Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	Nov. 12, 2021, 9:12 a.m.	Nov. 12, 2021, 9:14 a.m.

Size	6.0KB
Type	HTML document, ASCII text, with very long lines, with CRLF line terminators
MD5	`cf43050494012ba1f8ec57b3d07e070c`
SHA256	`9b3a5b1c64e211c9e523a297db8cb67359301be04035ee9971aab3a5ca349b50`
CRC32	`75D73393`
ssdeep	`192:1QhKCIZWsITd0VTLoYj6EwnH6Z9qYJw+g000000000SAWRYaFu:CsCICgTIx6Dqg/D`
Yara	None matched

iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\test22\AppData\Local\Temp\EYWCET97LV2U.html
1792
- iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1792 CREDAT:145409
  2252
- iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1792 CREDAT:276481
  2504
- iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1792 CREDAT:145417
  1968

Name	Response	Post-Analysis Lookup
tigerdrill.xyz	A 159.223.68.213	159.223.68.213

IP Address	Status	Action
159.223.68.213	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

One or more processes crashed (3 events)

Time & API	Arguments	Status
__exception__ Nov. 12, 2021, 9:05 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdcfa49d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff2373c3 CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7feff8062ba Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7feff2fb949 CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7feff8021d0 DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7feff6bd8a2 ObjectStublessClient5+0x183 IsValidInterface-0x105d ole32+0x31bb3 @ 0x7feff6c1bb3 ObjectStublessClient5+0xf2 IsValidInterface-0x10ee ole32+0x31b22 @ 0x7feff6c1b22 CoMarshalInterface+0x263f ObjectStublessClient5-0x245 ole32+0x317eb @ 0x7feff6c17eb CoMarshalInterface+0x226b ObjectStublessClient5-0x619 ole32+0x31417 @ 0x7feff6c1417 CoSetState+0x45a DcomChannelSetHResult-0x1342 ole32+0x294fa @ 0x7feff6b94fa CoSetState+0x388 DcomChannelSetHResult-0x1414 ole32+0x29428 @ 0x7feff6b9428 CoSetState+0xaa9 DcomChannelSetHResult-0xcf3 ole32+0x29b49 @ 0x7feff6b9b49 CreateExtensionGuidEnumerator+0x366f9 DllInstall-0x28b9b ieframe+0x8a9c1 @ 0x7fef47ba9c1 CreateExtensionGuidEnumerator+0xc0f6 DllInstall-0x5319e ieframe+0x603be @ 0x7fef47903be CreateExtensionGuidEnumerator+0x1052d DllInstall-0x4ed67 ieframe+0x647f5 @ 0x7fef47947f5 CreateExtensionGuidEnumerator+0x104b4 DllInstall-0x4ede0 ieframe+0x6477c @ 0x7fef479477c CreateExtensionGuidEnumerator+0x103e6 DllInstall-0x4eeae ieframe+0x646ae @ 0x7fef47946ae FastMimeGetFileExtension+0xd8c LCIEUnpackString-0xefd8 iertutil+0xc508 @ 0x770bc508 CreateExtensionGuidEnumerator+0x6185 DllInstall-0x5910f ieframe+0x5a44d @ 0x7fef478a44d DllRegisterServer+0x3f3cb CreateExtensionGuidEnumerator-0x1100d ieframe+0x432bb @ 0x7fef47732bb DllRegisterServer+0x557b CreateExtensionGuidEnumerator-0x4ae5d ieframe+0x946b @ 0x7fef473946b CreateExtensionGuidEnumerator+0x8fb DllInstall-0x5e999 ieframe+0x54bc3 @ 0x7fef4784bc3 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x772e652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x7767c521 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x800706ba exception.offset: 42141 exception.address: 0x7fefdcfa49d registers.r14: 0 registers.r15: 0 registers.rcx: 109893024 registers.rsi: 0 registers.r10: 99542800 registers.rbx: 0 registers.rsp: 109902704 registers.r11: 109894784 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1911849979 registers.r13: 0	1
__exception__ Nov. 12, 2021, 9:05 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdcfa49d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff2373c3 CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7feff8062ba Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7feff2fb949 CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7feff8021d0 DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7feff6bd8a2 ObjectStublessClient5+0x88d IsValidInterface-0x953 ole32+0x322bd @ 0x7feff6c22bd ObjectStublessClient5+0xa27 IsValidInterface-0x7b9 ole32+0x32457 @ 0x7feff6c2457 DcomChannelSetHResult+0x27b1 ObjectStublessClient3-0x10a3 ole32+0x2cfed @ 0x7feff6bcfed IERegisterXMLNS+0xaa2f1 mshtml+0x8132e1 @ 0x72c832e1 IERegisterXMLNS+0xa9d52 mshtml+0x812d42 @ 0x72c82d42 CreateHTMLPropertyPage+0x2a43e GetColorValueFromString-0xfabb2 mshtml+0x6141be @ 0x72a841be CreateHTMLPropertyPage+0x650ba GetColorValueFromString-0xbff36 mshtml+0x64ee3a @ 0x72abee3a DllCanUnloadNow+0x4ecdd DllEnumClassObjects-0x19bd73 mshtml+0x44867d @ 0x728b867d MatchExactGetIDsOfNames+0x15bca5 DllGetClassObject-0x147bfb mshtml+0x1ad025 @ 0x7261d025 MatchExactGetIDsOfNames+0x8f40 DllGetClassObject-0x29a960 mshtml+0x5a2c0 @ 0x724ca2c0 MatchExactGetIDsOfNames+0x8ff22 DllGetClassObject-0x21397e mshtml+0xe12a2 @ 0x725512a2 MatchExactGetIDsOfNames+0xafd5f DllGetClassObject-0x1f3b41 mshtml+0x1010df @ 0x725710df DllCanUnloadNow+0x7ee76 DllEnumClassObjects-0x16bbda mshtml+0x478816 @ 0x728e8816 MatchExactGetIDsOfNames+0x107c7a DllGetClassObject-0x19bc26 mshtml+0x158ffa @ 0x725c8ffa MatchExactGetIDsOfNames+0x123f8b DllGetClassObject-0x17f915 mshtml+0x17530b @ 0x725e530b CTravelLog_CreateInstance+0x1478a DllCanUnloadNow-0xedd6a mshtml+0x30bc36 @ 0x7277bc36 CTravelLog_CreateInstance+0x13d49 DllCanUnloadNow-0xee7ab mshtml+0x30b1f5 @ 0x7277b1f5 CTravelLog_CreateInstance+0x16684 DllCanUnloadNow-0xebe70 mshtml+0x30db30 @ 0x7277db30 DllGetClassObject+0x4c17e DllCanUnloadNow-0x3b7d2 jscript9+0x5cd5e @ 0x7fef20dcd5e DllGetClassObject+0x41f1f DllCanUnloadNow-0x45a31 jscript9+0x52aff @ 0x7fef20d2aff DllGetClassObject+0x41e15 DllCanUnloadNow-0x45b3b jscript9+0x529f5 @ 0x7fef20d29f5 JsVarToExtension+0x5d2b DllGetClassObject-0x9795 jscript9+0x744b @ 0x7fef208744b JsVarToExtension+0x5f1e DllGetClassObject-0x95a2 jscript9+0x763e @ 0x7fef208763e JsVarToExtension+0x5e95 DllGetClassObject-0x962b jscript9+0x75b5 @ 0x7fef20875b5 DllUnregisterServer+0x3e4f1 jscript9+0x1316e1 @ 0x7fef21b16e1 DllCanUnloadNow+0x2af34 DllRegisterServer-0x2fd2c jscript9+0xc3464 @ 0x7fef2143464 JsVarToExtension+0x41cc DllGetClassObject-0xb2f4 jscript9+0x58ec @ 0x7fef20858ec JsVarToExtension+0x4137 DllGetClassObject-0xb389 jscript9+0x5857 @ 0x7fef2085857 JsVarToExtension+0x443a DllGetClassObject-0xb086 jscript9+0x5b5a @ 0x7fef2085b5a JsVarToExtension+0x627b DllGetClassObject-0x9245 jscript9+0x799b @ 0x7fef208799b DllCanUnloadNow+0x2aa56 DllRegisterServer-0x3020a jscript9+0xc2f86 @ 0x7fef2142f86 JsVarToExtension+0x41cc DllGetClassObject-0xb2f4 jscript9+0x58ec @ 0x7fef20858ec JsVarToExtension+0x4137 DllGetClassObject-0xb389 jscript9+0x5857 @ 0x7fef2085857 JsVarToExtension+0x443a DllGetClassObject-0xb086 jscript9+0x5b5a @ 0x7fef2085b5a JsVarToExtension+0x43b6 DllGetClassObject-0xb10a jscript9+0x5ad6 @ 0x7fef2085ad6 JsVarToExtension+0x3909 DllGetClassObject-0xbbb7 jscript9+0x5029 @ 0x7fef2085029 DllGetClassObject+0x1405e DllCanUnloadNow-0x738f2 jscript9+0x24c3e @ 0x7fef20a4c3e DllGetClassObject+0x13eb1 DllCanUnloadNow-0x73a9f jscript9+0x24a91 @ 0x7fef20a4a91 DllGetClassObject+0x146a6 DllCanUnloadNow-0x732aa jscript9+0x25286 @ 0x7fef20a5286 MatchExactGetIDsOfNames+0x1c027b DllGetClassObject-0xe3625 mshtml+0x2115fb @ 0x726815fb MatchExactGetIDsOfNames+0x1c015e DllGetClassObject-0xe3742 mshtml+0x2114de @ 0x726814de MatchExactGetIDsOfNames+0x1c08ac DllGetClassObject-0xe2ff4 mshtml+0x211c2c @ 0x72681c2c MatchExactGetIDsOfNames+0x1c0b5b DllGetClassObject-0xe2d45 mshtml+0x211edb @ 0x72681edb CTravelLog_CreateInstance+0x6ff19 DllCanUnloadNow-0x925db mshtml+0x3673c5 @ 0x727d73c5 CTravelLog_CreateInstance+0x12064 DllCanUnloadNow-0xf0490 mshtml+0x309510 @ 0x72779510 CTravelLog_CreateInstance+0x11ee3 DllCanUnloadNow-0xf0611 mshtml+0x30938f @ 0x7277938f CTravelLog_CreateInstance+0x1223f DllCanUnloadNow-0xf02b5 mshtml+0x3096eb @ 0x727796eb CTravelLog_CreateInstance+0x12145 DllCanUnloadNow-0xf03af mshtml+0x3095f1 @ 0x727795f1 CTravelLog_CreateInstance+0x11bff DllCanUnloadNow-0xf08f5 mshtml+0x3090ab @ 0x727790ab CTravelLog_CreateInstance+0x109f4 DllCanUnloadNow-0xf1b00 mshtml+0x307ea0 @ 0x72777ea0 CTravelLog_CreateInstance+0xdb2cf DllCanUnloadNow-0x27225 mshtml+0x3d277b @ 0x7284277b TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77569bd1 TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x775698da CreateExtensionGuidEnumerator+0x37005 DllInstall-0x2828f ieframe+0x8b2cd @ 0x7fef47bb2cd DllRegisterServer+0x33bf4 CreateExtensionGuidEnumerator-0x1c7e4 ieframe+0x37ae4 @ 0x7fef4767ae4 FastMimeGetFileExtension+0x9c53 LCIEUnpackString-0x6111 iertutil+0x153cf @ 0x770c53cf DllRegisterServer+0x14d67 CreateExtensionGuidEnumerator-0x3b671 ieframe+0x18c57 @ 0x7fef4748c57 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x772e652d exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x800706be exception.offset: 42141 exception.address: 0x7fefdcfa49d registers.r14: 0 registers.r15: 0 registers.rcx: 56795376 registers.rsi: 0 registers.r10: 92775776 registers.rbx: 0 registers.rsp: 56819232 registers.r11: 56797136 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1947928750 registers.r13: 0	1
__exception__ Nov. 12, 2021, 9:05 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdcfa49d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff2373c3 CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7feff8062ba Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7feff2fb949 CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7feff8021d0 DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7feff6bd8a2 ObjectStublessClient5+0x183 IsValidInterface-0x105d ole32+0x31bb3 @ 0x7feff6c1bb3 ObjectStublessClient5+0xf2 IsValidInterface-0x10ee ole32+0x31b22 @ 0x7feff6c1b22 CoMarshalInterface+0x263f ObjectStublessClient5-0x245 ole32+0x317eb @ 0x7feff6c17eb CoMarshalInterface+0x226b ObjectStublessClient5-0x619 ole32+0x31417 @ 0x7feff6c1417 CoSetState+0x45a DcomChannelSetHResult-0x1342 ole32+0x294fa @ 0x7feff6b94fa CoSetState+0x388 DcomChannelSetHResult-0x1414 ole32+0x29428 @ 0x7feff6b9428 CoSetState+0xaa9 DcomChannelSetHResult-0xcf3 ole32+0x29b49 @ 0x7feff6b9b49 CoInternetGetSession+0x655b MkParseDisplayNameEx-0x1a711 urlmon+0x55b5f @ 0x76fa5b5f ImportPrivacySettings+0x4017 IEAssociateThreadWithTab-0xa0531 ieframe+0x113417 @ 0x7fef4843417 ImportPrivacySettings+0xa890 IEAssociateThreadWithTab-0x99cb8 ieframe+0x119c90 @ 0x7fef4849c90 ImportPrivacySettings+0x7d103 IEAssociateThreadWithTab-0x27445 ieframe+0x18c503 @ 0x7fef48bc503 ImportPrivacySettings+0x6b111 IEAssociateThreadWithTab-0x39437 ieframe+0x17a511 @ 0x7fef48aa511 ImportPrivacySettings+0x6c023 IEAssociateThreadWithTab-0x38525 ieframe+0x17b423 @ 0x7fef48ab423 ImportPrivacySettings+0x6d680 IEAssociateThreadWithTab-0x36ec8 ieframe+0x17ca80 @ 0x7fef48aca80 IEDisassociateThreadWithTab+0x1485e SoftwareUpdateMessageBox-0x6bdf2 ieframe+0x1c8252 @ 0x7fef48f8252 ImportPrivacySettings+0x71268 IEAssociateThreadWithTab-0x332e0 ieframe+0x180668 @ 0x7fef48b0668 ImportPrivacySettings+0x71927 IEAssociateThreadWithTab-0x32c21 ieframe+0x180d27 @ 0x7fef48b0d27 IEDisassociateThreadWithTab+0x1c4cd SoftwareUpdateMessageBox-0x64183 ieframe+0x1cfec1 @ 0x7fef48ffec1 IEDisassociateThreadWithTab+0x17422 SoftwareUpdateMessageBox-0x6922e ieframe+0x1cae16 @ 0x7fef48fae16 ImportPrivacySettings+0x12fd7 IEAssociateThreadWithTab-0x91571 ieframe+0x1223d7 @ 0x7fef48523d7 ImportPrivacySettings+0x13191 IEAssociateThreadWithTab-0x913b7 ieframe+0x122591 @ 0x7fef4852591 ImportPrivacySettings+0x1324c IEAssociateThreadWithTab-0x912fc ieframe+0x12264c @ 0x7fef485264c CTravelLog_CreateInstance+0x14ee7 DllCanUnloadNow-0xed60d mshtml+0x30c393 @ 0x7277c393 CTravelLog_CreateInstance+0x12644 DllCanUnloadNow-0xefeb0 mshtml+0x309af0 @ 0x72779af0 CTravelLog_CreateInstance+0x161c7 DllCanUnloadNow-0xec32d mshtml+0x30d673 @ 0x7277d673 CTravelLog_CreateInstance+0x2d56d DllCanUnloadNow-0xd4f87 mshtml+0x324a19 @ 0x72794a19 CTravelLog_CreateInstance+0x2d591 DllCanUnloadNow-0xd4f63 mshtml+0x324a3d @ 0x72794a3d CTravelLog_CreateInstance+0x14dc1 DllCanUnloadNow-0xed733 mshtml+0x30c26d @ 0x7277c26d CTravelLog_CreateInstance+0x1223f DllCanUnloadNow-0xf02b5 mshtml+0x3096eb @ 0x727796eb CTravelLog_CreateInstance+0x12145 DllCanUnloadNow-0xf03af mshtml+0x3095f1 @ 0x727795f1 CTravelLog_CreateInstance+0x11bff DllCanUnloadNow-0xf08f5 mshtml+0x3090ab @ 0x727790ab CTravelLog_CreateInstance+0x109f4 DllCanUnloadNow-0xf1b00 mshtml+0x307ea0 @ 0x72777ea0 CTravelLog_CreateInstance+0xdb2cf DllCanUnloadNow-0x27225 mshtml+0x3d277b @ 0x7284277b TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77569bd1 TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x775698da CreateExtensionGuidEnumerator+0x37005 DllInstall-0x2828f ieframe+0x8b2cd @ 0x7fef47bb2cd DllRegisterServer+0x33bf4 CreateExtensionGuidEnumerator-0x1c7e4 ieframe+0x37ae4 @ 0x7fef4767ae4 FastMimeGetFileExtension+0x9c53 LCIEUnpackString-0x6111 iertutil+0x153cf @ 0x770c53cf DllRegisterServer+0x14d67 CreateExtensionGuidEnumerator-0x3b671 ieframe+0x18c57 @ 0x7fef4748c57 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x772e652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x7767c521 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x80010012 exception.offset: 42141 exception.address: 0x7fefdcfa49d registers.r14: 0 registers.r15: 0 registers.rcx: 93491712 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 93519216 registers.r11: 93493472 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1928017692 registers.r13: 0	1

Time & API

Arguments

Status

Return

Repeated

__exception__

Nov. 12, 2021, 9:05 a.m.

stacktrace:

RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdcfa49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff2373c3
CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7feff8062ba
Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7feff2fb949
CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7feff8021d0
DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7feff6bd8a2
ObjectStublessClient5+0x183 IsValidInterface-0x105d ole32+0x31bb3 @ 0x7feff6c1bb3
ObjectStublessClient5+0xf2 IsValidInterface-0x10ee ole32+0x31b22 @ 0x7feff6c1b22
CoMarshalInterface+0x263f ObjectStublessClient5-0x245 ole32+0x317eb @ 0x7feff6c17eb
CoMarshalInterface+0x226b ObjectStublessClient5-0x619 ole32+0x31417 @ 0x7feff6c1417
CoSetState+0x45a DcomChannelSetHResult-0x1342 ole32+0x294fa @ 0x7feff6b94fa
CoSetState+0x388 DcomChannelSetHResult-0x1414 ole32+0x29428 @ 0x7feff6b9428
CoSetState+0xaa9 DcomChannelSetHResult-0xcf3 ole32+0x29b49 @ 0x7feff6b9b49
CreateExtensionGuidEnumerator+0x366f9 DllInstall-0x28b9b ieframe+0x8a9c1 @ 0x7fef47ba9c1
CreateExtensionGuidEnumerator+0xc0f6 DllInstall-0x5319e ieframe+0x603be @ 0x7fef47903be
CreateExtensionGuidEnumerator+0x1052d DllInstall-0x4ed67 ieframe+0x647f5 @ 0x7fef47947f5
CreateExtensionGuidEnumerator+0x104b4 DllInstall-0x4ede0 ieframe+0x6477c @ 0x7fef479477c
CreateExtensionGuidEnumerator+0x103e6 DllInstall-0x4eeae ieframe+0x646ae @ 0x7fef47946ae
FastMimeGetFileExtension+0xd8c LCIEUnpackString-0xefd8 iertutil+0xc508 @ 0x770bc508
CreateExtensionGuidEnumerator+0x6185 DllInstall-0x5910f ieframe+0x5a44d @ 0x7fef478a44d
DllRegisterServer+0x3f3cb CreateExtensionGuidEnumerator-0x1100d ieframe+0x432bb @ 0x7fef47732bb
DllRegisterServer+0x557b CreateExtensionGuidEnumerator-0x4ae5d ieframe+0x946b @ 0x7fef473946b
CreateExtensionGuidEnumerator+0x8fb DllInstall-0x5e999 ieframe+0x54bc3 @ 0x7fef4784bc3
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x772e652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x7767c521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706ba
exception.offset: 42141
exception.address: 0x7fefdcfa49d
registers.r14: 0
registers.r15: 0
registers.rcx: 109893024
registers.rsi: 0
registers.r10: 99542800
registers.rbx: 0
registers.rsp: 109902704
registers.r11: 109894784
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1911849979
registers.r13: 0

__exception__

Nov. 12, 2021, 9:05 a.m.

stacktrace:

RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdcfa49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff2373c3
CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7feff8062ba
Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7feff2fb949
CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7feff8021d0
DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7feff6bd8a2
ObjectStublessClient5+0x88d IsValidInterface-0x953 ole32+0x322bd @ 0x7feff6c22bd
ObjectStublessClient5+0xa27 IsValidInterface-0x7b9 ole32+0x32457 @ 0x7feff6c2457
DcomChannelSetHResult+0x27b1 ObjectStublessClient3-0x10a3 ole32+0x2cfed @ 0x7feff6bcfed
IERegisterXMLNS+0xaa2f1 mshtml+0x8132e1 @ 0x72c832e1
IERegisterXMLNS+0xa9d52 mshtml+0x812d42 @ 0x72c82d42
CreateHTMLPropertyPage+0x2a43e GetColorValueFromString-0xfabb2 mshtml+0x6141be @ 0x72a841be
CreateHTMLPropertyPage+0x650ba GetColorValueFromString-0xbff36 mshtml+0x64ee3a @ 0x72abee3a
DllCanUnloadNow+0x4ecdd DllEnumClassObjects-0x19bd73 mshtml+0x44867d @ 0x728b867d
MatchExactGetIDsOfNames+0x15bca5 DllGetClassObject-0x147bfb mshtml+0x1ad025 @ 0x7261d025
MatchExactGetIDsOfNames+0x8f40 DllGetClassObject-0x29a960 mshtml+0x5a2c0 @ 0x724ca2c0
MatchExactGetIDsOfNames+0x8ff22 DllGetClassObject-0x21397e mshtml+0xe12a2 @ 0x725512a2
MatchExactGetIDsOfNames+0xafd5f DllGetClassObject-0x1f3b41 mshtml+0x1010df @ 0x725710df
DllCanUnloadNow+0x7ee76 DllEnumClassObjects-0x16bbda mshtml+0x478816 @ 0x728e8816
MatchExactGetIDsOfNames+0x107c7a DllGetClassObject-0x19bc26 mshtml+0x158ffa @ 0x725c8ffa
MatchExactGetIDsOfNames+0x123f8b DllGetClassObject-0x17f915 mshtml+0x17530b @ 0x725e530b
CTravelLog_CreateInstance+0x1478a DllCanUnloadNow-0xedd6a mshtml+0x30bc36 @ 0x7277bc36
CTravelLog_CreateInstance+0x13d49 DllCanUnloadNow-0xee7ab mshtml+0x30b1f5 @ 0x7277b1f5
CTravelLog_CreateInstance+0x16684 DllCanUnloadNow-0xebe70 mshtml+0x30db30 @ 0x7277db30
DllGetClassObject+0x4c17e DllCanUnloadNow-0x3b7d2 jscript9+0x5cd5e @ 0x7fef20dcd5e
DllGetClassObject+0x41f1f DllCanUnloadNow-0x45a31 jscript9+0x52aff @ 0x7fef20d2aff
DllGetClassObject+0x41e15 DllCanUnloadNow-0x45b3b jscript9+0x529f5 @ 0x7fef20d29f5
JsVarToExtension+0x5d2b DllGetClassObject-0x9795 jscript9+0x744b @ 0x7fef208744b
JsVarToExtension+0x5f1e DllGetClassObject-0x95a2 jscript9+0x763e @ 0x7fef208763e
JsVarToExtension+0x5e95 DllGetClassObject-0x962b jscript9+0x75b5 @ 0x7fef20875b5
DllUnregisterServer+0x3e4f1 jscript9+0x1316e1 @ 0x7fef21b16e1
DllCanUnloadNow+0x2af34 DllRegisterServer-0x2fd2c jscript9+0xc3464 @ 0x7fef2143464
JsVarToExtension+0x41cc DllGetClassObject-0xb2f4 jscript9+0x58ec @ 0x7fef20858ec
JsVarToExtension+0x4137 DllGetClassObject-0xb389 jscript9+0x5857 @ 0x7fef2085857
JsVarToExtension+0x443a DllGetClassObject-0xb086 jscript9+0x5b5a @ 0x7fef2085b5a
JsVarToExtension+0x627b DllGetClassObject-0x9245 jscript9+0x799b @ 0x7fef208799b
DllCanUnloadNow+0x2aa56 DllRegisterServer-0x3020a jscript9+0xc2f86 @ 0x7fef2142f86
JsVarToExtension+0x41cc DllGetClassObject-0xb2f4 jscript9+0x58ec @ 0x7fef20858ec
JsVarToExtension+0x4137 DllGetClassObject-0xb389 jscript9+0x5857 @ 0x7fef2085857
JsVarToExtension+0x443a DllGetClassObject-0xb086 jscript9+0x5b5a @ 0x7fef2085b5a
JsVarToExtension+0x43b6 DllGetClassObject-0xb10a jscript9+0x5ad6 @ 0x7fef2085ad6
JsVarToExtension+0x3909 DllGetClassObject-0xbbb7 jscript9+0x5029 @ 0x7fef2085029
DllGetClassObject+0x1405e DllCanUnloadNow-0x738f2 jscript9+0x24c3e @ 0x7fef20a4c3e
DllGetClassObject+0x13eb1 DllCanUnloadNow-0x73a9f jscript9+0x24a91 @ 0x7fef20a4a91
DllGetClassObject+0x146a6 DllCanUnloadNow-0x732aa jscript9+0x25286 @ 0x7fef20a5286
MatchExactGetIDsOfNames+0x1c027b DllGetClassObject-0xe3625 mshtml+0x2115fb @ 0x726815fb
MatchExactGetIDsOfNames+0x1c015e DllGetClassObject-0xe3742 mshtml+0x2114de @ 0x726814de
MatchExactGetIDsOfNames+0x1c08ac DllGetClassObject-0xe2ff4 mshtml+0x211c2c @ 0x72681c2c
MatchExactGetIDsOfNames+0x1c0b5b DllGetClassObject-0xe2d45 mshtml+0x211edb @ 0x72681edb
CTravelLog_CreateInstance+0x6ff19 DllCanUnloadNow-0x925db mshtml+0x3673c5 @ 0x727d73c5
CTravelLog_CreateInstance+0x12064 DllCanUnloadNow-0xf0490 mshtml+0x309510 @ 0x72779510
CTravelLog_CreateInstance+0x11ee3 DllCanUnloadNow-0xf0611 mshtml+0x30938f @ 0x7277938f
CTravelLog_CreateInstance+0x1223f DllCanUnloadNow-0xf02b5 mshtml+0x3096eb @ 0x727796eb
CTravelLog_CreateInstance+0x12145 DllCanUnloadNow-0xf03af mshtml+0x3095f1 @ 0x727795f1
CTravelLog_CreateInstance+0x11bff DllCanUnloadNow-0xf08f5 mshtml+0x3090ab @ 0x727790ab
CTravelLog_CreateInstance+0x109f4 DllCanUnloadNow-0xf1b00 mshtml+0x307ea0 @ 0x72777ea0
CTravelLog_CreateInstance+0xdb2cf DllCanUnloadNow-0x27225 mshtml+0x3d277b @ 0x7284277b
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77569bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x775698da
CreateExtensionGuidEnumerator+0x37005 DllInstall-0x2828f ieframe+0x8b2cd @ 0x7fef47bb2cd
DllRegisterServer+0x33bf4 CreateExtensionGuidEnumerator-0x1c7e4 ieframe+0x37ae4 @ 0x7fef4767ae4
FastMimeGetFileExtension+0x9c53 LCIEUnpackString-0x6111 iertutil+0x153cf @ 0x770c53cf
DllRegisterServer+0x14d67 CreateExtensionGuidEnumerator-0x3b671 ieframe+0x18c57 @ 0x7fef4748c57
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x772e652d

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706be
exception.offset: 42141
exception.address: 0x7fefdcfa49d
registers.r14: 0
registers.r15: 0
registers.rcx: 56795376
registers.rsi: 0
registers.r10: 92775776
registers.rbx: 0
registers.rsp: 56819232
registers.r11: 56797136
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1947928750
registers.r13: 0

__exception__

Nov. 12, 2021, 9:05 a.m.

stacktrace:

RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdcfa49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff2373c3
CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7feff8062ba
Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7feff2fb949
CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7feff8021d0
DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7feff6bd8a2
ObjectStublessClient5+0x183 IsValidInterface-0x105d ole32+0x31bb3 @ 0x7feff6c1bb3
ObjectStublessClient5+0xf2 IsValidInterface-0x10ee ole32+0x31b22 @ 0x7feff6c1b22
CoMarshalInterface+0x263f ObjectStublessClient5-0x245 ole32+0x317eb @ 0x7feff6c17eb
CoMarshalInterface+0x226b ObjectStublessClient5-0x619 ole32+0x31417 @ 0x7feff6c1417
CoSetState+0x45a DcomChannelSetHResult-0x1342 ole32+0x294fa @ 0x7feff6b94fa
CoSetState+0x388 DcomChannelSetHResult-0x1414 ole32+0x29428 @ 0x7feff6b9428
CoSetState+0xaa9 DcomChannelSetHResult-0xcf3 ole32+0x29b49 @ 0x7feff6b9b49
CoInternetGetSession+0x655b MkParseDisplayNameEx-0x1a711 urlmon+0x55b5f @ 0x76fa5b5f
ImportPrivacySettings+0x4017 IEAssociateThreadWithTab-0xa0531 ieframe+0x113417 @ 0x7fef4843417
ImportPrivacySettings+0xa890 IEAssociateThreadWithTab-0x99cb8 ieframe+0x119c90 @ 0x7fef4849c90
ImportPrivacySettings+0x7d103 IEAssociateThreadWithTab-0x27445 ieframe+0x18c503 @ 0x7fef48bc503
ImportPrivacySettings+0x6b111 IEAssociateThreadWithTab-0x39437 ieframe+0x17a511 @ 0x7fef48aa511
ImportPrivacySettings+0x6c023 IEAssociateThreadWithTab-0x38525 ieframe+0x17b423 @ 0x7fef48ab423
ImportPrivacySettings+0x6d680 IEAssociateThreadWithTab-0x36ec8 ieframe+0x17ca80 @ 0x7fef48aca80
IEDisassociateThreadWithTab+0x1485e SoftwareUpdateMessageBox-0x6bdf2 ieframe+0x1c8252 @ 0x7fef48f8252
ImportPrivacySettings+0x71268 IEAssociateThreadWithTab-0x332e0 ieframe+0x180668 @ 0x7fef48b0668
ImportPrivacySettings+0x71927 IEAssociateThreadWithTab-0x32c21 ieframe+0x180d27 @ 0x7fef48b0d27
IEDisassociateThreadWithTab+0x1c4cd SoftwareUpdateMessageBox-0x64183 ieframe+0x1cfec1 @ 0x7fef48ffec1
IEDisassociateThreadWithTab+0x17422 SoftwareUpdateMessageBox-0x6922e ieframe+0x1cae16 @ 0x7fef48fae16
ImportPrivacySettings+0x12fd7 IEAssociateThreadWithTab-0x91571 ieframe+0x1223d7 @ 0x7fef48523d7
ImportPrivacySettings+0x13191 IEAssociateThreadWithTab-0x913b7 ieframe+0x122591 @ 0x7fef4852591
ImportPrivacySettings+0x1324c IEAssociateThreadWithTab-0x912fc ieframe+0x12264c @ 0x7fef485264c
CTravelLog_CreateInstance+0x14ee7 DllCanUnloadNow-0xed60d mshtml+0x30c393 @ 0x7277c393
CTravelLog_CreateInstance+0x12644 DllCanUnloadNow-0xefeb0 mshtml+0x309af0 @ 0x72779af0
CTravelLog_CreateInstance+0x161c7 DllCanUnloadNow-0xec32d mshtml+0x30d673 @ 0x7277d673
CTravelLog_CreateInstance+0x2d56d DllCanUnloadNow-0xd4f87 mshtml+0x324a19 @ 0x72794a19
CTravelLog_CreateInstance+0x2d591 DllCanUnloadNow-0xd4f63 mshtml+0x324a3d @ 0x72794a3d
CTravelLog_CreateInstance+0x14dc1 DllCanUnloadNow-0xed733 mshtml+0x30c26d @ 0x7277c26d
CTravelLog_CreateInstance+0x1223f DllCanUnloadNow-0xf02b5 mshtml+0x3096eb @ 0x727796eb
CTravelLog_CreateInstance+0x12145 DllCanUnloadNow-0xf03af mshtml+0x3095f1 @ 0x727795f1
CTravelLog_CreateInstance+0x11bff DllCanUnloadNow-0xf08f5 mshtml+0x3090ab @ 0x727790ab
CTravelLog_CreateInstance+0x109f4 DllCanUnloadNow-0xf1b00 mshtml+0x307ea0 @ 0x72777ea0
CTravelLog_CreateInstance+0xdb2cf DllCanUnloadNow-0x27225 mshtml+0x3d277b @ 0x7284277b
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77569bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x775698da
CreateExtensionGuidEnumerator+0x37005 DllInstall-0x2828f ieframe+0x8b2cd @ 0x7fef47bb2cd
DllRegisterServer+0x33bf4 CreateExtensionGuidEnumerator-0x1c7e4 ieframe+0x37ae4 @ 0x7fef4767ae4
FastMimeGetFileExtension+0x9c53 LCIEUnpackString-0x6111 iertutil+0x153cf @ 0x770c53cf
DllRegisterServer+0x14d67 CreateExtensionGuidEnumerator-0x3b671 ieframe+0x18c57 @ 0x7fef4748c57
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x772e652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x7767c521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80010012
exception.offset: 42141
exception.address: 0x7fefdcfa49d
registers.r14: 0
registers.r15: 0
registers.rcx: 93491712
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 93519216
registers.r11: 93493472
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1928017692
registers.r13: 0

Performs some HTTP requests (1 event)

request

GET http://tigerdrill.xyz/EYWCET97LV2U.cab

Allocates read-write-execute memory (usually to unpack itself) (50 out of 123 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 region_size: 10686464 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003090000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003ac0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000775c1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000775c1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000775c1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000775c1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000775c1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000775c1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007756d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077574000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefc5c5000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefc5c5000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefe0c4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007feff4a1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007755a000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000033b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa7c7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 1792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef7019000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 region_size: 2232320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002620000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002840000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000775c1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000775c1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000775c1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000775c1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000775c1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000775c1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007756d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077574000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077592000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefc5c5000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefc5c5000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefe0c4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007feff4a1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007755a000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007755f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007755d000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007755b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000772e6000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077696000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000772e1000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077560000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007755a000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007766f000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007767b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007feff7e7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefe064000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefe061000 process_handle: 0xffffffffffffffff	1

An application raised an exception which may be indicative of an exploit crash (6 events)

Time & API	Arguments	Status	Return	Repeated
Application Crash	Process iexplore.exe with pid 1792 crashed
Application Crash	Process iexplore.exe with pid 2252 crashed
Application Crash	Process iexplore.exe with pid 2504 crashed
__exception__ Nov. 12, 2021, 9:05 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdcfa49d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff2373c3 CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7feff8062ba Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7feff2fb949 CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7feff8021d0 DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7feff6bd8a2 ObjectStublessClient5+0x183 IsValidInterface-0x105d ole32+0x31bb3 @ 0x7feff6c1bb3 ObjectStublessClient5+0xf2 IsValidInterface-0x10ee ole32+0x31b22 @ 0x7feff6c1b22 CoMarshalInterface+0x263f ObjectStublessClient5-0x245 ole32+0x317eb @ 0x7feff6c17eb CoMarshalInterface+0x226b ObjectStublessClient5-0x619 ole32+0x31417 @ 0x7feff6c1417 CoSetState+0x45a DcomChannelSetHResult-0x1342 ole32+0x294fa @ 0x7feff6b94fa CoSetState+0x388 DcomChannelSetHResult-0x1414 ole32+0x29428 @ 0x7feff6b9428 CoSetState+0xaa9 DcomChannelSetHResult-0xcf3 ole32+0x29b49 @ 0x7feff6b9b49 CreateExtensionGuidEnumerator+0x366f9 DllInstall-0x28b9b ieframe+0x8a9c1 @ 0x7fef47ba9c1 CreateExtensionGuidEnumerator+0xc0f6 DllInstall-0x5319e ieframe+0x603be @ 0x7fef47903be CreateExtensionGuidEnumerator+0x1052d DllInstall-0x4ed67 ieframe+0x647f5 @ 0x7fef47947f5 CreateExtensionGuidEnumerator+0x104b4 DllInstall-0x4ede0 ieframe+0x6477c @ 0x7fef479477c CreateExtensionGuidEnumerator+0x103e6 DllInstall-0x4eeae ieframe+0x646ae @ 0x7fef47946ae FastMimeGetFileExtension+0xd8c LCIEUnpackString-0xefd8 iertutil+0xc508 @ 0x770bc508 CreateExtensionGuidEnumerator+0x6185 DllInstall-0x5910f ieframe+0x5a44d @ 0x7fef478a44d DllRegisterServer+0x3f3cb CreateExtensionGuidEnumerator-0x1100d ieframe+0x432bb @ 0x7fef47732bb DllRegisterServer+0x557b CreateExtensionGuidEnumerator-0x4ae5d ieframe+0x946b @ 0x7fef473946b CreateExtensionGuidEnumerator+0x8fb DllInstall-0x5e999 ieframe+0x54bc3 @ 0x7fef4784bc3 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x772e652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x7767c521 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x800706ba exception.offset: 42141 exception.address: 0x7fefdcfa49d registers.r14: 0 registers.r15: 0 registers.rcx: 109893024 registers.rsi: 0 registers.r10: 99542800 registers.rbx: 0 registers.rsp: 109902704 registers.r11: 109894784 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1911849979 registers.r13: 0	1	0	0
__exception__ Nov. 12, 2021, 9:05 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdcfa49d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff2373c3 CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7feff8062ba Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7feff2fb949 CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7feff8021d0 DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7feff6bd8a2 ObjectStublessClient5+0x88d IsValidInterface-0x953 ole32+0x322bd @ 0x7feff6c22bd ObjectStublessClient5+0xa27 IsValidInterface-0x7b9 ole32+0x32457 @ 0x7feff6c2457 DcomChannelSetHResult+0x27b1 ObjectStublessClient3-0x10a3 ole32+0x2cfed @ 0x7feff6bcfed IERegisterXMLNS+0xaa2f1 mshtml+0x8132e1 @ 0x72c832e1 IERegisterXMLNS+0xa9d52 mshtml+0x812d42 @ 0x72c82d42 CreateHTMLPropertyPage+0x2a43e GetColorValueFromString-0xfabb2 mshtml+0x6141be @ 0x72a841be CreateHTMLPropertyPage+0x650ba GetColorValueFromString-0xbff36 mshtml+0x64ee3a @ 0x72abee3a DllCanUnloadNow+0x4ecdd DllEnumClassObjects-0x19bd73 mshtml+0x44867d @ 0x728b867d MatchExactGetIDsOfNames+0x15bca5 DllGetClassObject-0x147bfb mshtml+0x1ad025 @ 0x7261d025 MatchExactGetIDsOfNames+0x8f40 DllGetClassObject-0x29a960 mshtml+0x5a2c0 @ 0x724ca2c0 MatchExactGetIDsOfNames+0x8ff22 DllGetClassObject-0x21397e mshtml+0xe12a2 @ 0x725512a2 MatchExactGetIDsOfNames+0xafd5f DllGetClassObject-0x1f3b41 mshtml+0x1010df @ 0x725710df DllCanUnloadNow+0x7ee76 DllEnumClassObjects-0x16bbda mshtml+0x478816 @ 0x728e8816 MatchExactGetIDsOfNames+0x107c7a DllGetClassObject-0x19bc26 mshtml+0x158ffa @ 0x725c8ffa MatchExactGetIDsOfNames+0x123f8b DllGetClassObject-0x17f915 mshtml+0x17530b @ 0x725e530b CTravelLog_CreateInstance+0x1478a DllCanUnloadNow-0xedd6a mshtml+0x30bc36 @ 0x7277bc36 CTravelLog_CreateInstance+0x13d49 DllCanUnloadNow-0xee7ab mshtml+0x30b1f5 @ 0x7277b1f5 CTravelLog_CreateInstance+0x16684 DllCanUnloadNow-0xebe70 mshtml+0x30db30 @ 0x7277db30 DllGetClassObject+0x4c17e DllCanUnloadNow-0x3b7d2 jscript9+0x5cd5e @ 0x7fef20dcd5e DllGetClassObject+0x41f1f DllCanUnloadNow-0x45a31 jscript9+0x52aff @ 0x7fef20d2aff DllGetClassObject+0x41e15 DllCanUnloadNow-0x45b3b jscript9+0x529f5 @ 0x7fef20d29f5 JsVarToExtension+0x5d2b DllGetClassObject-0x9795 jscript9+0x744b @ 0x7fef208744b JsVarToExtension+0x5f1e DllGetClassObject-0x95a2 jscript9+0x763e @ 0x7fef208763e JsVarToExtension+0x5e95 DllGetClassObject-0x962b jscript9+0x75b5 @ 0x7fef20875b5 DllUnregisterServer+0x3e4f1 jscript9+0x1316e1 @ 0x7fef21b16e1 DllCanUnloadNow+0x2af34 DllRegisterServer-0x2fd2c jscript9+0xc3464 @ 0x7fef2143464 JsVarToExtension+0x41cc DllGetClassObject-0xb2f4 jscript9+0x58ec @ 0x7fef20858ec JsVarToExtension+0x4137 DllGetClassObject-0xb389 jscript9+0x5857 @ 0x7fef2085857 JsVarToExtension+0x443a DllGetClassObject-0xb086 jscript9+0x5b5a @ 0x7fef2085b5a JsVarToExtension+0x627b DllGetClassObject-0x9245 jscript9+0x799b @ 0x7fef208799b DllCanUnloadNow+0x2aa56 DllRegisterServer-0x3020a jscript9+0xc2f86 @ 0x7fef2142f86 JsVarToExtension+0x41cc DllGetClassObject-0xb2f4 jscript9+0x58ec @ 0x7fef20858ec JsVarToExtension+0x4137 DllGetClassObject-0xb389 jscript9+0x5857 @ 0x7fef2085857 JsVarToExtension+0x443a DllGetClassObject-0xb086 jscript9+0x5b5a @ 0x7fef2085b5a JsVarToExtension+0x43b6 DllGetClassObject-0xb10a jscript9+0x5ad6 @ 0x7fef2085ad6 JsVarToExtension+0x3909 DllGetClassObject-0xbbb7 jscript9+0x5029 @ 0x7fef2085029 DllGetClassObject+0x1405e DllCanUnloadNow-0x738f2 jscript9+0x24c3e @ 0x7fef20a4c3e DllGetClassObject+0x13eb1 DllCanUnloadNow-0x73a9f jscript9+0x24a91 @ 0x7fef20a4a91 DllGetClassObject+0x146a6 DllCanUnloadNow-0x732aa jscript9+0x25286 @ 0x7fef20a5286 MatchExactGetIDsOfNames+0x1c027b DllGetClassObject-0xe3625 mshtml+0x2115fb @ 0x726815fb MatchExactGetIDsOfNames+0x1c015e DllGetClassObject-0xe3742 mshtml+0x2114de @ 0x726814de MatchExactGetIDsOfNames+0x1c08ac DllGetClassObject-0xe2ff4 mshtml+0x211c2c @ 0x72681c2c MatchExactGetIDsOfNames+0x1c0b5b DllGetClassObject-0xe2d45 mshtml+0x211edb @ 0x72681edb CTravelLog_CreateInstance+0x6ff19 DllCanUnloadNow-0x925db mshtml+0x3673c5 @ 0x727d73c5 CTravelLog_CreateInstance+0x12064 DllCanUnloadNow-0xf0490 mshtml+0x309510 @ 0x72779510 CTravelLog_CreateInstance+0x11ee3 DllCanUnloadNow-0xf0611 mshtml+0x30938f @ 0x7277938f CTravelLog_CreateInstance+0x1223f DllCanUnloadNow-0xf02b5 mshtml+0x3096eb @ 0x727796eb CTravelLog_CreateInstance+0x12145 DllCanUnloadNow-0xf03af mshtml+0x3095f1 @ 0x727795f1 CTravelLog_CreateInstance+0x11bff DllCanUnloadNow-0xf08f5 mshtml+0x3090ab @ 0x727790ab CTravelLog_CreateInstance+0x109f4 DllCanUnloadNow-0xf1b00 mshtml+0x307ea0 @ 0x72777ea0 CTravelLog_CreateInstance+0xdb2cf DllCanUnloadNow-0x27225 mshtml+0x3d277b @ 0x7284277b TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77569bd1 TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x775698da CreateExtensionGuidEnumerator+0x37005 DllInstall-0x2828f ieframe+0x8b2cd @ 0x7fef47bb2cd DllRegisterServer+0x33bf4 CreateExtensionGuidEnumerator-0x1c7e4 ieframe+0x37ae4 @ 0x7fef4767ae4 FastMimeGetFileExtension+0x9c53 LCIEUnpackString-0x6111 iertutil+0x153cf @ 0x770c53cf DllRegisterServer+0x14d67 CreateExtensionGuidEnumerator-0x3b671 ieframe+0x18c57 @ 0x7fef4748c57 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x772e652d exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x800706be exception.offset: 42141 exception.address: 0x7fefdcfa49d registers.r14: 0 registers.r15: 0 registers.rcx: 56795376 registers.rsi: 0 registers.r10: 92775776 registers.rbx: 0 registers.rsp: 56819232 registers.r11: 56797136 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1947928750 registers.r13: 0	1	0	0
__exception__ Nov. 12, 2021, 9:05 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefdcfa49d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff2373c3 CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7feff8062ba Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7feff2fb949 CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7feff8021d0 DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7feff6bd8a2 ObjectStublessClient5+0x183 IsValidInterface-0x105d ole32+0x31bb3 @ 0x7feff6c1bb3 ObjectStublessClient5+0xf2 IsValidInterface-0x10ee ole32+0x31b22 @ 0x7feff6c1b22 CoMarshalInterface+0x263f ObjectStublessClient5-0x245 ole32+0x317eb @ 0x7feff6c17eb CoMarshalInterface+0x226b ObjectStublessClient5-0x619 ole32+0x31417 @ 0x7feff6c1417 CoSetState+0x45a DcomChannelSetHResult-0x1342 ole32+0x294fa @ 0x7feff6b94fa CoSetState+0x388 DcomChannelSetHResult-0x1414 ole32+0x29428 @ 0x7feff6b9428 CoSetState+0xaa9 DcomChannelSetHResult-0xcf3 ole32+0x29b49 @ 0x7feff6b9b49 CoInternetGetSession+0x655b MkParseDisplayNameEx-0x1a711 urlmon+0x55b5f @ 0x76fa5b5f ImportPrivacySettings+0x4017 IEAssociateThreadWithTab-0xa0531 ieframe+0x113417 @ 0x7fef4843417 ImportPrivacySettings+0xa890 IEAssociateThreadWithTab-0x99cb8 ieframe+0x119c90 @ 0x7fef4849c90 ImportPrivacySettings+0x7d103 IEAssociateThreadWithTab-0x27445 ieframe+0x18c503 @ 0x7fef48bc503 ImportPrivacySettings+0x6b111 IEAssociateThreadWithTab-0x39437 ieframe+0x17a511 @ 0x7fef48aa511 ImportPrivacySettings+0x6c023 IEAssociateThreadWithTab-0x38525 ieframe+0x17b423 @ 0x7fef48ab423 ImportPrivacySettings+0x6d680 IEAssociateThreadWithTab-0x36ec8 ieframe+0x17ca80 @ 0x7fef48aca80 IEDisassociateThreadWithTab+0x1485e SoftwareUpdateMessageBox-0x6bdf2 ieframe+0x1c8252 @ 0x7fef48f8252 ImportPrivacySettings+0x71268 IEAssociateThreadWithTab-0x332e0 ieframe+0x180668 @ 0x7fef48b0668 ImportPrivacySettings+0x71927 IEAssociateThreadWithTab-0x32c21 ieframe+0x180d27 @ 0x7fef48b0d27 IEDisassociateThreadWithTab+0x1c4cd SoftwareUpdateMessageBox-0x64183 ieframe+0x1cfec1 @ 0x7fef48ffec1 IEDisassociateThreadWithTab+0x17422 SoftwareUpdateMessageBox-0x6922e ieframe+0x1cae16 @ 0x7fef48fae16 ImportPrivacySettings+0x12fd7 IEAssociateThreadWithTab-0x91571 ieframe+0x1223d7 @ 0x7fef48523d7 ImportPrivacySettings+0x13191 IEAssociateThreadWithTab-0x913b7 ieframe+0x122591 @ 0x7fef4852591 ImportPrivacySettings+0x1324c IEAssociateThreadWithTab-0x912fc ieframe+0x12264c @ 0x7fef485264c CTravelLog_CreateInstance+0x14ee7 DllCanUnloadNow-0xed60d mshtml+0x30c393 @ 0x7277c393 CTravelLog_CreateInstance+0x12644 DllCanUnloadNow-0xefeb0 mshtml+0x309af0 @ 0x72779af0 CTravelLog_CreateInstance+0x161c7 DllCanUnloadNow-0xec32d mshtml+0x30d673 @ 0x7277d673 CTravelLog_CreateInstance+0x2d56d DllCanUnloadNow-0xd4f87 mshtml+0x324a19 @ 0x72794a19 CTravelLog_CreateInstance+0x2d591 DllCanUnloadNow-0xd4f63 mshtml+0x324a3d @ 0x72794a3d CTravelLog_CreateInstance+0x14dc1 DllCanUnloadNow-0xed733 mshtml+0x30c26d @ 0x7277c26d CTravelLog_CreateInstance+0x1223f DllCanUnloadNow-0xf02b5 mshtml+0x3096eb @ 0x727796eb CTravelLog_CreateInstance+0x12145 DllCanUnloadNow-0xf03af mshtml+0x3095f1 @ 0x727795f1 CTravelLog_CreateInstance+0x11bff DllCanUnloadNow-0xf08f5 mshtml+0x3090ab @ 0x727790ab CTravelLog_CreateInstance+0x109f4 DllCanUnloadNow-0xf1b00 mshtml+0x307ea0 @ 0x72777ea0 CTravelLog_CreateInstance+0xdb2cf DllCanUnloadNow-0x27225 mshtml+0x3d277b @ 0x7284277b TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x77569bd1 TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x775698da CreateExtensionGuidEnumerator+0x37005 DllInstall-0x2828f ieframe+0x8b2cd @ 0x7fef47bb2cd DllRegisterServer+0x33bf4 CreateExtensionGuidEnumerator-0x1c7e4 ieframe+0x37ae4 @ 0x7fef4767ae4 FastMimeGetFileExtension+0x9c53 LCIEUnpackString-0x6111 iertutil+0x153cf @ 0x770c53cf DllRegisterServer+0x14d67 CreateExtensionGuidEnumerator-0x3b671 ieframe+0x18c57 @ 0x7fef4748c57 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x772e652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x7767c521 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x80010012 exception.offset: 42141 exception.address: 0x7fefdcfa49d registers.r14: 0 registers.r15: 0 registers.rcx: 93491712 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 93519216 registers.r11: 93493472 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1928017692 registers.r13: 0	1	0	0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 12, 2021, 9:05 a.m.	process_identifier: 2252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x000007fffff80000 process_handle: 0xffffffffffffffff	1	0	0

Yara rule detected in process memory (24 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Uses Windows utilities for basic Windows functionality (3 events)

cmdline	"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1792 CREDAT:276481
cmdline	"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1792 CREDAT:145417
cmdline	"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1792 CREDAT:145409

File has been identified by 14 AntiVirus engines on VirusTotal as malicious (14 events)

ALYac	Generic.JS.Downloader.Z.39665A4E
Arcabit	Generic.JS.Downloader.Z.39665A4E
Symantec	Exp.CVE-2021-40444!g1
Kaspersky	HEUR:Exploit.Script.Generic
BitDefender	Generic.JS.Downloader.Z.39665A4E
MicroWorld-eScan	Generic.JS.Downloader.Z.39665A4E
Ad-Aware	Generic.JS.Downloader.Z.39665A4E
FireEye	Generic.JS.Downloader.Z.39665A4E
Emsisoft	Generic.JS.Downloader.Z.39665A4E (B)
Ikarus	Exploit.CVE-2021-40444
ZoneAlarm	HEUR:Exploit.Script.Generic
GData	Generic.JS.Downloader.Z.39665A4E
MAX	malware (ai score=83)
Fortinet	JS/CVE_2021_40444.181B!exploit

Resumed a suspended thread in a remote process potentially indicative of process injection (6 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 1792 resumed a thread in remote process 2252
Process injection	Process 1792 resumed a thread in remote process 2504
Process injection	Process 1792 resumed a thread in remote process 1968
NtResumeThread Nov. 12, 2021, 9:05 a.m.	thread_handle: 0x0000000000000370 suspend_count: 1 process_identifier: 2252	1	0	0
NtResumeThread Nov. 12, 2021, 9:05 a.m.	thread_handle: 0x0000000000000548 suspend_count: 1 process_identifier: 2504	1	0	0
NtResumeThread Nov. 12, 2021, 9:05 a.m.	thread_handle: 0x000000000000054c suspend_count: 1 process_identifier: 1968	1	0	0

EYWCET97LV2U.html

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All