Summary | ZeroBOX

Category	Machine	Started	Completed
URL	s1_win7_x6402	Aug. 6, 2021, 9 a.m.	Aug. 6, 2021, 9:02 a.m.

URL	http://lunasier.tistory.com/

iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" http://lunasier.tistory.com/
1628
- iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1628 CREDAT:145409
  2172

Name	Response	Post-Analysis Lookup
cdn.cloudimagesb.com	A 213.174.135.4 A 213.174.135.3 CNAME cdn10236888.ahacdn.me	213.174.135.4
www.google-analytics.com	CNAME www-google-analytics.l.google.com A 172.217.161.142	172.217.175.238
search1.daumcdn.net	A 121.53.201.198 CNAME search-xi6mgp35.kgslb.com	121.53.201.198
www.googletagmanager.com	CNAME www-googletagmanager.l.google.com A 172.217.161.168	142.250.196.104
tistory3.daumcdn.net	CNAME t1.int.daumcdn.net A 211.249.219.23 A 121.53.85.3 A 121.53.202.238 A 121.53.218.30 A 121.53.201.236 A 211.231.99.68	211.231.99.68
login.microsoftonline.com	CNAME www.tm.ak.prd.aadg.trafficmanager.net A 40.126.52.0 A 40.126.52.1 A 40.126.52.147 A 40.126.52.2 A 40.126.52.146 A 40.126.52.3 A 40.126.52.150 A 20.190.144.140 CNAME ak.privatelink.msidentity.com	40.126.52.150
i1.daumcdn.net	A 211.231.100.117 A 203.217.238.37 A 203.217.238.40	203.217.238.37
developers.kakao.com	A 211.249.221.246 CNAME developers.gl.kakao.com	121.53.104.157
lunasier.tistory.com	A 211.249.222.33 CNAME wildcard-tistory-fz0x1pwf.kgslb.com	211.231.99.250
webid.ad.daum.net	A 121.53.104.76	121.53.104.76
www.displaycontentnetwork.com	A 192.243.59.12 A 192.243.59.20 A 192.243.59.13	192.243.59.12
www2.bing.com	CNAME www2-bing-com.dual-a-0001.a-msedge.net CNAME dual-a-0001.a-msedge.net A 204.79.197.200 A 13.107.21.200	13.107.21.200
login.live.com	A 40.126.35.128 A 20.190.163.21 A 40.126.35.80 CNAME www.tm.a.prd.aadg.akadns.net A 40.126.35.144 CNAME login.msa.msidentity.com A 20.190.163.19 A 40.126.35.151 A 40.126.35.86 CNAME prda.aadg.msidentity.com CNAME www.tm.lg.prod.aadmsa.akadns.net A 40.126.35.87	40.126.35.144
lrnnsuooomdtmfsrsee.ntehnbaemrlskeawe.website	A 172.67.216.109 A 104.21.35.91	104.21.35.91
shitcustody.com	A 192.243.59.12 A 192.243.59.20 A 192.243.59.13	192.243.59.13
www.displaynetworkprofit.com	A 192.243.59.12 A 192.243.59.20 A 192.243.59.13	192.243.59.20
www.notorietycheerypositively.com	A 192.243.59.12 A 192.243.59.20 A 192.243.59.13	192.243.59.12
perfectplanned.com	A 192.243.59.12 A 192.243.59.20 A 192.243.59.13	192.243.59.13
t1.daumcdn.net	A 211.231.99.68 CNAME t1-wg2vgaja.kgslb.com	119.207.65.168
tootirrruahapowsadassa.com	A 172.67.218.104 A 104.21.94.22	172.67.218.104
blue-period.net	A 172.67.153.115 A 104.21.74.29	104.21.74.29

IP Address	Status	Action
104.21.94.22	Active	Moloch
117.18.232.200	Active	Moloch
121.53.104.76	Active	Moloch
121.53.201.198	Active	Moloch
121.53.201.236	Active	Moloch
164.124.101.2	Active	Moloch
172.217.161.142	Active	Moloch
172.217.161.168	Active	Moloch
172.67.153.115	Active	Moloch
172.67.216.109	Active	Moloch
192.243.59.12	Active	Moloch
192.243.59.20	Active	Moloch
203.217.238.37	Active	Moloch
211.231.99.68	Active	Moloch
211.249.221.246	Active	Moloch
211.249.222.33	Active	Moloch
213.174.135.3	Active	Moloch
40.126.35.87	Active	Moloch
40.126.52.3	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49180 -> 211.249.221.246:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49166 -> 211.249.222.33:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49182 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49169 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49168 -> 172.217.161.168:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49179 -> 172.217.161.168:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49170 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49171 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49172 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49173 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49178 -> 121.53.201.236:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49176 -> 121.53.201.236:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49175 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49177 -> 121.53.201.236:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49181 -> 211.249.221.246:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49187 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49184 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49174 -> 172.217.161.168:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49190 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49188 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49194 -> 172.217.161.142:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49191 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49202 -> 121.53.201.198:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49193 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49192 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49203 -> 203.217.238.37:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49183 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49195 -> 172.217.161.142:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49185 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49206 -> 192.243.59.20:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49186 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49209 -> 203.217.238.37:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49213 -> 192.243.59.20:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49211 -> 192.243.59.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49214 -> 192.243.59.20:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49189 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49216 -> 192.243.59.20:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49215 -> 192.243.59.20:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49219 -> 211.249.222.33:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49220 -> 121.53.104.76:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49222 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49223 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49224 -> 211.231.99.68:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49198 -> 203.217.238.37:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49197 -> 203.217.238.37:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49234 -> 172.67.153.115:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49201 -> 203.217.238.37:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49233 -> 172.67.153.115:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49225 -> 213.174.135.3:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49226 -> 213.174.135.3:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49241 -> 204.79.197.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49240 -> 204.79.197.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49244 -> 204.79.197.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49245 -> 204.79.197.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49210 -> 203.217.238.37:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49254 -> 40.126.35.87:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49229 -> 192.243.59.20:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49199 -> 203.217.238.37:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49200 -> 203.217.238.37:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49239 -> 104.21.94.22:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49205 -> 121.53.201.198:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49253 -> 40.126.35.87:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49251 -> 204.79.197.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49212 -> 192.243.59.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49250 -> 40.126.52.3:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49204 -> 192.243.59.20:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49208 -> 203.217.238.37:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49257 -> 117.18.232.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49218 -> 211.249.222.33:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49221 -> 121.53.104.76:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49227 -> 213.174.135.3:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49230 -> 192.243.59.20:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49235 -> 172.67.216.109:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49238 -> 104.21.94.22:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49247 -> 204.79.197.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49236 -> 172.67.216.109:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49249 -> 40.126.52.3:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49248 -> 204.79.197.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49252 -> 204.79.197.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 117.18.232.200:443 -> 192.168.56.102:49259	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.102:49258 -> 117.18.232.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 211.249.222.33:80 -> 192.168.56.102:49165	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49180 211.249.221.246:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.kakao.com	9d:35:ac:0f:7a:58:0e:f7:fb:a1:27:2d:52:d7:7a:36:b0:a6:f9:50
TLSv1 192.168.56.102:49166 211.249.222.33:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.tistory.com	97:1b:25:dd:7e:6d:b3:03:fb:83:86:4d:44:99:44:59:f0:33:c4:3e
TLSv1 192.168.56.102:49182 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49169 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49168 172.217.161.168:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com	3e:dc:81:ef:85:60:13:ff:60:29:a2:bd:22:0b:1a:21:25:92:1d:b8
TLSv1 192.168.56.102:49179 172.217.161.168:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com	3e:dc:81:ef:85:60:13:ff:60:29:a2:bd:22:0b:1a:21:25:92:1d:b8
TLSv1 192.168.56.102:49170 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49171 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49172 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49173 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49176 121.53.201.236:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49178 121.53.201.236:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49175 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49177 121.53.201.236:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49181 211.249.221.246:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.kakao.com	9d:35:ac:0f:7a:58:0e:f7:fb:a1:27:2d:52:d7:7a:36:b0:a6:f9:50
TLSv1 192.168.56.102:49187 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49184 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49174 172.217.161.168:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com	3e:dc:81:ef:85:60:13:ff:60:29:a2:bd:22:0b:1a:21:25:92:1d:b8
TLSv1 192.168.56.102:49190 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49188 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49194 172.217.161.142:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.google-analytics.com	2b:43:f9:85:29:56:5f:02:6e:64:e5:2c:e9:58:e1:fd:9b:32:69:b1
TLSv1 192.168.56.102:49202 121.53.201.198:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49191 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49193 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49192 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49203 203.217.238.37:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49183 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49195 172.217.161.142:443	C=US, O=Google Trust Services LLC, CN=GTS CA 1C3	CN=*.google-analytics.com	2b:43:f9:85:29:56:5f:02:6e:64:e5:2c:e9:58:e1:fd:9b:32:69:b1
TLSv1 192.168.56.102:49185 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49206 192.243.59.20:443	C=US, O=Let's Encrypt, CN=R3	CN=displaycontentnetwork.com	50:f7:b6:fd:da:97:11:15:78:6d:b3:c7:ae:79:80:d8:e9:70:4a:b9
TLSv1 192.168.56.102:49186 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49209 203.217.238.37:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49213 192.243.59.20:443	C=US, O=Let's Encrypt, CN=R3	CN=shitcustody.com	72:60:df:b1:63:f3:47:58:8b:68:76:a7:67:a9:7f:12:00:41:66:8a
TLSv1 192.168.56.102:49211 192.243.59.12:443	C=US, O=Let's Encrypt, CN=R3	CN=displaynetworkprofit.com	c9:30:d9:07:80:e4:c9:86:8d:d6:7b:50:f0:61:58:21:e9:ed:f8:81
TLSv1 192.168.56.102:49214 192.243.59.20:443	C=US, O=Let's Encrypt, CN=R3	CN=shitcustody.com	72:60:df:b1:63:f3:47:58:8b:68:76:a7:67:a9:7f:12:00:41:66:8a
TLSv1 192.168.56.102:49189 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49216 192.243.59.20:443	C=US, O=Let's Encrypt, CN=R3	CN=perfectplanned.com	07:59:88:dc:76:7a:d2:65:5d:04:26:5a:8f:a9:d5:47:86:f8:84:3c
TLSv1 192.168.56.102:49215 192.243.59.20:443	C=US, O=Let's Encrypt, CN=R3	CN=perfectplanned.com	07:59:88:dc:76:7a:d2:65:5d:04:26:5a:8f:a9:d5:47:86:f8:84:3c
TLSv1 192.168.56.102:49219 211.249.222.33:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.tistory.com	97:1b:25:dd:7e:6d:b3:03:fb:83:86:4d:44:99:44:59:f0:33:c4:3e
TLSv1 192.168.56.102:49220 121.53.104.76:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=webid.kakao.com	cd:c3:bd:f5:8b:dc:27:3b:a4:60:3f:25:7d:be:69:79:c7:2f:4f:6d
TLSv1 192.168.56.102:49222 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49223 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49224 211.231.99.68:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49198 203.217.238.37:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49197 203.217.238.37:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49234 172.67.153.115:443	C=US, O=Let's Encrypt, CN=R3	CN=*.blue-period.net	96:b3:76:d7:ef:67:57:c5:28:cb:8a:19:90:6b:7c:51:36:43:10:a0
TLSv1 192.168.56.102:49201 203.217.238.37:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49233 172.67.153.115:443	C=US, O=Let's Encrypt, CN=R3	CN=*.blue-period.net	96:b3:76:d7:ef:67:57:c5:28:cb:8a:19:90:6b:7c:51:36:43:10:a0
TLSv1 192.168.56.102:49225 213.174.135.3:443	C=US, O=Let's Encrypt, CN=R3	CN=cdn.cloudimagesb.com	23:5f:b5:49:87:82:29:bc:9c:9b:ae:3d:27:73:6f:80:53:55:ee:bc
TLSv1 192.168.56.102:49226 213.174.135.3:443	C=US, O=Let's Encrypt, CN=R3	CN=cdn.cloudimagesb.com	23:5f:b5:49:87:82:29:bc:9c:9b:ae:3d:27:73:6f:80:53:55:ee:bc
TLSv1 192.168.56.102:49241 204.79.197.200:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02	CN=www.bing.com	e6:d6:8f:e4:5e:31:2c:7f:a5:1a:6c:d5:bb:5c:15:c6:54:47:bf:47
TLSv1 192.168.56.102:49240 204.79.197.200:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02	CN=www.bing.com	e6:d6:8f:e4:5e:31:2c:7f:a5:1a:6c:d5:bb:5c:15:c6:54:47:bf:47
TLSv1 192.168.56.102:49244 204.79.197.200:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02	CN=www.bing.com	e6:d6:8f:e4:5e:31:2c:7f:a5:1a:6c:d5:bb:5c:15:c6:54:47:bf:47
TLSv1 192.168.56.102:49245 204.79.197.200:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02	CN=www.bing.com	e6:d6:8f:e4:5e:31:2c:7f:a5:1a:6c:d5:bb:5c:15:c6:54:47:bf:47
TLSv1 192.168.56.102:49210 203.217.238.37:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49254 40.126.35.87:443	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=graph.windows.net	a9:8f:a7:dc:ab:20:ae:e0:86:20:34:4a:fc:d6:1e:6d:de:a9:45:75
TLSv1 192.168.56.102:49229 192.243.59.20:443	C=US, O=Let's Encrypt, CN=R3	CN=notorietycheerypositively.com	ff:96:bf:6c:27:b5:7a:38:54:51:f5:7f:0b:bf:2e:e7:ab:39:aa:9b
TLSv1 192.168.56.102:49199 203.217.238.37:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49200 203.217.238.37:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49239 104.21.94.22:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	7c:d3:63:d6:73:77:09:13:7a:43:c3:09:90:c4:66:17:64:41:3d:7e
TLSv1 192.168.56.102:49205 121.53.201.198:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49253 40.126.35.87:443	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=graph.windows.net	a9:8f:a7:dc:ab:20:ae:e0:86:20:34:4a:fc:d6:1e:6d:de:a9:45:75
TLSv1 192.168.56.102:49251 204.79.197.200:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02	CN=www.bing.com	e6:d6:8f:e4:5e:31:2c:7f:a5:1a:6c:d5:bb:5c:15:c6:54:47:bf:47
TLSv1 192.168.56.102:49212 192.243.59.12:443	C=US, O=Let's Encrypt, CN=R3	CN=displaynetworkprofit.com	c9:30:d9:07:80:e4:c9:86:8d:d6:7b:50:f0:61:58:21:e9:ed:f8:81
TLSv1 192.168.56.102:49250 40.126.52.3:443	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=stamp2.login.microsoftonline.com	de:dd:3b:3d:85:a0:f1:06:e2:75:76:3c:8d:12:93:4c:ef:32:50:22
TLSv1 192.168.56.102:49204 192.243.59.20:443	C=US, O=Let's Encrypt, CN=R3	CN=displaycontentnetwork.com	50:f7:b6:fd:da:97:11:15:78:6d:b3:c7:ae:79:80:d8:e9:70:4a:b9
TLSv1 192.168.56.102:49208 203.217.238.37:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.102:49218 211.249.222.33:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.tistory.com	97:1b:25:dd:7e:6d:b3:03:fb:83:86:4d:44:99:44:59:f0:33:c4:3e
TLSv1 192.168.56.102:49221 121.53.104.76:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=webid.kakao.com	cd:c3:bd:f5:8b:dc:27:3b:a4:60:3f:25:7d:be:69:79:c7:2f:4f:6d
TLSv1 192.168.56.102:49227 213.174.135.3:443	C=US, O=Let's Encrypt, CN=R3	CN=cdn.cloudimagesb.com	23:5f:b5:49:87:82:29:bc:9c:9b:ae:3d:27:73:6f:80:53:55:ee:bc
TLSv1 192.168.56.102:49230 192.243.59.20:443	C=US, O=Let's Encrypt, CN=R3	CN=notorietycheerypositively.com	ff:96:bf:6c:27:b5:7a:38:54:51:f5:7f:0b:bf:2e:e7:ab:39:aa:9b
TLSv1 192.168.56.102:49235 172.67.216.109:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	3f:84:58:f3:7c:51:a8:27:14:50:da:b3:e2:6c:58:9e:4c:d4:5d:fd
TLSv1 192.168.56.102:49238 104.21.94.22:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	7c:d3:63:d6:73:77:09:13:7a:43:c3:09:90:c4:66:17:64:41:3d:7e
TLSv1 192.168.56.102:49247 204.79.197.200:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02	CN=www.bing.com	e6:d6:8f:e4:5e:31:2c:7f:a5:1a:6c:d5:bb:5c:15:c6:54:47:bf:47
TLSv1 192.168.56.102:49236 172.67.216.109:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	3f:84:58:f3:7c:51:a8:27:14:50:da:b3:e2:6c:58:9e:4c:d4:5d:fd
TLSv1 192.168.56.102:49249 40.126.52.3:443	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=stamp2.login.microsoftonline.com	de:dd:3b:3d:85:a0:f1:06:e2:75:76:3c:8d:12:93:4c:ef:32:50:22
TLSv1 192.168.56.102:49248 204.79.197.200:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02	CN=www.bing.com	e6:d6:8f:e4:5e:31:2c:7f:a5:1a:6c:d5:bb:5c:15:c6:54:47:bf:47
TLSv1 192.168.56.102:49252 204.79.197.200:443	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02	CN=www.bing.com	e6:d6:8f:e4:5e:31:2c:7f:a5:1a:6c:d5:bb:5c:15:c6:54:47:bf:47

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Aug. 6, 2021, 9:01 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd4da49d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff0973c3 ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefda743bf IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7feff0b5295 I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7feff0b2799 Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7feff15af1e Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7feff15b76c NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7feff0b48d6 CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefdba0883 CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefdba0ccd CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefdba0c43 CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefda5a4f0 GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefda6d551 CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefdba347e CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefdba122b CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefdba3542 GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefda6d42d GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefda6d1d6 TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x76e99bd1 TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x76e998da GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefda6d0ab CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefdb93e57 ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefda40106 ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefda40182 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7689652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76fac521 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 42141 exception.address: 0x7fefd4da49d registers.r14: 0 registers.r15: 0 registers.rcx: 106291936 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 106297888 registers.r11: 106293696 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1902062702 registers.r13: 0	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

Aug. 6, 2021, 9:01 a.m.

stacktrace:

RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd4da49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff0973c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefda743bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7feff0b5295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7feff0b2799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7feff15af1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7feff15b76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7feff0b48d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefdba0883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefdba0ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefdba0c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefda5a4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefda6d551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefdba347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefdba122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefdba3542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefda6d42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefda6d1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x76e99bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x76e998da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefda6d0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefdb93e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefda40106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefda40182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7689652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76fac521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefd4da49d
registers.r14: 0
registers.r15: 0
registers.rcx: 106291936
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 106297888
registers.r11: 106293696
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1902062702
registers.r13: 0

Performs some HTTP requests (50 out of 107 events)

request	GET http://lunasier.tistory.com/
request	GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
request	GET https://lunasier.tistory.com/
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/style/content/font.css?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://t1.daumcdn.net/tistory_admin/lib/jquery/jquery-3.2.1.min.js
request	GET https://t1.daumcdn.net/tistory_admin/lib/lightbox/css/lightbox.min.css
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/plugins/A_ShareEntryWithSNS/script/shareEntryWithSNS.js?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/style/content/content.css?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://tistory3.daumcdn.net/tistory/1764101/skin/style.css?_T_=1614007273
request	GET https://tistory3.daumcdn.net/tistory/1764101/skin/images/font.css
request	GET https://developers.kakao.com/sdk/js/kakao.min.js
request	GET https://t1.daumcdn.net/tistory_admin/lib/lightbox/js/lightbox-plus-jquery.min.js
request	GET https://www.googletagmanager.com/gtag/js?id=<!--%20Global%20site%20tag%20(gtag.js)%20-%20Google%20Analytics%20-->%20<script%20async%20src=
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/plugins/A_ShareEntryWithSNS/css/shareEntryWithSNS.css?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/plugins/TistoryProfileLayer/profile.js?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/plugins/TistoryProfileLayer/style.css?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/script/reaction/reaction-button-container.min.js?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/style/postBtn.css?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/style/component/tistory.css?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/script/blog/common.js?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://t1.daumcdn.net/tistory_admin/static/manage/images/r3/default_L.png
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/style/dialog.css?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://t1.daumcdn.net/tistory_admin/www/style/top/font.css
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/script/_/base.js?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://www.google-analytics.com/analytics.js
request	GET https://t1.daumcdn.net/tistory_admin/static/font/notokr-regular.woff
request	GET https://t1.daumcdn.net/tistory_admin/static/font/notokr-demilight.woff
request	GET https://t1.daumcdn.net/tistory_admin/static/font/notokr-bold.woff
request	GET https://www.google-analytics.com/collect?v=1&_v=j92&a=615805848&t=pageview&_s=2&dl=https%3A%2F%2Flunasier.tistory.com%2F&ul=ko&de=utf-8&dt=Classic%20Music%20Blog&sd=24-bit&sr=1365x1024&vp=1365x899&je=1&fl=13.0%20r0&_u=aEBAAUAAAAAAAC~&jid=&gjid=&cid=34757020.1628208043&tid=UA-177636778-1&_gid=1079904910.1628208043&gtm=2ou840&z=1674620756
request	GET https://www.google-analytics.com/collect?v=1&_v=j92&a=615805848&t=pageview&_s=3&dl=https%3A%2F%2Flunasier.tistory.com%2F&ul=ko&de=utf-8&dt=Classic%20Music%20Blog&sd=24-bit&sr=1365x1024&vp=1365x899&je=1&fl=13.0%20r0&_u=aEBAAUAAAAAAAC~&jid=&gjid=&cid=34757020.1628208043&tid=UA-177636778-1&_gid=1079904910.1628208043&gtm=2ou840&z=78411160
request	GET https://www.google-analytics.com/collect?v=1&_v=j92&a=615805848&t=pageview&_s=4&dl=https%3A%2F%2Flunasier.tistory.com%2F&ul=ko&de=utf-8&dt=Classic%20Music%20Blog&sd=24-bit&sr=1365x1024&vp=1365x899&je=1&fl=13.0%20r0&_u=aEBAAUAAAAAAAC~&jid=&gjid=&cid=34757020.1628208043&tid=UA-177636778-1&_gid=1079904910.1628208043&gtm=2ou840&z=1374833962
request	GET https://tistory3.daumcdn.net/tistory/1764101/skin/images/script.js
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/plugins/PreventCopyContents/js/functions.js?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://t1.daumcdn.net/tiara/js/v1/tiara.min.js
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/script/tiara/tiara.min.js?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://t1.daumcdn.net/midas/rt/dk_bt/roosevelt_dk_bt.js
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c/blogs/script/menubar.min.js?_version_=tistory-bd96dd17334b8ce2f37206f86a83458bf1d3362c
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/bFXdKP/btqzkapnRPa/FDz4gMa6CWWC5aVmQefIqK/img.jpg
request	GET https://tistory3.daumcdn.net/tistory/1764101/skin/images/ico_skin.gif
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/ba2XgH/btqzk7dUBcT/Q74CxuAxdGQ3TXQJy6UEzK/img.jpg
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/mJlIz/btqzkCyFZE5/ByZYT0GG5gHDWYyEvKyRz0/img.jpg
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/ywmPk/btqzkCk9U4G/71DM6RbXPbMkdTGETMHxV0/img.jpg
request	GET https://search1.daumcdn.net/search/statics/common/js/g/search_dragselection.min.js
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/CjJ87/btqzkRbi3sh/dx4iIMU5WKzfl1kr7DrgRK/img.jpg
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/bEAS4d/btqzl5GtXWe/9nDyJsdbfwKBlsKDkNvW01/img.png
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/cpH90o/btqzkPq2goA/wAq9sMhxCLgc4KKQQpH7O1/img.jpg
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/cbrADS/btqzlkD8JcB/WFosqzKikgGKjpDupBOu8k/img.jpg
request	GET https://www.displaycontentnetwork.com/b7a617d584d3e0d6a3d2687143bc217d/invoke.js
request	GET https://www.displaynetworkprofit.com/b7a617d584d3e0d6a3d2687143bc217d/invoke.js
request	GET https://shitcustody.com/watch.94586623740?key=b7a617d584d3e0d6a3d2687143bc217d&kw=%5B%22classic%22%2C%22music%22%2C%22blog%22%5D&refer=https%3A%2F%2Flunasier.tistory.com%2F&tz=9&dev=r&res=12.0&uuid=

Sends data using the HTTP POST Method (3 events)

request	POST https://www.bing.com/fd/ls/lsp.aspx?
request	POST https://www.bing.com/orgid/idtoken/conditional
request	POST https://www.bing.com/fd/ls/lsp.aspx

Allocates read-write-execute memory (usually to unpack itself) (50 out of 57 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 region_size: 3870720 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002d70000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003120000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ef1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ef1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ef1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ef1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ef1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ef1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e9d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ec2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ea4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ec2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefc095000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefc095000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007feff214000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefd901000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e8a000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003240000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa6b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef6449000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9:01 a.m.	process_identifier: 1628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef0b99000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 region_size: 13504512 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002e60000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003b40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ef1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ef1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ef1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ef1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ef1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ef1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e9d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ec2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ea4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076ec2000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefc095000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefc095000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007feff214000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefd901000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e8a000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e8f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e8d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e8b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076896000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076fc6000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076891000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e90000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e8a000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076f9f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076fab000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefdb87000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007feff1b4000 process_handle: 0xffffffffffffffff	1

An application raised an exception which may be indicative of an exploit crash (2 events)

Time & API	Arguments	Status	Return	Repeated
Application Crash	Process iexplore.exe with pid 1628 crashed
__exception__ Aug. 6, 2021, 9:01 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd4da49d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff0973c3 ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefda743bf IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7feff0b5295 I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7feff0b2799 Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7feff15af1e Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7feff15b76c NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7feff0b48d6 CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefdba0883 CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefdba0ccd CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefdba0c43 CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefda5a4f0 GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefda6d551 CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefdba347e CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefdba122b CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefdba3542 GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefda6d42d GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefda6d1d6 TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x76e99bd1 TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x76e998da GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefda6d0ab CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefdb93e57 ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefda40106 ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefda40182 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7689652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76fac521 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 42141 exception.address: 0x7fefd4da49d registers.r14: 0 registers.r15: 0 registers.rcx: 106291936 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 106297888 registers.r11: 106293696 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1902062702 registers.r13: 0	1	0	0

Application Crash

Process iexplore.exe with pid 1628 crashed

Time & API

Arguments

Status

Return

Repeated

__exception__

Aug. 6, 2021, 9:01 a.m.

stacktrace:

RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd4da49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff0973c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefda743bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7feff0b5295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7feff0b2799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7feff15af1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7feff15b76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7feff0b48d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefdba0883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefdba0ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefdba0c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefda5a4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefda6d551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefdba347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefdba122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefdba3542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefda6d42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefda6d1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x76e99bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x76e998da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefda6d0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefdb93e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefda40106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefda40182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7689652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76fac521

Creates executable files on the filesystem (37 events)

file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\tiara.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\shareEntryWithSNS[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\kakao.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\FvkosEDIbuCPhD1mwLAN-LJ7Coc.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\MstqcgNaYngCBavkktAoSE0--po.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\profile[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\T_fuRJ5ONhzzZUcXzufvynXGXyQ.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\svI82uPNFRD54V4bMLaeahXQXBI.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\fMuh8wiVQ9NA2v64X1n7XkGl290.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\functions[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\Xp-HPHGHOZznHBwdn7OWdva404Y.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\lightbox-plus-jquery.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\P3LN8DHh0udC9Pbh8UHnw5FJ8R8.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\tiara.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\menubar.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\roosevelt_dk_bt[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\common[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\_ofc7e4WqqkT9lPqQJykFP4vxq4.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\a282eRIAnHsW_URoyogdzsukm_o.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\2ajnlX1juJQ_Nu80sW46BDUL1-A.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\base[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\analytics[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\js[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\js[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\hceflue5sqxkKta9dP3R-IFtPuY.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\search_dragselection.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\swyt_VnIjJDWZW5KEq7a8l_1AEw.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\ozS3T0fsBUPZy4zlY0UX_e0TUwY.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\script[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\MDr1f9aJs4rBVf1F5DAtlALvweY.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\reaction-button-container.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\Dta1_Or8JEDr20O5LJEJy7sv1z0.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\RXZtj0lYpFm5XDPMpuGSsNG8i9I.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\j3Kkjh6KludSBEslTlW2x1z0-Uw.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\eaMqCdNxIXjLc0ATep7tsFkfmSA.gz[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\jquery-3.2.1.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\6sxhavkE4_SZHA_K4rwWmg67vF0.gz[1].js

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Aug. 6, 2021, 9 a.m.	process_identifier: 2172 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x000007fffef60000 process_handle: 0xffffffffffffffff	1	0	0

Yara rule detected in process memory (8 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1628 CREDAT:145409

Communicates with host for which no DNS query was performed (1 event)

host

117.18.232.200

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 1628 resumed a thread in remote process 2172
NtResumeThread Aug. 6, 2021, 9 a.m.	thread_handle: 0x000000000000032c suspend_count: 1 process_identifier: 2172	1	0	0

http://lunasier.tistory.com/

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All