Summary | ZeroBOX

pyjksf.exe

Generic Malware Malicious Library UPX PE File OS Processor Check PE32
Category Machine Started Completed
FILE s1_win7_x6403_us Feb. 19, 2025, 11:21 a.m. Feb. 19, 2025, 11:44 a.m.
Size 120.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 d26d5412e2228fb671609e601f95fec6
SHA256 e4f217ba88c958e07c5adacb25eb6e297c7bc7075be8a5e0d40812683eda03dd
CRC32 6E66CF93
ssdeep 3072:FEFRh0auCcJVwDjwzTC2SCn/FtVQenIuxIGWsnRR9pLTfXvXeD:W3h0aMJ+Hw3Pgen79/fvO
PDB Path C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • Generic_Malware_Zero - Generic Malware
  • OS_Processor_Check_Zero - OS Processor Check
  • UPX_Zero - UPX packed file

Name Response Post-Analysis Lookup
t.me
steamcommunity.com
IP Address Status Action
149.154.167.99 Active Moloch
164.124.101.2 Active Moloch
23.49.154.73 Active Moloch
95.217.243.100 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.103:49161 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49163 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49161 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49166 -> 23.49.154.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 95.217.243.100:443 -> 192.168.56.103:49169 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49163 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49161 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49163 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49173 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49164 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49171 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49171 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49171 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49181 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49181 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49181 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49185 -> 23.49.154.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 95.217.243.100:443 -> 192.168.56.103:49188 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49194 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49194 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49194 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49172 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49172 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49172 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49196 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49182 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49195 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49195 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49180 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49180 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49195 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49180 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49198 -> 23.49.154.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49190 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49175 -> 23.49.154.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49190 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49190 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 95.217.243.100:443 -> 192.168.56.103:49219 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49227 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 95.217.243.100:443 -> 192.168.56.103:49201 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 95.217.243.100:443 -> 192.168.56.103:49178 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 95.217.243.100:443 -> 192.168.56.103:49232 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49191 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49204 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49191 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.154.167.99:443 -> 192.168.56.103:49236 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49204 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49191 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49192 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49212 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49212 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49212 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49203 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49203 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.154.167.99:443 -> 192.168.56.103:49205 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49247 -> 23.49.154.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49203 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49221 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49221 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 95.217.243.100:443 -> 192.168.56.103:49210 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49226 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49221 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49226 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49226 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 95.217.243.100:443 -> 192.168.56.103:49241 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49245 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49216 -> 23.49.154.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 95.217.243.100:443 -> 192.168.56.103:49250 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49229 -> 23.49.154.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49253 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49253 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.154.167.99:443 -> 192.168.56.103:49254 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49253 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49266 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49266 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49266 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 95.217.243.100:443 -> 192.168.56.103:49272 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49243 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49243 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49243 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49269 -> 23.49.154.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49234 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 95.217.243.100:443 -> 192.168.56.103:49281 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49234 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49258 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49284 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49284 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49238 -> 23.49.154.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49284 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49285 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49275 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49275 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49275 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49213 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49213 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49213 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49214 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49223 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49235 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49235 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49235 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49252 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49252 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49252 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49260 -> 23.49.154.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49274 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49274 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49274 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49278 -> 23.49.154.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 149.154.167.99:443 -> 192.168.56.103:49267 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49276 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49283 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49283 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49283 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49207 -> 23.49.154.73:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49222 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49222 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49222 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49225 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49225 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49225 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49244 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49244 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49244 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49256 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49256 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49256 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49257 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49257 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49257 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 95.217.243.100:443 -> 192.168.56.103:49263 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.103:49265 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49265 -> 149.154.167.99:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.103:49265 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49275 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49181 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49213 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49243 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49284 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49257 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49221 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49253 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49252 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49274 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49222 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49180 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49225 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49203 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49190 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49204 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49172 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49265 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49163 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49191 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49212 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49235 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49171 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49161 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49256 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49226 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49195 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49266 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49194 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49283 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity
TCP 192.168.56.103:49234 -> 149.154.167.99:443 2041933 ET INFO Observed Telegram Domain (t .me in TLS SNI) Misc activity

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.103:49166
23.49.154.73:443
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com 83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1
192.168.56.103:49185
23.49.154.73:443
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com 83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1
192.168.56.103:49198
23.49.154.73:443
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com 83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1
192.168.56.103:49175
23.49.154.73:443
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com 83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1
192.168.56.103:49247
23.49.154.73:443
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com 83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1
192.168.56.103:49216
23.49.154.73:443
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com 83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1
192.168.56.103:49229
23.49.154.73:443
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com 83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1
192.168.56.103:49269
23.49.154.73:443
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com 83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1
192.168.56.103:49238
23.49.154.73:443
None None None
TLSv1
192.168.56.103:49260
23.49.154.73:443
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com 83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1
192.168.56.103:49278
23.49.154.73:443
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com 83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1
192.168.56.103:49207
23.49.154.73:443
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com 83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83

Time & API Arguments Status Return Repeated

GetComputerNameW

computer_name: TEST22-PC
1 1 0
pdb_path C:\Users\Administrator\Desktop\vdr1\Release\vdr1.pdb
section .00cfg
suspicious_features GET method with no useragent header suspicious_request GET https://steamcommunity.com/profiles/76561199825403037
request GET https://steamcommunity.com/profiles/76561199825403037
host 95.217.243.100
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob
process pyjksf.exe useragent
process pyjksf.exe useragent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:137.0) Gecko/20100101 Firefox/137.0