popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

EYWCET97LV2U.html

Malicious Library AntiDebug MSOffice File PNG Format JPEG Format AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Nov. 12, 2021, 9:12 a.m. Nov. 12, 2021, 9:14 a.m.
Size 6.0KB
Type HTML document, ASCII text, with very long lines, with CRLF line terminators
MD5 cf43050494012ba1f8ec57b3d07e070c
SHA256 9b3a5b1c64e211c9e523a297db8cb67359301be04035ee9971aab3a5ca349b50
CRC32 75D73393
ssdeep 192:1QhKCIZWsITd0VTLoYj6EwnH6Z9qYJw+g000000000SAWRYaFu:CsCICgTIx6Dqg/D
Yara None matched

Name Response Post-Analysis Lookup
tigerdrill.xyz
A 159.223.68.213
159.223.68.213
IP Address Status Action
159.223.68.213 Active Moloch
164.124.101.2 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd7da49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdaa73c3
CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7fefdd362ba
Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7fefdb6b949
CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7fefdd321d0
DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7fefdbed8a2
ObjectStublessClient5+0x183 IsValidInterface-0x105d ole32+0x31bb3 @ 0x7fefdbf1bb3
ObjectStublessClient5+0xf2 IsValidInterface-0x10ee ole32+0x31b22 @ 0x7fefdbf1b22
CoMarshalInterface+0x263f ObjectStublessClient5-0x245 ole32+0x317eb @ 0x7fefdbf17eb
CoMarshalInterface+0x226b ObjectStublessClient5-0x619 ole32+0x31417 @ 0x7fefdbf1417
CoSetState+0x45a DcomChannelSetHResult-0x1342 ole32+0x294fa @ 0x7fefdbe94fa
CoSetState+0x388 DcomChannelSetHResult-0x1414 ole32+0x29428 @ 0x7fefdbe9428
CoSetState+0xaa9 DcomChannelSetHResult-0xcf3 ole32+0x29b49 @ 0x7fefdbe9b49
CreateExtensionGuidEnumerator+0x366f9 DllInstall-0x28b9b ieframe+0x8a9c1 @ 0x7fef4b7a9c1
CreateExtensionGuidEnumerator+0xc0f6 DllInstall-0x5319e ieframe+0x603be @ 0x7fef4b503be
CreateExtensionGuidEnumerator+0x1052d DllInstall-0x4ed67 ieframe+0x647f5 @ 0x7fef4b547f5
CreateExtensionGuidEnumerator+0x104b4 DllInstall-0x4ede0 ieframe+0x6477c @ 0x7fef4b5477c
CreateExtensionGuidEnumerator+0x103e6 DllInstall-0x4eeae ieframe+0x646ae @ 0x7fef4b546ae
FastMimeGetFileExtension+0xd8c LCIEUnpackString-0xefd8 iertutil+0xc508 @ 0x76ebc508
CreateExtensionGuidEnumerator+0x6185 DllInstall-0x5910f ieframe+0x5a44d @ 0x7fef4b4a44d
DllRegisterServer+0x3f3cb CreateExtensionGuidEnumerator-0x1100d ieframe+0x432bb @ 0x7fef4b332bb
DllRegisterServer+0x557b CreateExtensionGuidEnumerator-0x4ae5d ieframe+0x946b @ 0x7fef4af946b
CreateExtensionGuidEnumerator+0x8fb DllInstall-0x5e999 ieframe+0x54bc3 @ 0x7fef4b44bc3
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76da652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x770fc521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706ba
exception.offset: 42141
exception.address: 0x7fefd7da49d
registers.r14: 0
registers.r15: 0
registers.rcx: 97178384
registers.rsi: 0
registers.r10: 88749072
registers.rbx: 0
registers.rsp: 97188064
registers.r11: 97180144
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1927997105
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd7da49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdaa73c3
CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7fefdd362ba
Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7fefdb6b949
CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7fefdd321d0
DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7fefdbed8a2
ObjectStublessClient5+0x88d IsValidInterface-0x953 ole32+0x322bd @ 0x7fefdbf22bd
ObjectStublessClient5+0xa27 IsValidInterface-0x7b9 ole32+0x32457 @ 0x7fefdbf2457
DcomChannelSetHResult+0x27b1 ObjectStublessClient3-0x10a3 ole32+0x2cfed @ 0x7fefdbecfed
IERegisterXMLNS+0xaa2f1 mshtml+0x8132e1 @ 0x726832e1
IERegisterXMLNS+0xa9d52 mshtml+0x812d42 @ 0x72682d42
CreateHTMLPropertyPage+0x2a43e GetColorValueFromString-0xfabb2 mshtml+0x6141be @ 0x724841be
CreateHTMLPropertyPage+0x650ba GetColorValueFromString-0xbff36 mshtml+0x64ee3a @ 0x724bee3a
DllCanUnloadNow+0x4ecdd DllEnumClassObjects-0x19bd73 mshtml+0x44867d @ 0x722b867d
MatchExactGetIDsOfNames+0x15bca5 DllGetClassObject-0x147bfb mshtml+0x1ad025 @ 0x7201d025
MatchExactGetIDsOfNames+0x8f40 DllGetClassObject-0x29a960 mshtml+0x5a2c0 @ 0x71eca2c0
MatchExactGetIDsOfNames+0x8ff22 DllGetClassObject-0x21397e mshtml+0xe12a2 @ 0x71f512a2
MatchExactGetIDsOfNames+0xafd5f DllGetClassObject-0x1f3b41 mshtml+0x1010df @ 0x71f710df
DllCanUnloadNow+0x7ee76 DllEnumClassObjects-0x16bbda mshtml+0x478816 @ 0x722e8816
MatchExactGetIDsOfNames+0x107c7a DllGetClassObject-0x19bc26 mshtml+0x158ffa @ 0x71fc8ffa
MatchExactGetIDsOfNames+0x123f8b DllGetClassObject-0x17f915 mshtml+0x17530b @ 0x71fe530b
CTravelLog_CreateInstance+0x1478a DllCanUnloadNow-0xedd6a mshtml+0x30bc36 @ 0x7217bc36
CTravelLog_CreateInstance+0x13d49 DllCanUnloadNow-0xee7ab mshtml+0x30b1f5 @ 0x7217b1f5
CTravelLog_CreateInstance+0x16684 DllCanUnloadNow-0xebe70 mshtml+0x30db30 @ 0x7217db30
DllGetClassObject+0x4c17e DllCanUnloadNow-0x3b7d2 jscript9+0x5cd5e @ 0x7fef1ddcd5e
DllGetClassObject+0x41f1f DllCanUnloadNow-0x45a31 jscript9+0x52aff @ 0x7fef1dd2aff
DllGetClassObject+0x41e15 DllCanUnloadNow-0x45b3b jscript9+0x529f5 @ 0x7fef1dd29f5
JsVarToExtension+0x5d2b DllGetClassObject-0x9795 jscript9+0x744b @ 0x7fef1d8744b
JsVarToExtension+0x5f1e DllGetClassObject-0x95a2 jscript9+0x763e @ 0x7fef1d8763e
JsVarToExtension+0x5e95 DllGetClassObject-0x962b jscript9+0x75b5 @ 0x7fef1d875b5
DllUnregisterServer+0x3e4f1 jscript9+0x1316e1 @ 0x7fef1eb16e1
DllCanUnloadNow+0x2af34 DllRegisterServer-0x2fd2c jscript9+0xc3464 @ 0x7fef1e43464
JsVarToExtension+0x41cc DllGetClassObject-0xb2f4 jscript9+0x58ec @ 0x7fef1d858ec
JsVarToExtension+0x4137 DllGetClassObject-0xb389 jscript9+0x5857 @ 0x7fef1d85857
JsVarToExtension+0x443a DllGetClassObject-0xb086 jscript9+0x5b5a @ 0x7fef1d85b5a
JsVarToExtension+0x627b DllGetClassObject-0x9245 jscript9+0x799b @ 0x7fef1d8799b
DllCanUnloadNow+0x2aa56 DllRegisterServer-0x3020a jscript9+0xc2f86 @ 0x7fef1e42f86
JsVarToExtension+0x41cc DllGetClassObject-0xb2f4 jscript9+0x58ec @ 0x7fef1d858ec
JsVarToExtension+0x4137 DllGetClassObject-0xb389 jscript9+0x5857 @ 0x7fef1d85857
JsVarToExtension+0x443a DllGetClassObject-0xb086 jscript9+0x5b5a @ 0x7fef1d85b5a
JsVarToExtension+0x43b6 DllGetClassObject-0xb10a jscript9+0x5ad6 @ 0x7fef1d85ad6
JsVarToExtension+0x3909 DllGetClassObject-0xbbb7 jscript9+0x5029 @ 0x7fef1d85029
DllGetClassObject+0x1405e DllCanUnloadNow-0x738f2 jscript9+0x24c3e @ 0x7fef1da4c3e
DllGetClassObject+0x13eb1 DllCanUnloadNow-0x73a9f jscript9+0x24a91 @ 0x7fef1da4a91
DllGetClassObject+0x146a6 DllCanUnloadNow-0x732aa jscript9+0x25286 @ 0x7fef1da5286
MatchExactGetIDsOfNames+0x1c027b DllGetClassObject-0xe3625 mshtml+0x2115fb @ 0x720815fb
MatchExactGetIDsOfNames+0x1c015e DllGetClassObject-0xe3742 mshtml+0x2114de @ 0x720814de
MatchExactGetIDsOfNames+0x1c08ac DllGetClassObject-0xe2ff4 mshtml+0x211c2c @ 0x72081c2c
MatchExactGetIDsOfNames+0x1c0b5b DllGetClassObject-0xe2d45 mshtml+0x211edb @ 0x72081edb
CTravelLog_CreateInstance+0x6ff19 DllCanUnloadNow-0x925db mshtml+0x3673c5 @ 0x721d73c5
CTravelLog_CreateInstance+0x12064 DllCanUnloadNow-0xf0490 mshtml+0x309510 @ 0x72179510
CTravelLog_CreateInstance+0x11ee3 DllCanUnloadNow-0xf0611 mshtml+0x30938f @ 0x7217938f
CTravelLog_CreateInstance+0x1223f DllCanUnloadNow-0xf02b5 mshtml+0x3096eb @ 0x721796eb
CTravelLog_CreateInstance+0x12145 DllCanUnloadNow-0xf03af mshtml+0x3095f1 @ 0x721795f1
CTravelLog_CreateInstance+0x11bff DllCanUnloadNow-0xf08f5 mshtml+0x3090ab @ 0x721790ab
CTravelLog_CreateInstance+0x109f4 DllCanUnloadNow-0xf1b00 mshtml+0x307ea0 @ 0x72177ea0
CTravelLog_CreateInstance+0xdb2cf DllCanUnloadNow-0x27225 mshtml+0x3d277b @ 0x7224277b
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x769e9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x769e98da
CreateExtensionGuidEnumerator+0x37005 DllInstall-0x2828f ieframe+0x8b2cd @ 0x7fef4b7b2cd
DllRegisterServer+0x33bf4 CreateExtensionGuidEnumerator-0x1c7e4 ieframe+0x37ae4 @ 0x7fef4b27ae4
FastMimeGetFileExtension+0x9c53 LCIEUnpackString-0x6111 iertutil+0x153cf @ 0x76ec53cf
DllRegisterServer+0x14d67 CreateExtensionGuidEnumerator-0x3b671 ieframe+0x18c57 @ 0x7fef4b08c57
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76da652d

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706be
exception.offset: 42141
exception.address: 0x7fefd7da49d
registers.r14: 0
registers.r15: 0
registers.rcx: 53846608
registers.rsi: 0
registers.r10: 86834528
registers.rbx: 0
registers.rsp: 53870464
registers.r11: 53848368
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1947571652
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd7da49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdaa73c3
CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7fefdd362ba
Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7fefdb6b949
CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7fefdd321d0
DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7fefdbed8a2
ObjectStublessClient5+0x183 IsValidInterface-0x105d ole32+0x31bb3 @ 0x7fefdbf1bb3
ObjectStublessClient5+0xf2 IsValidInterface-0x10ee ole32+0x31b22 @ 0x7fefdbf1b22
CoMarshalInterface+0x263f ObjectStublessClient5-0x245 ole32+0x317eb @ 0x7fefdbf17eb
CoMarshalInterface+0x226b ObjectStublessClient5-0x619 ole32+0x31417 @ 0x7fefdbf1417
CoSetState+0x45a DcomChannelSetHResult-0x1342 ole32+0x294fa @ 0x7fefdbe94fa
CoSetState+0x388 DcomChannelSetHResult-0x1414 ole32+0x29428 @ 0x7fefdbe9428
CoSetState+0xaa9 DcomChannelSetHResult-0xcf3 ole32+0x29b49 @ 0x7fefdbe9b49
CoInternetGetSession+0x655b MkParseDisplayNameEx-0x1a711 urlmon+0x55b5f @ 0x76c85b5f
ImportPrivacySettings+0x4017 IEAssociateThreadWithTab-0xa0531 ieframe+0x113417 @ 0x7fef4c03417
ImportPrivacySettings+0xa890 IEAssociateThreadWithTab-0x99cb8 ieframe+0x119c90 @ 0x7fef4c09c90
ImportPrivacySettings+0x7d103 IEAssociateThreadWithTab-0x27445 ieframe+0x18c503 @ 0x7fef4c7c503
ImportPrivacySettings+0x6b111 IEAssociateThreadWithTab-0x39437 ieframe+0x17a511 @ 0x7fef4c6a511
ImportPrivacySettings+0x6c023 IEAssociateThreadWithTab-0x38525 ieframe+0x17b423 @ 0x7fef4c6b423
ImportPrivacySettings+0x6d680 IEAssociateThreadWithTab-0x36ec8 ieframe+0x17ca80 @ 0x7fef4c6ca80
IEDisassociateThreadWithTab+0x1485e SoftwareUpdateMessageBox-0x6bdf2 ieframe+0x1c8252 @ 0x7fef4cb8252
ImportPrivacySettings+0x71268 IEAssociateThreadWithTab-0x332e0 ieframe+0x180668 @ 0x7fef4c70668
ImportPrivacySettings+0x71927 IEAssociateThreadWithTab-0x32c21 ieframe+0x180d27 @ 0x7fef4c70d27
IEDisassociateThreadWithTab+0x1c4cd SoftwareUpdateMessageBox-0x64183 ieframe+0x1cfec1 @ 0x7fef4cbfec1
IEDisassociateThreadWithTab+0x17422 SoftwareUpdateMessageBox-0x6922e ieframe+0x1cae16 @ 0x7fef4cbae16
ImportPrivacySettings+0x12fd7 IEAssociateThreadWithTab-0x91571 ieframe+0x1223d7 @ 0x7fef4c123d7
ImportPrivacySettings+0x13191 IEAssociateThreadWithTab-0x913b7 ieframe+0x122591 @ 0x7fef4c12591
ImportPrivacySettings+0x1324c IEAssociateThreadWithTab-0x912fc ieframe+0x12264c @ 0x7fef4c1264c
CTravelLog_CreateInstance+0x14ee7 DllCanUnloadNow-0xed60d mshtml+0x30c393 @ 0x7217c393
CTravelLog_CreateInstance+0x12644 DllCanUnloadNow-0xefeb0 mshtml+0x309af0 @ 0x72179af0
CTravelLog_CreateInstance+0x161c7 DllCanUnloadNow-0xec32d mshtml+0x30d673 @ 0x7217d673
CTravelLog_CreateInstance+0x2d56d DllCanUnloadNow-0xd4f87 mshtml+0x324a19 @ 0x72194a19
CTravelLog_CreateInstance+0x2d591 DllCanUnloadNow-0xd4f63 mshtml+0x324a3d @ 0x72194a3d
CTravelLog_CreateInstance+0x14dc1 DllCanUnloadNow-0xed733 mshtml+0x30c26d @ 0x7217c26d
CTravelLog_CreateInstance+0x1223f DllCanUnloadNow-0xf02b5 mshtml+0x3096eb @ 0x721796eb
CTravelLog_CreateInstance+0x12145 DllCanUnloadNow-0xf03af mshtml+0x3095f1 @ 0x721795f1
CTravelLog_CreateInstance+0x11bff DllCanUnloadNow-0xf08f5 mshtml+0x3090ab @ 0x721790ab
CTravelLog_CreateInstance+0x109f4 DllCanUnloadNow-0xf1b00 mshtml+0x307ea0 @ 0x72177ea0
CTravelLog_CreateInstance+0xdb2cf DllCanUnloadNow-0x27225 mshtml+0x3d277b @ 0x7224277b
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x769e9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x769e98da
CreateExtensionGuidEnumerator+0x37005 DllInstall-0x2828f ieframe+0x8b2cd @ 0x7fef4b7b2cd
DllRegisterServer+0x33bf4 CreateExtensionGuidEnumerator-0x1c7e4 ieframe+0x37ae4 @ 0x7fef4b27ae4
FastMimeGetFileExtension+0x9c53 LCIEUnpackString-0x6111 iertutil+0x153cf @ 0x76ec53cf
DllRegisterServer+0x14d67 CreateExtensionGuidEnumerator-0x3b671 ieframe+0x18c57 @ 0x7fef4b08c57
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76da652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x770fc521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80010012
exception.offset: 42141
exception.address: 0x7fefd7da49d
registers.r14: 0
registers.r15: 0
registers.rcx: 95391184
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 95418688
registers.r11: 95392944
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1922009898
registers.r13: 0
1 0 0
request GET http://tigerdrill.xyz/EYWCET97LV2U.cab
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2364
region_size: 13111296
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000024d0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2364
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000003150000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769ed000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a12000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769f4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a12000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc015000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc015000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feff0d4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefede1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2364
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769da000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2364
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002930000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2472
region_size: 3936256
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002570000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2472
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002930000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a41000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769ed000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a12000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769f4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a12000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc015000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc015000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feff0d4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefede1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769da000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769df000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769dd000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769db000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076da6000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077116000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076da1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769e0000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769da000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000770ef000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000770fb000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefdd17000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feff074000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feff071000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feff076000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feff071000
process_handle: 0xffffffffffffffff
1 0 0
Application Crash Process iexplore.exe with pid 2364 crashed
Application Crash Process iexplore.exe with pid 2472 crashed
Application Crash Process iexplore.exe with pid 2668 crashed
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd7da49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdaa73c3
CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7fefdd362ba
Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7fefdb6b949
CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7fefdd321d0
DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7fefdbed8a2
ObjectStublessClient5+0x183 IsValidInterface-0x105d ole32+0x31bb3 @ 0x7fefdbf1bb3
ObjectStublessClient5+0xf2 IsValidInterface-0x10ee ole32+0x31b22 @ 0x7fefdbf1b22
CoMarshalInterface+0x263f ObjectStublessClient5-0x245 ole32+0x317eb @ 0x7fefdbf17eb
CoMarshalInterface+0x226b ObjectStublessClient5-0x619 ole32+0x31417 @ 0x7fefdbf1417
CoSetState+0x45a DcomChannelSetHResult-0x1342 ole32+0x294fa @ 0x7fefdbe94fa
CoSetState+0x388 DcomChannelSetHResult-0x1414 ole32+0x29428 @ 0x7fefdbe9428
CoSetState+0xaa9 DcomChannelSetHResult-0xcf3 ole32+0x29b49 @ 0x7fefdbe9b49
CreateExtensionGuidEnumerator+0x366f9 DllInstall-0x28b9b ieframe+0x8a9c1 @ 0x7fef4b7a9c1
CreateExtensionGuidEnumerator+0xc0f6 DllInstall-0x5319e ieframe+0x603be @ 0x7fef4b503be
CreateExtensionGuidEnumerator+0x1052d DllInstall-0x4ed67 ieframe+0x647f5 @ 0x7fef4b547f5
CreateExtensionGuidEnumerator+0x104b4 DllInstall-0x4ede0 ieframe+0x6477c @ 0x7fef4b5477c
CreateExtensionGuidEnumerator+0x103e6 DllInstall-0x4eeae ieframe+0x646ae @ 0x7fef4b546ae
FastMimeGetFileExtension+0xd8c LCIEUnpackString-0xefd8 iertutil+0xc508 @ 0x76ebc508
CreateExtensionGuidEnumerator+0x6185 DllInstall-0x5910f ieframe+0x5a44d @ 0x7fef4b4a44d
DllRegisterServer+0x3f3cb CreateExtensionGuidEnumerator-0x1100d ieframe+0x432bb @ 0x7fef4b332bb
DllRegisterServer+0x557b CreateExtensionGuidEnumerator-0x4ae5d ieframe+0x946b @ 0x7fef4af946b
CreateExtensionGuidEnumerator+0x8fb DllInstall-0x5e999 ieframe+0x54bc3 @ 0x7fef4b44bc3
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76da652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x770fc521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706ba
exception.offset: 42141
exception.address: 0x7fefd7da49d
registers.r14: 0
registers.r15: 0
registers.rcx: 97178384
registers.rsi: 0
registers.r10: 88749072
registers.rbx: 0
registers.rsp: 97188064
registers.r11: 97180144
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1927997105
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd7da49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdaa73c3
CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7fefdd362ba
Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7fefdb6b949
CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7fefdd321d0
DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7fefdbed8a2
ObjectStublessClient5+0x88d IsValidInterface-0x953 ole32+0x322bd @ 0x7fefdbf22bd
ObjectStublessClient5+0xa27 IsValidInterface-0x7b9 ole32+0x32457 @ 0x7fefdbf2457
DcomChannelSetHResult+0x27b1 ObjectStublessClient3-0x10a3 ole32+0x2cfed @ 0x7fefdbecfed
IERegisterXMLNS+0xaa2f1 mshtml+0x8132e1 @ 0x726832e1
IERegisterXMLNS+0xa9d52 mshtml+0x812d42 @ 0x72682d42
CreateHTMLPropertyPage+0x2a43e GetColorValueFromString-0xfabb2 mshtml+0x6141be @ 0x724841be
CreateHTMLPropertyPage+0x650ba GetColorValueFromString-0xbff36 mshtml+0x64ee3a @ 0x724bee3a
DllCanUnloadNow+0x4ecdd DllEnumClassObjects-0x19bd73 mshtml+0x44867d @ 0x722b867d
MatchExactGetIDsOfNames+0x15bca5 DllGetClassObject-0x147bfb mshtml+0x1ad025 @ 0x7201d025
MatchExactGetIDsOfNames+0x8f40 DllGetClassObject-0x29a960 mshtml+0x5a2c0 @ 0x71eca2c0
MatchExactGetIDsOfNames+0x8ff22 DllGetClassObject-0x21397e mshtml+0xe12a2 @ 0x71f512a2
MatchExactGetIDsOfNames+0xafd5f DllGetClassObject-0x1f3b41 mshtml+0x1010df @ 0x71f710df
DllCanUnloadNow+0x7ee76 DllEnumClassObjects-0x16bbda mshtml+0x478816 @ 0x722e8816
MatchExactGetIDsOfNames+0x107c7a DllGetClassObject-0x19bc26 mshtml+0x158ffa @ 0x71fc8ffa
MatchExactGetIDsOfNames+0x123f8b DllGetClassObject-0x17f915 mshtml+0x17530b @ 0x71fe530b
CTravelLog_CreateInstance+0x1478a DllCanUnloadNow-0xedd6a mshtml+0x30bc36 @ 0x7217bc36
CTravelLog_CreateInstance+0x13d49 DllCanUnloadNow-0xee7ab mshtml+0x30b1f5 @ 0x7217b1f5
CTravelLog_CreateInstance+0x16684 DllCanUnloadNow-0xebe70 mshtml+0x30db30 @ 0x7217db30
DllGetClassObject+0x4c17e DllCanUnloadNow-0x3b7d2 jscript9+0x5cd5e @ 0x7fef1ddcd5e
DllGetClassObject+0x41f1f DllCanUnloadNow-0x45a31 jscript9+0x52aff @ 0x7fef1dd2aff
DllGetClassObject+0x41e15 DllCanUnloadNow-0x45b3b jscript9+0x529f5 @ 0x7fef1dd29f5
JsVarToExtension+0x5d2b DllGetClassObject-0x9795 jscript9+0x744b @ 0x7fef1d8744b
JsVarToExtension+0x5f1e DllGetClassObject-0x95a2 jscript9+0x763e @ 0x7fef1d8763e
JsVarToExtension+0x5e95 DllGetClassObject-0x962b jscript9+0x75b5 @ 0x7fef1d875b5
DllUnregisterServer+0x3e4f1 jscript9+0x1316e1 @ 0x7fef1eb16e1
DllCanUnloadNow+0x2af34 DllRegisterServer-0x2fd2c jscript9+0xc3464 @ 0x7fef1e43464
JsVarToExtension+0x41cc DllGetClassObject-0xb2f4 jscript9+0x58ec @ 0x7fef1d858ec
JsVarToExtension+0x4137 DllGetClassObject-0xb389 jscript9+0x5857 @ 0x7fef1d85857
JsVarToExtension+0x443a DllGetClassObject-0xb086 jscript9+0x5b5a @ 0x7fef1d85b5a
JsVarToExtension+0x627b DllGetClassObject-0x9245 jscript9+0x799b @ 0x7fef1d8799b
DllCanUnloadNow+0x2aa56 DllRegisterServer-0x3020a jscript9+0xc2f86 @ 0x7fef1e42f86
JsVarToExtension+0x41cc DllGetClassObject-0xb2f4 jscript9+0x58ec @ 0x7fef1d858ec
JsVarToExtension+0x4137 DllGetClassObject-0xb389 jscript9+0x5857 @ 0x7fef1d85857
JsVarToExtension+0x443a DllGetClassObject-0xb086 jscript9+0x5b5a @ 0x7fef1d85b5a
JsVarToExtension+0x43b6 DllGetClassObject-0xb10a jscript9+0x5ad6 @ 0x7fef1d85ad6
JsVarToExtension+0x3909 DllGetClassObject-0xbbb7 jscript9+0x5029 @ 0x7fef1d85029
DllGetClassObject+0x1405e DllCanUnloadNow-0x738f2 jscript9+0x24c3e @ 0x7fef1da4c3e
DllGetClassObject+0x13eb1 DllCanUnloadNow-0x73a9f jscript9+0x24a91 @ 0x7fef1da4a91
DllGetClassObject+0x146a6 DllCanUnloadNow-0x732aa jscript9+0x25286 @ 0x7fef1da5286
MatchExactGetIDsOfNames+0x1c027b DllGetClassObject-0xe3625 mshtml+0x2115fb @ 0x720815fb
MatchExactGetIDsOfNames+0x1c015e DllGetClassObject-0xe3742 mshtml+0x2114de @ 0x720814de
MatchExactGetIDsOfNames+0x1c08ac DllGetClassObject-0xe2ff4 mshtml+0x211c2c @ 0x72081c2c
MatchExactGetIDsOfNames+0x1c0b5b DllGetClassObject-0xe2d45 mshtml+0x211edb @ 0x72081edb
CTravelLog_CreateInstance+0x6ff19 DllCanUnloadNow-0x925db mshtml+0x3673c5 @ 0x721d73c5
CTravelLog_CreateInstance+0x12064 DllCanUnloadNow-0xf0490 mshtml+0x309510 @ 0x72179510
CTravelLog_CreateInstance+0x11ee3 DllCanUnloadNow-0xf0611 mshtml+0x30938f @ 0x7217938f
CTravelLog_CreateInstance+0x1223f DllCanUnloadNow-0xf02b5 mshtml+0x3096eb @ 0x721796eb
CTravelLog_CreateInstance+0x12145 DllCanUnloadNow-0xf03af mshtml+0x3095f1 @ 0x721795f1
CTravelLog_CreateInstance+0x11bff DllCanUnloadNow-0xf08f5 mshtml+0x3090ab @ 0x721790ab
CTravelLog_CreateInstance+0x109f4 DllCanUnloadNow-0xf1b00 mshtml+0x307ea0 @ 0x72177ea0
CTravelLog_CreateInstance+0xdb2cf DllCanUnloadNow-0x27225 mshtml+0x3d277b @ 0x7224277b
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x769e9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x769e98da
CreateExtensionGuidEnumerator+0x37005 DllInstall-0x2828f ieframe+0x8b2cd @ 0x7fef4b7b2cd
DllRegisterServer+0x33bf4 CreateExtensionGuidEnumerator-0x1c7e4 ieframe+0x37ae4 @ 0x7fef4b27ae4
FastMimeGetFileExtension+0x9c53 LCIEUnpackString-0x6111 iertutil+0x153cf @ 0x76ec53cf
DllRegisterServer+0x14d67 CreateExtensionGuidEnumerator-0x3b671 ieframe+0x18c57 @ 0x7fef4b08c57
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76da652d

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x800706be
exception.offset: 42141
exception.address: 0x7fefd7da49d
registers.r14: 0
registers.r15: 0
registers.rcx: 53846608
registers.rsi: 0
registers.r10: 86834528
registers.rbx: 0
registers.rsp: 53870464
registers.r11: 53848368
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1947571652
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd7da49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdaa73c3
CoGetInstanceFromFile+0xa70a HACCEL_UserFree-0x16c6 ole32+0x1762ba @ 0x7fefdd362ba
Ndr64AsyncServerCallAll+0x14c9 Ndr64AsyncClientCall-0x517 rpcrt4+0xdb949 @ 0x7fefdb6b949
CoGetInstanceFromFile+0x6620 HACCEL_UserFree-0x57b0 ole32+0x1721d0 @ 0x7fefdd321d0
DcomChannelSetHResult+0x3066 ObjectStublessClient3-0x7ee ole32+0x2d8a2 @ 0x7fefdbed8a2
ObjectStublessClient5+0x183 IsValidInterface-0x105d ole32+0x31bb3 @ 0x7fefdbf1bb3
ObjectStublessClient5+0xf2 IsValidInterface-0x10ee ole32+0x31b22 @ 0x7fefdbf1b22
CoMarshalInterface+0x263f ObjectStublessClient5-0x245 ole32+0x317eb @ 0x7fefdbf17eb
CoMarshalInterface+0x226b ObjectStublessClient5-0x619 ole32+0x31417 @ 0x7fefdbf1417
CoSetState+0x45a DcomChannelSetHResult-0x1342 ole32+0x294fa @ 0x7fefdbe94fa
CoSetState+0x388 DcomChannelSetHResult-0x1414 ole32+0x29428 @ 0x7fefdbe9428
CoSetState+0xaa9 DcomChannelSetHResult-0xcf3 ole32+0x29b49 @ 0x7fefdbe9b49
CoInternetGetSession+0x655b MkParseDisplayNameEx-0x1a711 urlmon+0x55b5f @ 0x76c85b5f
ImportPrivacySettings+0x4017 IEAssociateThreadWithTab-0xa0531 ieframe+0x113417 @ 0x7fef4c03417
ImportPrivacySettings+0xa890 IEAssociateThreadWithTab-0x99cb8 ieframe+0x119c90 @ 0x7fef4c09c90
ImportPrivacySettings+0x7d103 IEAssociateThreadWithTab-0x27445 ieframe+0x18c503 @ 0x7fef4c7c503
ImportPrivacySettings+0x6b111 IEAssociateThreadWithTab-0x39437 ieframe+0x17a511 @ 0x7fef4c6a511
ImportPrivacySettings+0x6c023 IEAssociateThreadWithTab-0x38525 ieframe+0x17b423 @ 0x7fef4c6b423
ImportPrivacySettings+0x6d680 IEAssociateThreadWithTab-0x36ec8 ieframe+0x17ca80 @ 0x7fef4c6ca80
IEDisassociateThreadWithTab+0x1485e SoftwareUpdateMessageBox-0x6bdf2 ieframe+0x1c8252 @ 0x7fef4cb8252
ImportPrivacySettings+0x71268 IEAssociateThreadWithTab-0x332e0 ieframe+0x180668 @ 0x7fef4c70668
ImportPrivacySettings+0x71927 IEAssociateThreadWithTab-0x32c21 ieframe+0x180d27 @ 0x7fef4c70d27
IEDisassociateThreadWithTab+0x1c4cd SoftwareUpdateMessageBox-0x64183 ieframe+0x1cfec1 @ 0x7fef4cbfec1
IEDisassociateThreadWithTab+0x17422 SoftwareUpdateMessageBox-0x6922e ieframe+0x1cae16 @ 0x7fef4cbae16
ImportPrivacySettings+0x12fd7 IEAssociateThreadWithTab-0x91571 ieframe+0x1223d7 @ 0x7fef4c123d7
ImportPrivacySettings+0x13191 IEAssociateThreadWithTab-0x913b7 ieframe+0x122591 @ 0x7fef4c12591
ImportPrivacySettings+0x1324c IEAssociateThreadWithTab-0x912fc ieframe+0x12264c @ 0x7fef4c1264c
CTravelLog_CreateInstance+0x14ee7 DllCanUnloadNow-0xed60d mshtml+0x30c393 @ 0x7217c393
CTravelLog_CreateInstance+0x12644 DllCanUnloadNow-0xefeb0 mshtml+0x309af0 @ 0x72179af0
CTravelLog_CreateInstance+0x161c7 DllCanUnloadNow-0xec32d mshtml+0x30d673 @ 0x7217d673
CTravelLog_CreateInstance+0x2d56d DllCanUnloadNow-0xd4f87 mshtml+0x324a19 @ 0x72194a19
CTravelLog_CreateInstance+0x2d591 DllCanUnloadNow-0xd4f63 mshtml+0x324a3d @ 0x72194a3d
CTravelLog_CreateInstance+0x14dc1 DllCanUnloadNow-0xed733 mshtml+0x30c26d @ 0x7217c26d
CTravelLog_CreateInstance+0x1223f DllCanUnloadNow-0xf02b5 mshtml+0x3096eb @ 0x721796eb
CTravelLog_CreateInstance+0x12145 DllCanUnloadNow-0xf03af mshtml+0x3095f1 @ 0x721795f1
CTravelLog_CreateInstance+0x11bff DllCanUnloadNow-0xf08f5 mshtml+0x3090ab @ 0x721790ab
CTravelLog_CreateInstance+0x109f4 DllCanUnloadNow-0xf1b00 mshtml+0x307ea0 @ 0x72177ea0
CTravelLog_CreateInstance+0xdb2cf DllCanUnloadNow-0x27225 mshtml+0x3d277b @ 0x7224277b
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x769e9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x769e98da
CreateExtensionGuidEnumerator+0x37005 DllInstall-0x2828f ieframe+0x8b2cd @ 0x7fef4b7b2cd
DllRegisterServer+0x33bf4 CreateExtensionGuidEnumerator-0x1c7e4 ieframe+0x37ae4 @ 0x7fef4b27ae4
FastMimeGetFileExtension+0x9c53 LCIEUnpackString-0x6111 iertutil+0x153cf @ 0x76ec53cf
DllRegisterServer+0x14d67 CreateExtensionGuidEnumerator-0x3b671 ieframe+0x18c57 @ 0x7fef4b08c57
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76da652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x770fc521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80010012
exception.offset: 42141
exception.address: 0x7fefd7da49d
registers.r14: 0
registers.r15: 0
registers.rcx: 95391184
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 95418688
registers.r11: 95392944
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1922009898
registers.r13: 0
1 0 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2472
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x000007fffff80000
process_handle: 0xffffffffffffffff
1 0 0
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
cmdline "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2364 CREDAT:210949
cmdline "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2364 CREDAT:276481
cmdline "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2364 CREDAT:145409
ALYac Generic.JS.Downloader.Z.39665A4E
Arcabit Generic.JS.Downloader.Z.39665A4E
Symantec Exp.CVE-2021-40444!g1
Kaspersky HEUR:Exploit.Script.Generic
BitDefender Generic.JS.Downloader.Z.39665A4E
MicroWorld-eScan Generic.JS.Downloader.Z.39665A4E
Ad-Aware Generic.JS.Downloader.Z.39665A4E
FireEye Generic.JS.Downloader.Z.39665A4E
Emsisoft Generic.JS.Downloader.Z.39665A4E (B)
Ikarus Exploit.CVE-2021-40444
ZoneAlarm HEUR:Exploit.Script.Generic
GData Generic.JS.Downloader.Z.39665A4E
MAX malware (ai score=83)
Fortinet JS/CVE_2021_40444.181B!exploit
Process injection Process 2364 resumed a thread in remote process 2472
Process injection Process 2364 resumed a thread in remote process 2668
Process injection Process 2364 resumed a thread in remote process 2928
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x0000000000000368
suspend_count: 1
process_identifier: 2472
1 0 0

NtResumeThread

 thread_handle: 0x00000000000004f8
suspend_count: 1
process_identifier: 2668
1 0 0

NtResumeThread

 thread_handle: 0x00000000000004f4
suspend_count: 1
process_identifier: 2928
1 0 0