Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 1, 2021, 10:25 a.m.	Nov. 1, 2021, 10:30 a.m.

Size	1.1MB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`af41813cc051b8d0c9c418e99ba345c6`
SHA256	`2b29c80a4829d3dc816b99606aa5aeead3533d24137f79b5c9a8407957e97b10`
CRC32	`012BCC65`
ssdeep	`24576:h+5jq+9BGqWeU33V8V0HmkKaH1S2807SPFL3EOGTWqG5QVEzAJ24GOy2irA8+fj7:h+keU33V8V0HmkKaH1S277SPFL3EOGTZ`
Yara	Malicious_Packer_Zero - Malicious Packer IsPE64 - (no description) PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,DllGetClassObject
2776
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,DllGetClassObject
  1572
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,DllMain
1224
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,DllMain
  2144
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,DllRegisterServer
2056
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,DllRegisterServer
  540
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,DllUnregisterServer
668
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,DllUnregisterServer
  2888
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,StartW
2312
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,StartW
  1632
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_codec_set_threads
900
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_codec_set_threads
  2764
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_create_compress
2388
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_create_compress
  620
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_create_decompress
1760
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_create_decompress
  2256
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_decode
2852
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_decode
  2532
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_decode_tile_data
2356
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_decode_tile_data
  3120
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_destroy_codec
3164
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_destroy_codec
  3380
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_destroy_cstr_index
3300
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_destroy_cstr_index
  3420
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_destroy_cstr_info
3472
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_destroy_cstr_info
  3720
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_dump_codec
3636
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_dump_codec
  3824
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_encode
3892
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_encode
  2032
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_encoder_set_extra_options
4060
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_encoder_set_extra_options
  2972
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_end_compress
2548
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_end_compress
  3312
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_end_decompress
2620
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_end_decompress
  3592
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_get_cstr_index
3588
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_get_cstr_index
  3928
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_get_cstr_info
3864
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_get_cstr_info
  3296
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_get_decoded_tile
1032
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_get_decoded_tile
  3552
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_get_num_cpus
3668
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_get_num_cpus
  3128
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_has_thread_support
2296
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_has_thread_support
  1296
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_image_create
3544
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_image_create
  4140
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_image_data_alloc
4164
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_image_data_alloc
  4560
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_image_data_free
4280
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_image_data_free
  4540
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_image_destroy
4376
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_image_destroy
  4508
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_image_tile_create
4464
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_image_tile_create
  4804
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_read_header
4692
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_read_header
  4884
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_read_tile_header
4780
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_read_tile_header
  5012
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_MCT
4968
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_MCT
  4108
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_decode_area
3336
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_decode_area
  4396
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_decoded_components
4504
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_decoded_components
  4672
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_decoded_resolution_factor
4844
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_decoded_resolution_factor
  4240
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_default_decoder_parameters
4144
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_default_decoder_parameters
  4552
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_default_encoder_parameters
4168
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_default_encoder_parameters
  4604
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_error_handler
4320
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_error_handler
  4640
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_info_handler
4592
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_info_handler
  1472
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_warning_handler
4480
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_set_warning_handler
  4204
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_setup_decoder
4456
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_setup_decoder
  4796
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_setup_encoder
1188
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_setup_encoder
  5196
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_start_compress
5280
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_start_compress
  5488
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_create
5400
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_create
  5652
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_create_default_file_stream
5512
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_create_default_file_stream
  5732
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_create_file_stream
5624
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_create_file_stream
  5940
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_default_create
5780
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_default_create
  6032
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_destroy
5896
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_destroy
  240
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_set_read_function
4580
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_set_read_function
  5156
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_set_seek_function
4924
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_set_seek_function
  5716
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_set_skip_function
5508
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_set_skip_function
  2512
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_set_user_data
5700
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_set_user_data
  5248
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_set_user_data_length
5936
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_set_user_data_length
  2424
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_set_write_function
5144
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_stream_set_write_function
  5460
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_version
1888
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_version
  5504
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_write_tile
4644
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,opj_write_tile
  5564
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\trendmicro2.dll,
2704

Name	Response	Post-Analysis Lookup
nutsstats.com

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (50 out of 55 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:25 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0
IsDebuggerPresent Nov. 1, 2021, 10:26 a.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

One or more processes crashed (26 events)

Time & API	Arguments	Status
__exception__ Nov. 1, 2021, 10:26 a.m.	stacktrace: 0x3fc0030 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c 0xcc000c exception.instruction_r: ac 3c 61 7c 02 2c 20 41 c1 c9 0d 41 01 c1 e2 ed exception.instruction: lodsb al, byte ptr [rsi] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x3fc0030 registers.r14: 1453503984 registers.r15: 0 registers.rcx: 110 registers.rsi: 110 registers.r10: 0 registers.rbx: 66847225 registers.rsp: 72021224 registers.r11: 514 registers.r8: 8791745896708 registers.r9: 0 registers.rdx: 1999578720 registers.r12: 0 registers.rbp: 66846730 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: opj_decode+0x3c opj_get_decoded_tile-0x44 trendmicro2+0x7ad6c @ 0x7fef1a9ad6c rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 83 b8 90 00 00 00 00 75 04 33 c0 eb 2b 48 8b 44 exception.instruction: cmp dword ptr [rax + 0x90], 0 exception.exception_code: 0xc0000005 exception.symbol: opj_decode+0x3c opj_get_decoded_tile-0x44 trendmicro2+0x7ad6c exception.address: 0x7fef1a9ad6c registers.r14: 0 registers.r15: 0 registers.rcx: 983658 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1046848 registers.r11: 1045936 registers.r8: 1294970 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 983658 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 0x3200000744 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x3200000744 registers.r14: 0 registers.r15: 0 registers.rcx: -5681285140311965691 registers.rsi: 0 registers.r10: 0 registers.rbx: 721444 registers.rsp: 719640 registers.r11: 719360 registers.r8: 3255342 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 10 registers.rbp: 3255200 registers.rdi: -1 registers.rax: 721444 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b 0xfffff480e8104d8b exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0xfffff480e8104d8b registers.r14: 0 registers.r15: 0 registers.rcx: 5252755484167068976 registers.rsi: 0 registers.r10: 0 registers.rbx: 524984 registers.rsp: 1178952 registers.r11: 1178656 registers.r8: 2146968 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 10 registers.rbp: 2146832 registers.rdi: -1 registers.rax: 524984 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: opj_destroy_cstr_index+0xe opj_set_MCT-0x32 trendmicro2+0x7b7fe @ 0x7fef1a9b7fe rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 48 83 38 00 74 19 48 8b 44 24 30 48 8b 08 e8 3f exception.instruction: cmp qword ptr [rax], 0 exception.exception_code: 0xc0000005 exception.symbol: opj_destroy_cstr_index+0xe opj_set_MCT-0x32 trendmicro2+0x7b7fe exception.address: 0x7fef1a9b7fe registers.r14: 0 registers.r15: 0 registers.rcx: 721506 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 785200 registers.r11: 784288 registers.r8: 2927666 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 721506 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: opj_destroy_cstr_info+0x19 opj_dump_codec-0x47 trendmicro2+0x7b6d9 @ 0x7fef1a9b6d9 rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 48 83 78 38 00 74 11 48 8b 44 24 30 48 8b 00 48 exception.instruction: cmp qword ptr [rax + 0x38], 0 exception.exception_code: 0xc0000005 exception.symbol: opj_destroy_cstr_info+0x19 opj_dump_codec-0x47 trendmicro2+0x7b6d9 exception.address: 0x7fef1a9b6d9 registers.r14: 0 registers.r15: 0 registers.rcx: 590296 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2030416 registers.r11: 2029504 registers.r8: 2468912 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: -9222246132602634233 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 328182 registers.rsp: 1440840 registers.r11: 1440544 registers.r8: 2409106 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 10 registers.rbp: 2408976 registers.rdi: -1 registers.rax: 328182 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 393756 registers.rsp: 1703000 registers.r11: 1702704 registers.r8: 393852 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 10 registers.rbp: 2408960 registers.rdi: -1 registers.rax: 393756 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 393784 registers.rsp: 1439896 registers.r11: 1439600 registers.r8: 393880 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 10 registers.rbp: 3451824 registers.rdi: -1 registers.rax: 393784 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 459100 registers.rsp: 1768168 registers.r11: 1767872 registers.r8: 459196 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 10 registers.rbp: 1950224 registers.rdi: -1 registers.rax: 459100 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 7226152350895833088 registers.rsi: 0 registers.r10: 0 registers.rbx: 262872 registers.rsp: 2488984 registers.r11: 2488688 registers.r8: 262968 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 10 registers.rbp: 3058576 registers.rdi: -1 registers.rax: 262872 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 281474979357768 registers.rsi: 0 registers.r10: 0 registers.rbx: 262918 registers.rsp: 2619240 registers.r11: 2618944 registers.r8: 1158170 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 10 registers.rbp: 1158032 registers.rdi: -1 registers.rax: 262918 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: opj_get_cstr_info+0x29 opj_get_cstr_index-0x17 trendmicro2+0x7b799 @ 0x7fef1a9b799 rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: ff 90 a0 00 00 00 eb 02 33 c0 48 83 c4 38 c3 cc exception.instruction: call qword ptr [rax + 0xa0] exception.exception_code: 0xc0000005 exception.symbol: opj_get_cstr_info+0x29 opj_get_cstr_index-0x17 trendmicro2+0x7b799 exception.address: 0x7fef1a9b799 registers.r14: 0 registers.r15: 0 registers.rcx: 4294967296 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 982832 registers.r11: 981920 registers.r8: 2540184 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 197316 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: opj_get_decoded_tile+0x41 opj_set_decoded_resolution_factor-0x4f trendmicro2+0x7adf1 @ 0x7fef1a9adf1 rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 83 b8 90 00 00 00 00 75 04 33 c0 eb 33 48 8b 44 exception.instruction: cmp dword ptr [rax + 0x90], 0 exception.exception_code: 0xc0000005 exception.symbol: opj_get_decoded_tile+0x41 opj_set_decoded_resolution_factor-0x4f trendmicro2+0x7adf1 exception.address: 0x7fef1a9adf1 registers.r14: 0 registers.r15: 0 registers.rcx: 524812 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 851600 registers.r11: 850688 registers.r8: 1682478 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 524812 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: opj_image_destroy+0x5e opj_image_tile_create-0x62 trendmicro2+0xbd11e @ 0x7fef1add11e rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 48 83 78 30 00 74 0f 48 8b 44 24 28 48 8b 48 30 exception.instruction: cmp qword ptr [rax + 0x30], 0 exception.exception_code: 0xc0000005 exception.symbol: opj_image_destroy+0x5e opj_image_tile_create-0x62 trendmicro2+0xbd11e exception.address: 0x7fef1add11e registers.r14: 0 registers.r15: 0 registers.rcx: 655942 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2029696 registers.r11: 2028784 registers.r8: 3981976 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 948007721781624832 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: opj_image_tile_create+0x16b opj_has_thread_support-0xf95 trendmicro2+0xbd2eb @ 0x7fef1add2eb rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 8b 44 02 18 89 41 18 8b 44 24 20 48 6b c0 24 48 exception.instruction: mov eax, dword ptr [rdx + rax + 0x18] exception.exception_code: 0xc0000005 exception.symbol: opj_image_tile_create+0x16b opj_has_thread_support-0xf95 trendmicro2+0xbd2eb exception.address: 0x7fef1add2eb registers.r14: 0 registers.r15: 0 registers.rcx: 76262080 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1113072 registers.r11: 582 registers.r8: 1110584 registers.r9: 8 registers.rdx: 4286578688 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 61416 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d 0x300905a4d exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x300905a4d registers.r14: 0 registers.r15: 0 registers.rcx: 590280 registers.rsi: 0 registers.r10: 0 registers.rbx: 590280 registers.rsp: 1242664 registers.r11: 1242368 registers.r8: 3195540 registers.r9: 4286578784 registers.rdx: 8029476550202125665 registers.r12: 10 registers.rbp: 3195408 registers.rdi: -1 registers.rax: 4286578688 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:25 a.m.	stacktrace: opj_read_tile_header+0x73 opj_decode_tile_data-0xad trendmicro2+0x7afa3 @ 0x7fef1a9afa3 rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 83 b8 90 00 00 00 00 75 07 33 c0 e9 86 00 00 00 exception.instruction: cmp dword ptr [rax + 0x90], 0 exception.exception_code: 0xc0000005 exception.symbol: opj_read_tile_header+0x73 opj_decode_tile_data-0xad trendmicro2+0x7afa3 exception.address: 0x7fef1a9afa3 registers.r14: 0 registers.r15: 0 registers.rcx: 1048908 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1244992 registers.r11: 1244080 registers.r8: 1420334 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1048908 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:26 a.m.	stacktrace: opj_set_MCT+0x48 opj_stream_default_create-0x3f718 trendmicro2+0x7b878 @ 0x7fef1a9b878 rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f b7 80 1c 49 00 00 25 00 80 00 00 85 c0 74 1e exception.instruction: movzx eax, word ptr [rax + 0x491c] exception.exception_code: 0xc0000005 exception.symbol: opj_set_MCT+0x48 opj_stream_default_create-0x3f718 trendmicro2+0x7b878 exception.address: 0x7fef1a9b878 registers.r14: 0 registers.r15: 0 registers.rcx: 440 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2161072 registers.r11: 2160160 registers.r8: 3457676 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 459616 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:26 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 66476 registers.rsp: 2095112 registers.r11: 2094816 registers.r8: 66572 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 10 registers.rbp: 2993072 registers.rdi: -1 registers.rax: 66476 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:26 a.m.	stacktrace: opj_get_num_cpus+0x13aae trendmicro2+0xd1d3e @ 0x7fef1af1d3e opj_set_default_decoder_parameters+0x23 opj_setup_decoder-0x5d trendmicro2+0x7aa03 @ 0x7fef1a9aa03 rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f 11 41 a0 0f 29 41 b0 49 ff c9 0f 29 41 c0 0f exception.exception_code: 0xc0000005 exception.symbol: opj_get_num_cpus+0x13aae trendmicro2+0xd1d3e exception.address: 0x7fef1af1d3e registers.r14: 0 registers.r15: 0 registers.rcx: 462944 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2489856 registers.r11: 459600 registers.r8: 8236 registers.r9: 39 registers.rdx: 0 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 459600 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:26 a.m.	stacktrace: opj_get_num_cpus+0x13aa3 trendmicro2+0xd1d33 @ 0x7fef1af1d33 opj_set_default_encoder_parameters+0x27 opj_setup_encoder-0x139 trendmicro2+0x7b327 @ 0x7fef1a9b327 rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 0f 11 41 10 48 81 c1 80 00 00 00 0f 29 41 a0 0f exception.exception_code: 0xc0000005 exception.symbol: opj_get_num_cpus+0x13aa3 trendmicro2+0xd1d33 exception.address: 0x7fef1af1d33 registers.r14: 0 registers.r15: 0 registers.rcx: 528368 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2619424 registers.r11: 525152 registers.r8: 18704 registers.r9: 121 registers.rdx: 0 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 525152 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:26 a.m.	stacktrace: opj_setup_decoder+0x6a opj_codec_set_threads-0x26 trendmicro2+0x7aaca @ 0x7fef1a9aaca rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: ff 50 30 b8 01 00 00 00 eb 02 33 c0 48 83 c4 38 exception.instruction: call qword ptr [rax + 0x30] exception.exception_code: 0xc0000005 exception.symbol: opj_setup_decoder+0x6a opj_codec_set_threads-0x26 trendmicro2+0x7aaca exception.address: 0x7fef1a9aaca registers.r14: 0 registers.r15: 0 registers.rcx: -8410472304114213819 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2488656 registers.r11: 2487744 registers.r8: 770712 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 525136 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:26 a.m.	stacktrace: exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x0 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 66538 registers.rsp: 2293064 registers.r11: 2292768 registers.r8: 3326616 registers.r9: 66634 registers.rdx: 4286578688 registers.r12: 10 registers.rbp: 3326480 registers.rdi: -1 registers.rax: 66538 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:26 a.m.	stacktrace: opj_stream_destroy+0x34 opj_stream_set_read_function-0x3c trendmicro2+0xbb144 @ 0x7fef1adb144 rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: ff 50 08 48 8b 44 24 20 48 8b 48 38 e8 4b 19 00 exception.instruction: call qword ptr [rax + 8] exception.exception_code: 0xc0000005 exception.symbol: opj_stream_destroy+0x34 opj_stream_set_read_function-0x3c trendmicro2+0xbb144 exception.address: 0x7fef1adb144 registers.r14: 0 registers.r15: 0 registers.rcx: 16044301309313058 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2751088 registers.r11: 2750176 registers.r8: 4828186 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 197612 registers.r13: 0	1
__exception__ Nov. 1, 2021, 10:26 a.m.	stacktrace: opj_stream_set_skip_function+0x29 opj_stream_set_seek_function-0x17 trendmicro2+0xbb249 @ 0x7fef1adb249 rundll32+0x2f42 @ 0xff802f42 rundll32+0x3b7a @ 0xff803b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 48 89 48 28 48 83 c4 18 c3 cc cc cc cc cc cc cc exception.instruction: mov qword ptr [rax + 0x28], rcx exception.exception_code: 0xc0000005 exception.symbol: opj_stream_set_skip_function+0x29 opj_stream_set_seek_function-0x17 trendmicro2+0xbb249 exception.address: 0x7fef1adb249 registers.r14: 0 registers.r15: 0 registers.rcx: 4286578688 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2489488 registers.r11: 2488576 registers.r8: 896078 registers.r9: 10 registers.rdx: 4286578688 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 197622 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 110 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 1572 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 1572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 540 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 540 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2144 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2144 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2888 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2888 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 1632 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 1632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2764 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2764 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 620 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 620 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2256 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2256 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2532 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3120 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3380 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3380 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3420 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3420 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3720 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3720 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3824 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3824 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2032 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2032 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2972 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3312 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3312 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3592 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3592 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3928 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3928 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3296 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3552 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3128 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 3128 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 1296 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 1296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 4140 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 4140 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 4508 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000006bac0000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 4508 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 1, 2021, 10:25 a.m.	process_identifier: 2144 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x0000000003bd0000 process_handle: 0xffffffffffffffff	1	0	0

File has been identified by 32 AntiVirus engines on VirusTotal as malicious (32 events)

MicroWorld-eScan	Trojan.GenericKD.37892212
FireEye	Trojan.GenericKD.37892212
ALYac	Trojan.GenericKD.37892212
Cylance	Unsafe
Sangfor	Trojan.Win64.Shelma.ouu
K7AntiVirus	Trojan ( 005899421 )
Alibaba	Trojan:Win64/GenKryptik.006a3e78
K7GW	Trojan ( 005899421 )
CrowdStrike	win/malicious_confidence_100% (W)
Symantec	Trojan.Gen.MBT
ESET-NOD32	Win64/CobaltStrike.Artifact.A
Paloalto	generic.ml
Kaspersky	Trojan.Win64.Shelma.ouu
BitDefender	Trojan.GenericKD.37892212
Avast	Win64:Trojan-gen
Ad-Aware	Trojan.GenericKD.37892212
Sophos	Mal/Generic-S
TrendMicro	Trojan.Win64.BAZARLOADER.SMYXBIMZ
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Trojan.GenericKD.37892212 (B)
Ikarus	Trojan.Win64.Crypt
GData	Trojan.GenericKD.37892212
Webroot	W32.Trojan.FL
Avira	TR/Crypt.Agent.wjsrm
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
McAfee	Artemis!AF41813CC051
MAX	malware (ai score=80)
Malwarebytes	Trojan.Bazar
Fortinet	W64/BazarLoader.AS!tr
AVG	Win64:Trojan-gen
Panda	Trj/CI.A

trendmicro2.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All