Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	May 19, 2023, 6:06 p.m.	May 19, 2023, 6:08 p.m.

Size	2.0MB
Type	HTML document, ASCII text, with very long lines
MD5	`126439fe4d3f566c2171c0b63479931b`
SHA256	`3ed7e235901cc3dee304b1384e4a17af55283eb43abd9bdbdd6a64106ad4b37d`
CRC32	`21F1227F`
ssdeep	`24576:78qEK5s/9UnAPoDBxNJvd9OrPOGPbEatzUYFMTiDuxBt5FVLQ937I8tg1iOVttoR:7hbAgdxNJd7GD/+nU7I/VvZo5B`
Yara	None matched

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\rt.php.ps1
3020

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Command line console output was observed (50 out of 38295 events)

Time & API	Arguments	Status	Return
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: The string starting: console_handle: 0x0000001b	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: At C:\Users\test22\AppData\Local\Temp\rt.php.ps1:3 char:112 console_handle: 0x00000027	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: + <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8 console_handle: 0x00000033	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: "></head><body>$16qwcvsp5riz203 = <<<< "duk8NjlkdTd0end8KYCLZnJncSNwendpaZOyrH console_handle: 0x0000003f	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: GaxcA5gOZjaRo1MzlvdTdwMiMiPS4HBBcgOXucQBoRfTeC6wpZPBBpkrFs40lRVJCLVNQ23g6U6UYus console_handle: 0x0000004b	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: nDmZ685srubWGscXPWXFvIZ6wol74/wrPApzotiESbWyTroG5K6oyQb10ZDr/t4ADBM/29Ve1sgNNdX console_handle: 0x00000057	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: TrF0FKdBh7nYtPGtfx+GG+EP1dzzsoXqxUSrTMDT3ZHvpO6hVyFqi0PtG014istUGMd48ojZP8zGW83 console_handle: 0x00000063	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: S24bO5mrGhd30JG0IYMXPwLisxQGUKqfDmkeclHCMvwC+Mt5iSIGc9LD77dvJQhzcpwyT43vp6AjsoM console_handle: 0x0000006f	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: GHTsET/HK/jVOe15683SDmg+x1A0qGAb0/C863iywLjKUXJ61nglwfy5BdGcHY3c9J1qdCkaSkq5IF8 console_handle: 0x0000007b	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: QeYuwCcJLBX38CEw2ACqVjadfw/YAo+tQNVLqhVSEb1MqjAoqSE7gC+RxlrP17O26NEM3LtZUDET+2D console_handle: 0x00000087	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: zlrSCTmR1sJsifOoyEAT+0BnpUhtWKz591s4JYgUuXsWmNDe+HkHESV3xXv8JZXenmsLghabuF1Y/sE console_handle: 0x00000093	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: T8FrxOorOEdrqr4m0ZSG896qN9dFbEU17o88cB+n8AtnzBexgBnSAuUoHhBVVEWg6Em33ro/mdk8YzP console_handle: 0x0000009f	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: qiwkptTdbn+jeSp0B7VwLSdMLDBE/HSoielcZ7CwDF6ddNPsHKok+pqMOej0Tz3kzLfBt9vVGJI45G9 console_handle: 0x000000ab	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: oxXNExFXzJuWTv5UUo9wSewqEYP6+Rky2LoJP/EeYpSR7uiGVAc5G/QRWYI9ITA38cY9+PEFBsYr1dQ console_handle: 0x000000b7	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: xqAXPxpOMQlBgIuiF95yq9W4Nu6Ho9+n7J8QiX87D9SufRyXDRWh7v69l0Dk1hT+aor7ogmFbRqy/QU console_handle: 0x000000c3	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: S64Sb9WvwLyvhhXUCVk31OnJniIVdoaVQVwZA1R8h/hxJg9eVnAyRHzQ8MdG/VzwBXDFgwhDmnE0/4B console_handle: 0x000000cf	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: 93sIrXMLVBhscqxZLnH99YhkYrxq7f+8+gGdU2uyOgBJuv4qdDkAU3NBE55ac3rC3htUzfONvzqWpaw console_handle: 0x000000db	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: G3L2Qbqe4No7LxYfi9T+IzFoUnRlsfi7MTnM80dgDncV1lgpb+8xRJQSQewJQOa/Vkaa6Jb4rBTL4vO console_handle: 0x000000e7	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: Pi7RkaFwSH5WAC7tN+BtwGcfaD2Xqd1wyRoEh0ty1eF5sfCFnTJBok/jRH1Y4rrmZ4Z2bOGaDmdK+6+ console_handle: 0x000000f3	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: fkhxXQ9L6OpiY/DGzx6LwdZyMZ/r5JkEuySTtemo10q5qnMdcqQMPg3HW6YsdrgGJlQrOV8UfQ4tha1 console_handle: 0x000000ff	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: VfKubKbSu3JAg+f4SM20IJzgzevheRcVUsRAVvaOKXb5tkAyLOw9bo/Qty0eulGR7xGWy0Bf4q0nlQp console_handle: 0x0000010b	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: 3P/PoxtJON/10OnNfPr5y3O7Rbo8m+Nbouwc5sMp2vydeVInjKxUb9jXI4w8vWYUfAB53+GP3CkJP3c console_handle: 0x00000117	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: XlWPpm9Zs+aJuW4fgTQjDVQ0EAp7YnztUbkyddpwrK/EQyxWf0buMLCxGHc4sdVV/Vae+YWYojE4ZXq console_handle: 0x00000123	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: Ug1p/x6cmiqWagEhAkpBkgXC2q2h4Kg2jlKr2WnkiBJZFjK2sksX95qMvdoVAQbTv/mty1lQSJzkmJp console_handle: 0x0000012f	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: CviAkcyHEJ50EhAqVfAiVqdhSZjBzFcVshCxB+FtOlrSVrpLmqmOnPrgRkAAJaPIrlb+vjkcNIgFRHl console_handle: 0x0000013b	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: PNFwn6ipWhfjzkrl/59/KZTPM6DXV7eBTDGLZwjXpN/3zIqSdt35VlN9u33/9j6DqTiLc68H9UtSI4T console_handle: 0x00000147	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: O1P9RGtSvEPqRb4V81V9z0pCXMiKM73+XCvN4aGB8bLQuoqrHrOb83Q7J2kLwDEUSI1u/acver9N43b console_handle: 0x00000153	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: Qrm68so3aLd1TiwYtwSBRLzOJvGMY9daxk/vmlzDwNc1TmZ/u5cOrB3Cd8KTkVTkz1x+mxMAtv9A45A console_handle: 0x0000015f	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: Mpg+UO5yGGVPJrOKRHwUX+P0L5sny+UWw4L5xNRYyiMm/Wc3gYyEhijcly/uzuKuIMXpJRAEShiGDhY console_handle: 0x0000016b	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: t3uhnTnlv2PDRurJ/+bLVQ5VF4WHa+cGJfkEbvkCqiIl/sHxb/wxF423WERfngBHblEMo9yIZDr3my0 console_handle: 0x00000177	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: qylwEoknIk7QYm8fV7PguDwRBDpi4U+F/IEvPYoj/SmxTBs1/AW0fosht2MJmkS2C+TO1+IE72wpQIU console_handle: 0x00000183	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: hl+H4hsophmYDVmwtqtIP2E4Hs9c+7HPv3DMlTEjeA0gdAg4KEbQvGVGlT9AMUk1anjzl9ROEY2RGe7 console_handle: 0x0000018f	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: Dsxs35FIzoTxiouCKyyg6Y/U3cuCeDlFvSVMH5atLfGwFkkj+oMrQZwbw6y4nfcMvJf6plL5ovcwOol console_handle: 0x0000019b	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: HdlMfnB9vRs1JqINN+1X2/dIG7wUip0bvBPG4dmj0SvSTMbEVmFyL/Z9539Qt4aF+iARX4eDn5XL/uD console_handle: 0x000001a7	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: fRPnaChIHZ4xeAm2pKe/ZIWQuzvh/4Kwb4zrxtBcFmR6oWdyLbLIMb5rIX8KgktO0sOCsD+U722RhVZ console_handle: 0x000001b3	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: gRe0jfngxazmm9q9GzXpuokMjKpvZ8L8IoPVMFYbFNpsQ4VYXMaJ4RQ21IM0T8h6G7Dt+hwFIOxh67i console_handle: 0x000001bf	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: ulODxo3srA6n9P9wjFbw/Cc9p3UYzVVw2rufBqJB7oWpx+g9cYnIm33NyqUFWYcSeJWpCRfqCqZty9M console_handle: 0x000001cb	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: f/8H4jCV4XFtLf4joynYm8KayfyOV9om35v7K+/2q7qpvXCCW9K8ZB2LbdYvqGeYxolWisD7Szja6Li console_handle: 0x000001d7	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: li5qwCk+JxZoJ+EjbekP8BFXkpLBoG9OW3pT5q9TUGo1Pu608vKtdJ9XlyBnRj1gT5IYe/skmAuqzMZ console_handle: 0x000001e3	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: Kri94MgCl0r2xYfq2Dm270DoPOeIzkxpEKUHJYSuQngafFvEzKAi5GPCL6U2V9XZ16Wir5PSQV5V1iF console_handle: 0x000001ef	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: 6OmAPOLPYrb28VvT1+vaSVOnRfA7+6s6XrZBAnwj2RMfQ/WRoNA0FhbdvBflhisXhox3pizmqUF0c7E console_handle: 0x000001fb	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: pTvkoMeeBhPdZ3AG4TI4Xp1l+x+gFIIRp7LM9MPgq2FL3/2tPpovZ1vJLrnwkBusejwc5yfo0nmGESb console_handle: 0x00000207	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: QYd/aBJ2bE551jeEcvoWZwPfHBN0volj5hycGxsXBhQz7CoNmcte9lLpjUQEIXLdPCCUdN0ITe+oHTR console_handle: 0x00000213	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: vEQvkJnKVxjqOe6t7Kh+xhqoLehfJVYFvGfoVQnw4OJCC8DPMjVmOjrgD2IyooqtprMW1HdDiCuwD+p console_handle: 0x0000021f	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: WTfSfWSqvm3ptqgNMsrqOd2B9aajH/X3AEx9P1Ifrf3oZndOdsknyL5Areaz6RPYIhfkjzzkryI6OeI console_handle: 0x0000022b	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: YDeASRyCBwpp+lrqwIpRFnMnLzLhl3/+ksTY0eqw/ZWhtAtCD+adPrKJNKb7M1UcS8qOjrGR+vv5qcB console_handle: 0x00000237	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: hTPY+Fzh85Mv7OOVs15YzjO+tjgcAqFb/gSw8fYavXhzoEjjNHKf4kNkIvvxZV0j2bCYr+AcljKF6QZ console_handle: 0x00000243	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: euo8v2oKVAjLOJ/vPgilWcY0rl7XLWgqHgiKHFDeRiIVQUzwEggjtiEu6ZZyDo8rdyzbr6Q+5kg4BV6 console_handle: 0x0000024f	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: nnKAv+rwmUxDNuYHWCO8IQ0NdbX4OWDfo0CTiJ03CnedF2X5yq9I023Y/B6R/gSj+cTNEoHX6iHbzKa console_handle: 0x0000025b	1	1
WriteConsoleW May 19, 2023, 6:06 p.m.	buffer: Q2e8nk8TOaXt3deU2idrAliWDcjRB/QgHEAQ+toMGaiEAKdYJtXPMmmc3l82veQnppBgAn9IYsPNXNk console_handle: 0x00000267	1	1

Uses Windows APIs to generate a cryptographic key (6 events)

Time & API	Arguments	Status	Return
CryptExportKey May 19, 2023, 6:06 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x004c1d48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 19, 2023, 6:06 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x004c1d48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 19, 2023, 6:06 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0044f250 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 19, 2023, 6:06 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0044f250 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 19, 2023, 6:06 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0044f250 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey May 19, 2023, 6:06 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0044f250 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx May 19, 2023, 6:06 p.m.		1	1	0

Allocates read-write-execute memory (usually to unpack itself) (20 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f5b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 1703936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05690000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x057f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x057f1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x057f2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x057f3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x057f4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x057f5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x057f6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x057f7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x057f8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 69632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x057fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0580d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0580e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0580f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022bf000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01ef9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02750000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02752000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory May 19, 2023, 6:06 p.m.	process_identifier: 3020 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02753000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

rt.php.ps1

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All