿPèÂ@P…ìþÿÿP…äüÿÿPèîþÿÿƒÄ^ÉÃU‹ìì,j:XjZf‰EÜXjof‰EÞXjnf‰EàXjef‰EâXjIf‰EäXjdf‰EæXjef‰EèXjnf‰EêXjtf‰EìXjif‰EîXjff‰EðXjif‰EòXf‰EôjeXf‰EöjrXf‰Eø3Àf‰Eú…Ôýÿÿ謍UÜè÷EÿPÆEÿèPEÿP…ÔýÿÿPè?þÿÿƒÄÉÃU‹ìQƒeüV‹ðEüPÿuèþYY…Àtƒ}ütÿuüPÿu è þÿÿƒÄ …Àt3À@ë3À^ÉÃU‹ììSV‹ð‹Ï…øýÿÿè'‹Èè(þÿÿ3ÛS…øýÿÿPÿVWÿV8] uWÿu‹Æè~ÿÿÿYY‹Øë €} u5SWÿuÿWÿV(3ۃøÿ‹Ï•Ãèªþÿÿƒûu9]u WÿV(ƒÈPWÿV,3À@ë3À^[ÉÃU‹ìƒìSVWèsüÿÿ‹ø…ÿ„"h"¿ŠWèÌüÿÿ‹ØYY…Û„ jh0h„jÿӋð…ö„ñh¼Û«½W‰~`‰^@è•üÿÿhÒ¼‰W‰F$è‡üÿÿh|QgjW‰F(èyüÿÿhëI”W‰F,èküÿÿh•å©—W‰F0è]üÿÿh¥°(W‰F4èOüÿÿh)·W‰F8èAüÿÿh[uŠðW‰FDè3üÿÿƒÄ@‹Øhd†óuW‰^ è üÿÿh¢¦aëW‰F èüÿÿhÕOd"W‰Fèüÿÿhy.ÔW‰Fèöûÿÿh±÷W‰FèèûÿÿheóW÷W‰FèÚûÿÿh¯4P“W‰FèÌûÿÿh{=#W‰F<è¾ûÿÿƒÄ@hOû~ W‰Fè­ûÿÿhà=!6W‰FHèŸûÿÿhh‰#W‰è’ûÿÿ‰FLhÍeWè„ûÿÿhÓ1ÆVW‰FPèvûÿÿh7œ½W‰FTèhûÿÿh£-ãW‰FXèZûÿÿ‰F\ƒÄ8EðPÇEðshelÇEôl32ÿӋø…ÿt"hÀåz°W‰~dè,ûÿÿhêêºW‰FlèûÿÿƒÄ‰FpEøPÇEøuserfÇEü32ÆEþÿV ‹ø…ÿtAhqV°0W‰~hèìúÿÿhkV°0W‰FxèÞúÿÿh&cj—W‰FtèÐúÿÿh<cj—W‰F|èÂúÿÿƒÄ ‰†€‹Æë3À_^[ÉÃU‹ìƒì\V‹uW3ÿ;÷„îSè¤ýÿÿ‹Ø;ßu WÿDéՍ†‰EüPëj2ÿSPÿuüWWÿSL…ÀuïjdÿSPF‰Eø‰E9>tYÿ¶¶ŽQP¾ ‹Ãè¾üÿÿ‰}3ÿƒÄ 9>t1jDE¤WPèjEèWPèüƒÄEèPE¤PWWj WWWWÿuÿS$9¾(t†lP†,Pÿu‹Ãè½úÿÿƒÄ 9¾tëj2ÿSPÿuüWWÿSL…ÀuïjdÿSPÿuøÿSWÿSD[_3À^ÉÂU‹ìƒì SW3ÿWWjWjh€ÿu‰}øÿV‹Øƒûÿu3Àë>WSÿV‰Eô;Çt+jh0PWÿV@‰Eø;ÇtWMüQÿuô‰}üPSÿV‹Eü‹M ‰SÿV‹Eø_[É÷f‰f…ÒtV‹ð+ñƒÁ·f‰f…Òuñ^ÃU‹ìQQ‹E‰Eü‹EüE‰Eø‹Eü;Eøt‹EüŠM ˆ‹Eü@‰Eüëç‹EÉÃfƒ8V‹ðt ƒÆfƒ>u÷+ò· f‰ ƒÂf…Éuñ^ËD$Š@„Éuù+D$HÅÉu3ÀÃfƒ9‹Át ƒÀfƒ8u÷+ÁÑøÅÉt èÚÿÿÿ…ÀtDAþë fƒù\t ƒè·f…Éuï3ÀÃ
process_handle: 0x00000100
base_address: 0x000b0000
success 1 0
1619951369.10975
WriteProcessMemory
process_identifier: 2248
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e6aa23dfa1df271046ba903fe3da5434.exe"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e6aa23dfa1df271046ba903fe3da5434.exe" fileseT zePqEcZJAHWXBWlN = CReaTEobjEct("wSCRipt.sHeLl") ZEpqECZjahWxbwLn.run """%ls""", 0, False
process_handle: 0x00000100
base_address: 0x000c0000
success 1 0
Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 个事件)
Process injection Process 2520 called NtSetContextThread to modify thread in remote process 2860
Time & API Arguments Status Return Repeated
1619951369.20375
NtSetContextThread
thread_handle: 0x00000108
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4907056
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2860
success 0 0
Resumed a suspended thread in a remote process potentially indicative of process injection (2 个事件)
Process injection Process 2520 resumed a thread in remote process 2860
Time & API Arguments Status Return Repeated
1619951369.25075
NtResumeThread
thread_handle: 0x00000108
suspend_count: 1
process_identifier: 2860
success 0 0
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.24.14:443
Executed a process and injected code into it, probably while unpacking (11 个事件)
Time & API Arguments Status Return Repeated
1619951369.10975
CreateProcessInternalW
thread_identifier: 2740
thread_handle: 0x000000fc
process_identifier: 2248
current_directory:
filepath: C:\Windows\System32\notepad.exe
track: 1
command_line:
filepath_r: C:\Windows\system32\notepad.exe
stack_pivoted: 0
creation_flags: 32 (NORMAL_PRIORITY_CLASS)
process_handle: 0x00000100
inherit_handles: 0
success 1 0
1619951369.10975
NtAllocateVirtualMemory
process_identifier: 2248
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0x00000100
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000b0000
success 0 0
1619951369.10975
NtAllocateVirtualMemory
process_identifier: 2248
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 4 (PAGE_READWRITE)
process_handle: 0x00000100
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
base_address: 0x000c0000
success 0 0
1619951369.10975
WriteProcessMemory
process_identifier: 2248
buffer: Q¹0d‹‹@ ‹@ ‹‹‹@‰$‹$YÃVWR¾§ÆgNè„Yƒøv· ¿Zwf;Ït ¿Ntf;ÏuƒÂƒè…Àt‹ÎÁá‹þÁïϾ:Ï3ñBHué_‹Æ^ÃU‹ìQQ‹MSVW…Ét;¸MZf9u1‹A<Át*8PEu"‹@xƒeüÁ‹x‹X$‹p ‹@ùÙñ‰Eø…Àu 3À_^[ÉËM‹Eü‹†ÑèOÿÿÿ;E t ÿEü‹Eü;Eøràë׋Eü·C‹‡EëÊU‹ìQSW3ÿWWjWjh@ÿuÿV‹Øƒûÿu3Àë&WWWS‰}üÿV0W‹}EüPWÿu SÿV SÿV3À9}ü”À_[ÉÅÉtè•…Àt3Éf‰ÃU‹ììV‹ð…äüÿÿP3ÀPPjPÿVl…À…Žj\Xf‰Eü3Àj.f‰EþXjvf‰EðXf‰EòjbXf‰EôjsXf‰Eö3Àf‰EøUü…äüÿÿèÖ‹U è΍UðèÆÿu…ìþÿÿÿuPÿVxƒÄ …äüÿÿPÿV…ìþÿÿPèÂ@P…ìþÿÿP…äüÿÿPèîþÿÿƒÄ^ÉÃU‹ìì,j:XjZf‰EÜXjof‰EÞXjnf‰EàXjef‰EâXjIf‰EäXjdf‰EæXjef‰EèXjnf‰EêXjtf‰EìXjif‰EîXjff‰EðXjif‰EòXf‰EôjeXf‰EöjrXf‰Eø3Àf‰Eú…Ôýÿÿ謍UÜè÷EÿPÆEÿèPEÿP…ÔýÿÿPè?þÿÿƒÄÉÃU‹ìQƒeüV‹ðEüPÿuèþYY…Àtƒ}ütÿuüPÿu è þÿÿƒÄ …Àt3À@ë3À^ÉÃU‹ììSV‹ð‹Ï…øýÿÿè'‹Èè(þÿÿ3ÛS…øýÿÿPÿVWÿV8] uWÿu‹Æè~ÿÿÿYY‹Øë €} u5SWÿuÿWÿV(3ۃøÿ‹Ï•Ãèªþÿÿƒûu9]u WÿV(ƒÈPWÿV,3À@ë3À^[ÉÃU‹ìƒìSVWèsüÿÿ‹ø…ÿ„"h"¿ŠWèÌüÿÿ‹ØYY…Û„ jh0h„jÿӋð…ö„ñh¼Û«½W‰~`‰^@è•üÿÿhÒ¼‰W‰F$è‡üÿÿh|QgjW‰F(èyüÿÿhëI”W‰F,èküÿÿh•å©—W‰F0è]üÿÿh¥°(W‰F4èOüÿÿh)·W‰F8èAüÿÿh[uŠðW‰FDè3üÿÿƒÄ@‹Øhd†óuW‰^ è üÿÿh¢¦aëW‰F èüÿÿhÕOd"W‰Fèüÿÿhy.ÔW‰Fèöûÿÿh±÷W‰FèèûÿÿheóW÷W‰FèÚûÿÿh¯4P“W‰FèÌûÿÿh{=#W‰F<è¾ûÿÿƒÄ@hOû~ W‰Fè­ûÿÿhà=!6W‰FHèŸûÿÿhh‰#W‰è’ûÿÿ‰FLhÍeWè„ûÿÿhÓ1ÆVW‰FPèvûÿÿh7œ½W‰FTèhûÿÿh£-ãW‰FXèZûÿÿ‰F\ƒÄ8EðPÇEðshelÇEôl32ÿӋø…ÿt"hÀåz°W‰~dè,ûÿÿhêêºW‰FlèûÿÿƒÄ‰FpEøPÇEøuserfÇEü32ÆEþÿV ‹ø…ÿtAhqV°0W‰~hèìúÿÿhkV°0W‰FxèÞúÿÿh&cj—W‰FtèÐúÿÿh<cj—W‰F|èÂúÿÿƒÄ ‰†€‹Æë3À_^[ÉÃU‹ìƒì\V‹uW3ÿ;÷„îSè¤ýÿÿ‹Ø;ßu WÿDéՍ†‰EüPëj2ÿSPÿuüWWÿSL…ÀuïjdÿSPF‰Eø‰E9>tYÿ¶¶ŽQP¾ ‹Ãè¾üÿÿ‰}3ÿƒÄ 9>t1jDE¤WPèjEèWPèüƒÄEèPE¤PWWj WWWWÿuÿS$9¾(t†lP†,Pÿu‹Ãè½úÿÿƒÄ 9¾tëj2ÿSPÿuüWWÿSL…ÀuïjdÿSPÿuøÿSWÿSD[_3À^ÉÂU‹ìƒì SW3ÿWWjWjh€ÿu‰}øÿV‹Øƒûÿu3Àë>WSÿV‰Eô;Çt+jh0PWÿV@‰Eø;ÇtWMüQÿuô‰}üPSÿV‹Eü‹M ‰SÿV‹Eø_[É÷f‰f…ÒtV‹ð+ñƒÁ·f‰f…Òuñ^ÃU‹ìQQ‹E‰Eü‹EüE‰Eø‹Eü;Eøt‹EüŠM ˆ‹Eü@‰Eüëç‹EÉÃfƒ8V‹ðt ƒÆfƒ>u÷+ò· f‰ ƒÂf…Éuñ^ËD$Š@„Éuù+D$HÅÉu3ÀÃfƒ9‹Át ƒÀfƒ8u÷+ÁÑøÅÉt èÚÿÿÿ…ÀtDAþë fƒù\t ƒè·f…Éuï3ÀÃ
process_handle: 0x00000100
base_address: 0x000b0000
success 1 0
1619951369.10975
WriteProcessMemory
process_identifier: 2248
buffer: C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e6aa23dfa1df271046ba903fe3da5434.exe"C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e6aa23dfa1df271046ba903fe3da5434.exe" fileseT zePqEcZJAHWXBWlN = CReaTEobjEct("wSCRipt.sHeLl") ZEpqECZjahWxbwLn.run """%ls""", 0, False
process_handle: 0x00000100
base_address: 0x000c0000
success 1 0
1619951369.18775
CreateProcessInternalW
thread_identifier: 2200
thread_handle: 0x00000108
process_identifier: 2860
current_directory:
filepath:
track: 1
command_line: "C:\Users\Administrator.Oskar-PC\AppData\Local\Temp\e6aa23dfa1df271046ba903fe3da5434.exe"
filepath_r:
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
process_handle: 0x00000104
inherit_handles: 0
success 1 0
1619951369.18775
NtUnmapViewOfSection
process_identifier: 2860
region_size: 4096
process_handle: 0x00000104
base_address: 0x00400000
success 0 0
1619951369.18775
NtMapViewOfSection
section_handle: 0x00000110
process_identifier: 2860
commit_size: 720896
win32_protect: 64 (PAGE_EXECUTE_READWRITE)
buffer:
process_handle: 0x00000104
allocation_type: 0 ()
section_offset: 0
view_size: 720896
base_address: 0x00400000
success 0 0
1619951369.20375
NtGetContextThread
thread_handle: 0x00000108
success 0 0
1619951369.20375
NtSetContextThread
thread_handle: 0x00000108
registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4907056
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
process_identifier: 2860
success 0 0
1619951369.25075
NtResumeThread
thread_handle: 0x00000108
suspend_count: 1
process_identifier: 2860
success 0 0
File has been identified by 55 AntiVirus engines on VirusTotal as malicious (50 out of 55 个事件)
Bkav W32.AIDetectVM.malware2
Elastic malicious (high confidence)
MicroWorld-eScan Trojan.GenericKDZ.67435
FireEye Generic.mg.e6aa23dfa1df2710
McAfee Fareit-FTB!E6AA23DFA1DF
Cylance Unsafe
Zillya Trojan.Injector.Win32.739594
SUPERAntiSpyware Trojan.Agent/Gen-Injector
Sangfor Malware
K7AntiVirus Trojan ( 005680341 )
Alibaba Trojan:Win32/FormBook.c89b716d
K7GW Trojan ( 005680341 )
CrowdStrike win/malicious_confidence_90% (W)
Arcabit Trojan.Generic.D1076B
BitDefenderTheta Gen:NN.ZelphiF.34670.VGW@aqq9TTli
Cyren W32/Injector.RMRF-5194
Symantec Trojan.Gen.MBT
TrendMicro-HouseCall TROJ_GEN.R03BC0DJT20
Avast Win32:Trojan-gen
ClamAV Win.Dropper.LokiBot-7902901-0
Kaspersky HEUR:Trojan.Win32.Kryptik.gen
BitDefender Trojan.GenericKDZ.67435
NANO-Antivirus Trojan.Win32.Banker1.hkqnfw
Paloalto generic.ml
AegisLab Trojan.Win32.Kryptik.4!c
Rising Trojan.Injector!1.C6FA (CLASSIC)
Ad-Aware Trojan.GenericKDZ.67435
Sophos Mal/Generic-R + Mal/Fareit-AA
Comodo Malware@#18l3hcv8abvhi
F-Secure Trojan.TR/Injector.mazyh
DrWeb Trojan.PWS.Banker1.36525
VIPRE Trojan.Win32.Generic!BT
TrendMicro TROJ_GEN.R03BC0DJT20
McAfee-GW-Edition BehavesLike.Win32.Fareit.bc
Emsisoft Trojan.GenericKDZ.67435 (B)
APEX Malicious
Avira TR/Injector.mazyh
MAX malware (ai score=89)
Antiy-AVL Trojan/Win32.Kryptik
Microsoft Trojan:Win32/FormBook.CM!MTB
ZoneAlarm HEUR:Trojan.Win32.Kryptik.gen
GData Trojan.GenericKDZ.67435
Cynet Malicious (score: 100)
AhnLab-V3 Suspicious/Win.Delphiless.X2066
VBA32 TScope.Trojan.Delf
ALYac Trojan.GenericKDZ.67435
Malwarebytes Trojan.MalPack.DLF
ESET-NOD32 a variant of Win32/Injector.EMHC
Tencent Win32.Trojan.Inject.Auto
Yandex Trojan.Igent.bTVd2J.31
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

1992-06-20 06:22:17

Imports

Library kernel32.dll:
0x47313c VirtualFree
0x473140 VirtualAlloc
0x473144 LocalFree
0x473148 LocalAlloc
0x47314c GetVersion
0x473150 GetCurrentThreadId
0x47315c VirtualQuery
0x473160 WideCharToMultiByte
0x473164 MultiByteToWideChar
0x473168 lstrlenA
0x47316c lstrcpynA
0x473170 LoadLibraryExA
0x473174 GetThreadLocale
0x473178 GetStartupInfoA
0x47317c GetProcAddress
0x473180 GetModuleHandleA
0x473184 GetModuleFileNameA
0x473188 GetLocaleInfoA
0x47318c GetCommandLineA
0x473190 FreeLibrary
0x473194 FindFirstFileA
0x473198 FindClose
0x47319c ExitProcess
0x4731a0 WriteFile
0x4731a8 RtlUnwind
0x4731ac RaiseException
0x4731b0 GetStdHandle
Library user32.dll:
0x4731b8 GetKeyboardType
0x4731bc LoadStringA
0x4731c0 MessageBoxA
0x4731c4 CharNextA
Library advapi32.dll:
0x4731cc RegQueryValueExA
0x4731d0 RegOpenKeyExA
0x4731d4 RegCloseKey
Library oleaut32.dll:
0x4731dc SysFreeString
0x4731e0 SysReAllocStringLen
0x4731e4 SysAllocStringLen
Library kernel32.dll:
0x4731ec TlsSetValue
0x4731f0 TlsGetValue
0x4731f4 LocalAlloc
0x4731f8 GetModuleHandleA
Library advapi32.dll:
0x473200 RegQueryValueExA
0x473204 RegOpenKeyExA
0x473208 RegCloseKey
Library kernel32.dll:
0x473210 lstrcpyA
0x473214 WriteFile
0x47321c WaitForSingleObject
0x473220 VirtualQuery
0x473224 VirtualAlloc
0x473228 Sleep
0x47322c SizeofResource
0x473230 SetThreadLocale
0x473234 SetFilePointer
0x473238 SetEvent
0x47323c SetErrorMode
0x473240 SetEndOfFile
0x473244 ResetEvent
0x473248 ReadFile
0x47324c MulDiv
0x473250 LockResource
0x473254 LoadResource
0x473258 LoadLibraryA
0x473264 GlobalUnlock
0x473268 GlobalReAlloc
0x47326c GlobalHandle
0x473270 GlobalLock
0x473274 GlobalFree
0x473278 GlobalFindAtomA
0x47327c GlobalDeleteAtom
0x473280 GlobalAlloc
0x473284 GlobalAddAtomA
0x473288 GetVersionExA
0x47328c GetVersion
0x473290 GetTickCount
0x473294 GetThreadLocale
0x47329c GetSystemTime
0x4732a0 GetSystemInfo
0x4732a4 GetStringTypeExA
0x4732a8 GetStdHandle
0x4732ac GetProcAddress
0x4732b0 GetModuleHandleA
0x4732b4 GetModuleFileNameA
0x4732b8 GetLocaleInfoA
0x4732bc GetLocalTime
0x4732c0 GetLastError
0x4732c4 GetFullPathNameA
0x4732c8 GetFileAttributesA
0x4732cc GetDiskFreeSpaceA
0x4732d0 GetDateFormatA
0x4732d4 GetCurrentThreadId
0x4732d8 GetCurrentProcessId
0x4732dc GetCPInfo
0x4732e0 GetACP
0x4732e4 FreeResource
0x4732e8 InterlockedExchange
0x4732ec FreeLibrary
0x4732f0 FormatMessageA
0x4732f4 FindResourceA
0x4732f8 FindFirstFileA
0x4732fc FindClose
0x473308 ExitThread
0x47330c EnumCalendarInfoA
0x473318 CreateThread
0x47331c CreateFileA
0x473320 CreateEventA
0x473324 CompareStringA
0x473328 CloseHandle
Library version.dll:
0x473330 VerQueryValueA
0x473338 GetFileVersionInfoA
Library gdi32.dll:
0x473340 UnrealizeObject
0x473344 StretchBlt
0x473348 SetWindowOrgEx
0x47334c SetWinMetaFileBits
0x473350 SetViewportOrgEx
0x473354 SetTextColor
0x473358 SetStretchBltMode
0x47335c SetROP2
0x473360 SetPixel
0x473364 SetEnhMetaFileBits
0x473368 SetDIBColorTable
0x47336c SetBrushOrgEx
0x473370 SetBkMode
0x473374 SetBkColor
0x473378 SelectPalette
0x47337c SelectObject
0x473380 SaveDC
0x473384 RestoreDC
0x473388 Rectangle
0x47338c RectVisible
0x473390 RealizePalette
0x473394 Polyline
0x473398 PlayEnhMetaFile
0x47339c PatBlt
0x4733a0 MoveToEx
0x4733a4 MaskBlt
0x4733a8 LineTo
0x4733ac IntersectClipRect
0x4733b0 GetWindowOrgEx
0x4733b4 GetWinMetaFileBits
0x4733b8 GetTextMetricsA
0x4733c4 GetStockObject
0x4733c8 GetPixel
0x4733cc GetPaletteEntries
0x4733d0 GetObjectA
0x4733dc GetEnhMetaFileBits
0x4733e0 GetDeviceCaps
0x4733e4 GetDIBits
0x4733e8 GetDIBColorTable
0x4733ec GetDCOrgEx
0x4733f4 GetClipBox
0x4733f8 GetBrushOrgEx
0x4733fc GetBitmapBits
0x473400 ExtTextOutA
0x473404 ExcludeClipRect
0x473408 DeleteObject
0x47340c DeleteEnhMetaFile
0x473410 DeleteDC
0x473414 CreateSolidBrush
0x473418 CreatePenIndirect
0x47341c CreatePalette
0x473424 CreateFontIndirectA
0x473428 CreateDIBitmap
0x47342c CreateDIBSection
0x473430 CreateCompatibleDC
0x473438 CreateBrushIndirect
0x47343c CreateBitmap
0x473440 CopyEnhMetaFileA
0x473444 BitBlt
Library user32.dll:
0x47344c CreateWindowExA
0x473450 WindowFromPoint
0x473454 WinHelpA
0x473458 WaitMessage
0x47345c UpdateWindow
0x473460 UnregisterClassA
0x473464 UnhookWindowsHookEx
0x473468 TranslateMessage
0x473470 TrackPopupMenu
0x473478 ShowWindow
0x47347c ShowScrollBar
0x473480 ShowOwnedPopups
0x473484 ShowCursor
0x473488 SetWindowsHookExA
0x47348c SetWindowTextA
0x473490 SetWindowPos
0x473494 SetWindowPlacement
0x473498 SetWindowLongA
0x47349c SetTimer
0x4734a0 SetScrollRange
0x4734a4 SetScrollPos
0x4734a8 SetScrollInfo
0x4734ac SetRect
0x4734b0 SetPropA
0x4734b4 SetParent
0x4734b8 SetMenuItemInfoA
0x4734bc SetMenu
0x4734c0 SetForegroundWindow
0x4734c4 SetFocus
0x4734c8 SetCursor
0x4734cc SetClassLongA
0x4734d0 SetCapture
0x4734d4 SetActiveWindow
0x4734d8 SendMessageA
0x4734dc ScrollWindow
0x4734e0 ScreenToClient
0x4734e4 RemovePropA
0x4734e8 RemoveMenu
0x4734ec ReleaseDC
0x4734f0 ReleaseCapture
0x4734fc RegisterClassA
0x473500 RedrawWindow
0x473504 PtInRect
0x473508 PostQuitMessage
0x47350c PostMessageA
0x473510 PeekMessageA
0x473514 OffsetRect
0x473518 OemToCharA
0x47351c MessageBoxA
0x473520 MapWindowPoints
0x473524 MapVirtualKeyA
0x473528 LoadStringA
0x47352c LoadKeyboardLayoutA
0x473530 LoadIconA
0x473534 LoadCursorA
0x473538 LoadBitmapA
0x47353c KillTimer
0x473540 IsZoomed
0x473544 IsWindowVisible
0x473548 IsWindowEnabled
0x47354c IsWindow
0x473550 IsRectEmpty
0x473554 IsIconic
0x473558 IsDialogMessageA
0x47355c IsChild
0x473560 InvalidateRect
0x473564 IntersectRect
0x473568 InsertMenuItemA
0x47356c InsertMenuA
0x473570 InflateRect
0x473578 GetWindowTextA
0x47357c GetWindowRect
0x473580 GetWindowPlacement
0x473584 GetWindowLongA
0x473588 GetWindowDC
0x47358c GetTopWindow
0x473590 GetSystemMetrics
0x473594 GetSystemMenu
0x473598 GetSysColorBrush
0x47359c GetSysColor
0x4735a0 GetSubMenu
0x4735a4 GetScrollRange
0x4735a8 GetScrollPos
0x4735ac GetScrollInfo
0x4735b0 GetPropA
0x4735b4 GetParent
0x4735b8 GetWindow
0x4735bc GetMessagePos
0x4735c0 GetMenuStringA
0x4735c4 GetMenuState
0x4735c8 GetMenuItemInfoA
0x4735cc GetMenuItemID
0x4735d0 GetMenuItemCount
0x4735d4 GetMenu
0x4735d8 GetLastActivePopup
0x4735dc GetKeyboardState
0x4735e4 GetKeyboardLayout
0x4735e8 GetKeyState
0x4735ec GetKeyNameTextA
0x4735f0 GetIconInfo
0x4735f4 GetForegroundWindow
0x4735f8 GetFocus
0x4735fc GetDlgItem
0x473600 GetDesktopWindow
0x473604 GetDCEx
0x473608 GetDC
0x47360c GetCursorPos
0x473610 GetCursor
0x473614 GetClipboardData
0x473618 GetClientRect
0x47361c GetClassNameA
0x473620 GetClassInfoA
0x473624 GetCapture
0x473628 GetActiveWindow
0x47362c FrameRect
0x473630 FindWindowA
0x473634 FillRect
0x473638 EqualRect
0x47363c EnumWindows
0x473640 EnumThreadWindows
0x473644 EndPaint
0x473648 EnableWindow
0x47364c EnableScrollBar
0x473650 EnableMenuItem
0x473654 DrawTextA
0x473658 DrawMenuBar
0x47365c DrawIconEx
0x473660 DrawIcon
0x473664 DrawFrameControl
0x473668 DrawFocusRect
0x47366c DrawEdge
0x473670 DispatchMessageA
0x473674 DestroyWindow
0x473678 DestroyMenu
0x47367c DestroyIcon
0x473680 DestroyCursor
0x473684 DeleteMenu
0x473688 DefWindowProcA
0x47368c DefMDIChildProcA
0x473690 DefFrameProcA
0x473694 CreatePopupMenu
0x473698 CreateMenu
0x47369c CreateIcon
0x4736a0 ClientToScreen
0x4736a4 CheckMenuItem
0x4736a8 CallWindowProcA
0x4736ac CallNextHookEx
0x4736b0 BeginPaint
0x4736b4 CharNextA
0x4736b8 CharLowerBuffA
0x4736bc CharLowerA
0x4736c0 CharToOemA
0x4736c4 AdjustWindowRectEx
Library kernel32.dll:
0x4736d0 Sleep
Library oleaut32.dll:
0x4736d8 SafeArrayPtrOfIndex
0x4736dc SafeArrayGetUBound
0x4736e0 SafeArrayGetLBound
0x4736e4 SafeArrayCreate
0x4736e8 VariantChangeType
0x4736ec VariantCopy
0x4736f0 VariantClear
0x4736f4 VariantInit
Library comctl32.dll:
0x473704 ImageList_Write
0x473708 ImageList_Read
0x473718 ImageList_DragMove
0x47371c ImageList_DragLeave
0x473720 ImageList_DragEnter
0x473724 ImageList_EndDrag
0x473728 ImageList_BeginDrag
0x47372c ImageList_Remove
0x473730 ImageList_DrawEx
0x473734 ImageList_Replace
0x473738 ImageList_Draw
0x473748 ImageList_Add
0x473750 ImageList_Destroy
0x473754 ImageList_Create
0x473758 InitCommonControls
Library comdlg32.dll:
0x473760 GetOpenFileNameA

Hosts

No hosts contacted.

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 51808 114.114.114.114 53
192.168.56.101 51963 114.114.114.114 53
192.168.56.101 55368 114.114.114.114 53
192.168.56.101 60123 114.114.114.114 53
192.168.56.101 60384 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 123 20.189.79.72 time.windows.com 123
192.168.56.101 49713 224.0.0.252 5355
192.168.56.101 51378 224.0.0.252 5355
192.168.56.101 53237 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 58367 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 62318 224.0.0.252 5355
192.168.56.101 63429 224.0.0.252 5355
192.168.56.101 65004 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 51379 239.255.255.250 3702
192.168.56.101 55371 239.255.255.250 1900

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.