Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 13, 2021, 9:57 a.m.	April 13, 2021, 10:21 a.m.

Size	2.5MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`78859832e79c6d7aedad2de7612b375c`
SHA256	`41d1addb382678e81ab59cb80613f2c2ee746b2615233674cc8c323a9a0eff4c`
CRC32	`D970AACE`
ssdeep	`49152:ug8rPO37fzH4A6hanqNmmH0NUF9wZdmD:P8rPO37fzH4A6h0Xiad`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet escalate_priv - Escalade priviledges screenshot - Take screenshot keylogger - Run a keylogger spreading_file - Malware can spread east-west file win_mutex - Create or check mutex win_registry - Affect system registries win_token - Affect system token win_private_profile - Affect private profile win_files_operation - Affect private profile PE_Header_Zero - PE File Signature Zero OS_Processor_Check_Zero - OS Processor Check Signature Zero IsPE32 - (no description) IsWindowsGUI - (no description) HasOverlay - Overlay Check HasDigitalSignature - DigitalSignature Check borland_delphi - Borland Delphi 2.0 - 7.0 / 2005 - 2007

prun.exe "C:\Users\test22\AppData\Local\Temp\prun.exe"
2776
- prun.exe "C:\Users\test22\AppData\Local\Temp\prun.exe"
  3016

Name	Response	Post-Analysis Lookup
class.checkblanco.xyz	A 195.181.169.92	195.181.169.92

IP Address	Status	Action
164.124.101.2	Active	Moloch
195.181.169.92	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	CODE
section	DATA
section	BSS
section
section	Lagooonw
section	Charcoal

One or more processes crashed (50 out of 32170 events)

Time & API	Arguments	Status
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 6881280 registers.eax: 0 registers.ebp: 1638156 registers.edx: 1971190272 registers.ebx: 1970475554 registers.esi: 1971198068 registers.ecx: 0	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 6946816 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 7012352 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 7077888 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 7143424 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 7208960 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 7274496 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 7340032 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 7405568 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 7471104 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 7536640 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 7602176 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 7667712 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 7733248 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 7798784 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 8126464 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 0	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 8192000 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 8257536 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 8323072 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 8388608 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 8454144 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 8519680 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 8585216 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 8650752 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 8716288 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 8781824 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 8847360 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 8978432 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 0	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9043968 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9109504 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9175040 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9240576 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9306112 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9371648 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9437184 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9502720 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9568256 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9633792 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9699328 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9764864 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9830400 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9895936 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 9961472 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 10027008 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 10092544 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 10158080 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 10223616 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 10289152 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 10354688 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1
__exception__ April 13, 2021, 9:57 a.m.	stacktrace: prun+0x198acb @ 0x598acb 0x18ff7c prun+0x9b7f4 @ 0x49b7f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757333ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 3f 5f b8 01 00 00 00 3e 8b 4d 14 64 89 0d 00 exception.symbol: prun+0x197081 exception.instruction: mov edi, dword ptr [edi] exception.module: prun.exe exception.exception_code: 0xc0000005 exception.offset: 1667201 exception.address: 0x597081 registers.esp: 1638144 registers.edi: 10420224 registers.eax: 0 registers.ebp: 1638156 registers.edx: 2000579277 registers.ebx: 0 registers.esi: 1637020 registers.ecx: 1638220	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Starts servers listening (6 events)

Time & API	Arguments	Status	Return
bind April 13, 2021, 9:57 a.m.	ip_address: 127.0.0.1 socket: 148 port: 0	1	0
listen April 13, 2021, 9:57 a.m.	socket: 148 backlog: 1	1	0
accept April 13, 2021, 9:57 a.m.	ip_address: socket: 148 port: 0	1	156
bind April 13, 2021, 9:57 a.m.	ip_address: 127.0.0.1 socket: 148 port: 0	1	0
listen April 13, 2021, 9:57 a.m.	socket: 148 backlog: 1	1	0
accept April 13, 2021, 9:57 a.m.	ip_address: socket: 148 port: 0	1	164

Allocates read-write-execute memory (usually to unpack itself) (3 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 2776 region_size: 503808 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00690000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 2776 region_size: 1572864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01fa0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773bf000 process_handle: 0xffffffff	1

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW April 13, 2021, 9:57 a.m.	thread_identifier: 2056 thread_handle: 0x000000f8 process_identifier: 3016 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\prun.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\prun.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\prun.exe stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) inherit_handles: 1 process_handle: 0x000000fc	1	1	0

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (4 events)

Time & API	Arguments	Status	Return
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000a8 process_name: pw.exe process_identifier: 3056	1	1
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000a8 process_name: taskhost.exe process_identifier: 3052	1	1
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000a8 process_name: prun.exe process_identifier: 2776	1	1
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x00000104 process_name: prun.exe process_identifier: 3016	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00094000', u'virtual_address': u'0x00105000', u'entropy': 7.9719070355802595, u'name': u'Lagooonw', u'virtual_size': u'0x00094000'}

entropy

7.97190703558

description

A section with a high entropy has been found

entropy

0.23297914207

description

Overall entropy of this PE file is high

Repeatedly searches for a not-found process, you may want to run a web browser during analysis (21 events)

Time & API	Arguments	Status	Return	Repeated
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000a8 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000ac process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000b0 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000b4 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000b8 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000bc process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000c0 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000c4 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000c8 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000cc process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000d0 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000d4 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000d8 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000dc process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000e0 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000e4 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000e8 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000ec process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000f0 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x000000f4 process_name: prun.exe process_identifier: 2776		0	0
Process32NextW April 13, 2021, 9:57 a.m.	snapshot_handle: 0x00000104 process_name: prun.exe process_identifier: 3016		0	0

Potentially malicious URLs were found in the process memory dump (3 events)

url	https://curl.se/docs/alt-svc.html
url	https://curl.se/docs/http-cookies.html
url	https://class.checkblanco.xyz/tasks

Yara rule detected in process memory (16 events)

description	Listen for incoming communication	rule	network_tcp_listen
description	Communications smtp	rule	network_smtp_raw
description	Communications over RAW socket	rule	network_tcp_socket
description	Communications use DNS	rule	network_dns
description	Affect system registries	rule	win_registry
description	Affect system token	rule	win_token
description	Affect private profile	rule	win_files_operation
description	Match Winsock 2 API library declaration	rule	Str_Win32_Winsock2_Library
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Allocates execute permission to another process indicative of possible code injection (5 events)

Time & API	Arguments	Status	Return
NtAllocateVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 3016 region_size: 749568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000fc		3221225496
NtAllocateVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 3016 region_size: 749568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000fc	1	0
NtProtectVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 3016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x773bf000 process_handle: 0x000000fc	1	0
NtAllocateVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x001e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000fc	1	0
NtAllocateVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x001f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000fc	1	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2776 resumed a thread in remote process 3016
NtResumeThread April 13, 2021, 9:57 a.m.	thread_handle: 0x000000f8 suspend_count: 1 process_identifier: 3016	1	0	0

Detects the presence of Wine emulator (1 event)

Time & API	Arguments	Status	Return	Repeated
LdrGetProcedureAddress April 13, 2021, 9:57 a.m.	ordinal: 0 function_address: 0x00496760 function_name: wine_get_version module: ntdll module_address: 0x773a0000		3221225785	0

Executed a process and injected code into it, probably while unpacking (9 events)

Time & API	Arguments	Status	Return
CreateProcessInternalW April 13, 2021, 9:57 a.m.	thread_identifier: 2056 thread_handle: 0x000000f8 process_identifier: 3016 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\prun.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\prun.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\prun.exe stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) inherit_handles: 1 process_handle: 0x000000fc	1	1
NtGetContextThread April 13, 2021, 9:57 a.m.	thread_handle: 0x000000f8	1	0
NtAllocateVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 3016 region_size: 749568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000fc		3221225496
NtUnmapViewOfSection April 13, 2021, 9:57 a.m.	base_address: 0x00400000 region_size: 4096 process_identifier: 3016 process_handle: 0x000000fc	1	0
NtUnmapViewOfSection April 13, 2021, 9:57 a.m.	base_address: 0x00400000 region_size: 1994129408 process_identifier: 3016 process_handle: 0x000000fc		3221225497
NtAllocateVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 3016 region_size: 749568 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000fc	1	0
NtAllocateVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x001e0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000fc	1	0
NtAllocateVirtualMemory April 13, 2021, 9:57 a.m.	process_identifier: 3016 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x001f0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000000fc	1	0
NtResumeThread April 13, 2021, 9:57 a.m.	thread_handle: 0x000000f8 suspend_count: 1 process_identifier: 3016	1	0

File has been identified by 52 AntiVirus engines on VirusTotal as malicious (50 out of 52 events)

Elastic	malicious (high confidence)
DrWeb	Trojan.DownLoad4.14336
MicroWorld-eScan	Trojan.GenericKD.36618052
FireEye	Trojan.GenericKD.36618052
CAT-QuickHeal	Trojan.Inject
ALYac	Trojan.GenericKD.36618052
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 00579d5a1 )
Alibaba	Backdoor:Win32/Coroxy.8f35bde4
K7GW	Trojan ( 00579d5a1 )
Arcabit	Trojan.Generic.D22EBF44
Cyren	W32/Trojan.RDRU-4274
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/GenCBL.AFI
Avast	FileRepMalware
ClamAV	Win.Trojan.Gencbl-9848074-0
Kaspersky	Trojan.Win32.Inject.anpnz
BitDefender	Trojan.GenericKD.36618052
Paloalto	generic.ml
ViRobot	Trojan.Win32.Z.Inject.2611424
Ad-Aware	Trojan.GenericKD.36618052
Emsisoft	MalCert.A (A)
Comodo	TrojWare.Win32.Agent.rynyu@0
Zillya	Backdoor.Xaparo.Win32.77
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
SentinelOne	Static AI - Suspicious PE
Jiangmin	Trojan.Inject.bszw
Webroot	W32.Trojan.Gen
Avira	TR/Dldr.Agent.zalkl
Kingsoft	Win32.Troj.Inject.(kcloud)
Gridinsoft	Trojan.Agent.sd!c
Microsoft	Backdoor:Win32/Coroxy.STB
GData	Trojan.GenericKD.36618052
Cynet	Malicious (score: 99)
Acronis	suspicious
McAfee	Artemis!78859832E79C
MAX	malware (ai score=100)
VBA32	TrojanSpy.Solmyr
Malwarebytes	Trojan.Dropper
TrendMicro-HouseCall	Backdoor.Win32.COROXY.USASHDA21
Rising	Backdoor.Coroxy!8.12282 (CLOUD)
Yandex	Backdoor.Androm!ZSnkgg2c8HQ
Ikarus	Trojan.Win32.Generic
Fortinet	W32/GenCBL.AFI!tr
MaxSecure	Trojan.Malware.116238361.susgen
AVG	FileRepMalware
Panda	Trj/CI.A

prun.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All