popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

http://achillharpfestival.ie/wp-content/plugins/dbzytgojke/mail.php

Downloader HTTP ScreenShot Create Service KeyLogger Internet API P2P DGA Hijack Network persistence FTP Socket Escalate priviledges Http API DNS Code injection Sniff Audio Steal credential AntiDebug BitCoin JPEG Format AntiVM MSOffice File
  1. Resubmit sample
Category Machine Started Completed
URL s1_win7_x6401 March 5, 2023, 2:06 a.m. March 5, 2023, 2:09 a.m.
URL http://achillharpfestival.ie/wp-content/plugins/dbzytgojke/mail.php

Name Response Post-Analysis Lookup
fonts.gstatic.com
A 142.250.204.131
142.250.207.99
achillharpfestival.ie
A 78.153.210.23
78.153.210.23
fonts.googleapis.com
A 142.250.66.138
142.250.207.106
IP Address Status Action
117.18.232.200 Active Moloch
142.250.204.131 Active Moloch
142.250.66.138 Active Moloch
164.124.101.2 Active Moloch
78.153.210.23 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49171 -> 78.153.210.23:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 117.18.232.200:443 -> 192.168.56.101:49176 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49173 -> 117.18.232.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49187 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49182 -> 78.153.210.23:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49193 -> 78.153.210.23:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49199 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49202 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49174 -> 117.18.232.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49175 -> 117.18.232.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49183 -> 78.153.210.23:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49172 -> 117.18.232.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 117.18.232.200:443 -> 192.168.56.101:49177 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49185 -> 142.250.66.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49186 -> 142.250.66.138:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49210 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49197 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49212 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49189 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49188 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49190 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49192 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49200 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49196 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49201 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49194 -> 78.153.210.23:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49211 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49205 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49208 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49206 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49209 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49191 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49195 -> 78.153.210.23:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49204 -> 142.250.204.131:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49215 -> 78.153.210.23:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49171
78.153.210.23:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=achillharpfestival.ie c7:2c:0a:8a:81:8f:a5:32:2e:3a:13:15:cf:02:38:eb:1f:cc:7d:5b
TLSv1
192.168.56.101:49187
142.250.204.131:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.gstatic.com db:6c:b4:9c:fe:10:5b:f9:a9:cf:05:d5:95:e5:84:ea:fe:f1:67:de
TLSv1
192.168.56.101:49182
78.153.210.23:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=achillharpfestival.ie c7:2c:0a:8a:81:8f:a5:32:2e:3a:13:15:cf:02:38:eb:1f:cc:7d:5b
TLSv1
192.168.56.101:49193
78.153.210.23:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=achillharpfestival.ie c7:2c:0a:8a:81:8f:a5:32:2e:3a:13:15:cf:02:38:eb:1f:cc:7d:5b
TLSv1
192.168.56.101:49199
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49202
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49183
78.153.210.23:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=achillharpfestival.ie c7:2c:0a:8a:81:8f:a5:32:2e:3a:13:15:cf:02:38:eb:1f:cc:7d:5b
TLSv1
192.168.56.101:49185
142.250.66.138:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=upload.video.google.com 2e:01:79:0a:f4:af:b4:b2:18:5f:56:ea:ed:84:40:c2:63:9f:2c:90
TLSv1
192.168.56.101:49186
142.250.66.138:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=upload.video.google.com 2e:01:79:0a:f4:af:b4:b2:18:5f:56:ea:ed:84:40:c2:63:9f:2c:90
TLSv1
192.168.56.101:49210
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49197
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49212
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49189
142.250.204.131:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.gstatic.com db:6c:b4:9c:fe:10:5b:f9:a9:cf:05:d5:95:e5:84:ea:fe:f1:67:de
TLSv1
192.168.56.101:49188
142.250.204.131:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.gstatic.com db:6c:b4:9c:fe:10:5b:f9:a9:cf:05:d5:95:e5:84:ea:fe:f1:67:de
TLSv1
192.168.56.101:49190
142.250.204.131:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.gstatic.com db:6c:b4:9c:fe:10:5b:f9:a9:cf:05:d5:95:e5:84:ea:fe:f1:67:de
TLSv1
192.168.56.101:49192
142.250.204.131:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.gstatic.com db:6c:b4:9c:fe:10:5b:f9:a9:cf:05:d5:95:e5:84:ea:fe:f1:67:de
TLSv1
192.168.56.101:49200
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49196
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49201
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49194
78.153.210.23:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=achillharpfestival.ie c7:2c:0a:8a:81:8f:a5:32:2e:3a:13:15:cf:02:38:eb:1f:cc:7d:5b
TLSv1
192.168.56.101:49211
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49205
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49208
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49206
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49209
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49191
142.250.204.131:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.gstatic.com db:6c:b4:9c:fe:10:5b:f9:a9:cf:05:d5:95:e5:84:ea:fe:f1:67:de
TLSv1
192.168.56.101:49195
78.153.210.23:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=achillharpfestival.ie c7:2c:0a:8a:81:8f:a5:32:2e:3a:13:15:cf:02:38:eb:1f:cc:7d:5b
TLSv1
192.168.56.101:49204
142.250.204.131:443 		None None None
TLSv1
192.168.56.101:49215
78.153.210.23:443 		C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA CN=achillharpfestival.ie c7:2c:0a:8a:81:8f:a5:32:2e:3a:13:15:cf:02:38:eb:1f:cc:7d:5b

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd4fa49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdba73c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefd9243bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdbc5295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdbc2799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdc6af1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdc6b76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdbc48d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefda50883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefda50ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefda50c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefd90a4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefd91d551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefda5347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefda5122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefda53542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefd91d42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefd91d1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x769c9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x769c98da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefd91d0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefda43e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefd8f0106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefd8f0182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefd4fa49d
registers.r14: 0
registers.r15: 0
registers.rcx: 95936912
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 95942864
registers.r11: 95938672
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1934641852
registers.r13: 0
1 0 0
request GET http://achillharpfestival.ie/wp-content/plugins/dbzytgojke/mail.php
request GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
request GET https://achillharpfestival.ie/wp-content/plugins/dbzytgojke/mail.php
request GET https://achillharpfestival.ie/wp-includes/js/wp-emoji-release.min.js?ver=6.0
request GET https://achillharpfestival.ie/wp-content/plugins/jeg-elementor-kit/assets/css/elements/main.css?ver=2.4.3
request GET https://achillharpfestival.ie/wp-includes/css/dist/block-library/style.min.css?ver=6.0
request GET https://achillharpfestival.ie/wp-content/plugins/auto-terms-of-service-and-privacy-policy/css/wpautoterms.css?ver=6.0
request GET https://achillharpfestival.ie/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-public.css?ver=2.1.2
request GET https://achillharpfestival.ie/wp-content/plugins/cookie-law-info/public/css/cookie-law-info-gdpr.css?ver=2.1.2
request GET https://achillharpfestival.ie/wp-content/plugins/email-encoder-bundle/core/includes/assets/css/style.css?ver=220330-115215
request GET https://achillharpfestival.ie/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.min.css?ver=1
request GET https://achillharpfestival.ie/wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/menu-item/style.min.css?ver=1
request GET https://achillharpfestival.ie/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.11
request GET https://achillharpfestival.ie/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
request GET https://achillharpfestival.ie/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.6.7
request GET https://achillharpfestival.ie/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.7.2
request GET https://achillharpfestival.ie/wp-content/plugins/image-hover-effects-addon-for-elementor/assets/style.min.css?ver=1.3.7
request GET https://achillharpfestival.ie/wp-content/plugins/jetsticky-for-elementor/assets/css/jet-sticky-frontend.css?ver=1.0.3
request GET https://achillharpfestival.ie/wp-content/plugins/elementor/assets/lib/font-awesome/css/all.min.css?ver=5.1.8
request GET https://achillharpfestival.ie/wp-content/plugins/elementor/assets/lib/font-awesome/css/v4-shims.min.css?ver=5.1.8
request GET https://achillharpfestival.ie/wp-content/themes/hello-elementor/style.min.css?ver=2.5.0
request GET https://achillharpfestival.ie/wp-content/themes/hello-elementor/theme.min.css?ver=2.5.0
request GET https://achillharpfestival.ie/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.11
request GET https://achillharpfestival.ie/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/css/ekiticons.css?ver=2.6.2
request GET https://achillharpfestival.ie/wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=2.6.2
request GET https://achillharpfestival.ie/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=2.6.2
request GET https://fonts.googleapis.com/css?family=Staatliches%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CDM+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7COpen+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0
request GET https://achillharpfestival.ie/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
request GET https://achillharpfestival.ie/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.3
request GET https://achillharpfestival.ie/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
request GET https://achillharpfestival.ie/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
request GET https://achillharpfestival.ie/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
request GET https://achillharpfestival.ie/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
request GET https://achillharpfestival.ie/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
request GET https://achillharpfestival.ie/wp-includes/js/dist/dom-ready.min.js?ver=d996b53411d1533a84951212ab6ac4ff
request GET https://achillharpfestival.ie/wp-content/plugins/auto-terms-of-service-and-privacy-policy/js/base.js?ver=2.4.9
request GET https://achillharpfestival.ie/wp-content/plugins/cookie-law-info/public/js/cookie-law-info-public.js?ver=2.1.2
request GET https://achillharpfestival.ie/wp-content/plugins/email-encoder-bundle/core/includes/assets/js/custom.js?ver=220330-115215
request GET https://achillharpfestival.ie/wp-content/plugins/elementor/assets/lib/font-awesome/js/v4-shims.min.js?ver=5.1.8
request GET https://achillharpfestival.ie/wp-content/uploads/2021/09/Achill-International-Harp-Festival-Logo-Purple.png
request GET https://achillharpfestival.ie/wp-content/uploads/2021/09/Achill-International-Harp-Festival-Logo-White.png
request GET https://achillharpfestival.ie/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/fonts/elementskit.woff?y24e1e
request GET https://fonts.gstatic.com/s/dmsans/v11/rP2Fp2ywxg089UriCZa4Hz-F.woff
request GET https://fonts.gstatic.com/s/dmsans/v11/rP2Ap2ywxg089UriCZaw7ByWCXwV.woff
request GET https://fonts.gstatic.com/s/dmsans/v11/rP2Cp2ywxg089UriASitCBimDQ.woff
request GET https://fonts.gstatic.com/s/dmsans/v11/rP2Ap2ywxg089UriCZawpBqWCXwV.woff
request GET https://fonts.gstatic.com/s/dmsans/v11/rP2Cp2ywxg089UriAWCrCBimDQ.woff
request GET https://fonts.gstatic.com/s/dmsans/v11/rP2Hp2ywxg089UriCZOIGw.woff
request GET https://achillharpfestival.ie/wp-content/plugins/elementor/assets/lib/eicons/fonts/eicons.eot?5.15.0
request GET https://achillharpfestival.ie/wp-content/uploads/2021/09/DSC_0199-edit.jpg
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2716
region_size: 14487552
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002490000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2716
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000003260000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769cd000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769f2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769d4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769f2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefbca5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefbca5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefefc4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefdcd1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769ba000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2716
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000028d0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2716
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000074213000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2800
region_size: 12259328
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000003070000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2800
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000003c20000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769cd000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769f2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769d4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769f2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefbca5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefbca5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefefc4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefdcd1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769ba000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769bf000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769bd000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769bb000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c26000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076d76000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769c0000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769ba000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076d4f000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076d5b000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefda37000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefef64000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefef61000
process_handle: 0xffffffffffffffff
1 0 0
Application Crash Process iexplore.exe with pid 2716 crashed
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd4fa49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdba73c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefd9243bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdbc5295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdbc2799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdc6af1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdc6b76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdbc48d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefda50883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefda50ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefda50c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefd90a4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefd91d551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefda5347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefda5122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefda53542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefd91d42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefd91d1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x769c9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x769c98da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefd91d0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefda43e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefd8f0106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefd8f0182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefd4fa49d
registers.r14: 0
registers.r15: 0
registers.rcx: 95936912
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 95942864
registers.r11: 95938672
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1934641852
registers.r13: 0
1 0 0
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\widget-scripts[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\jquery.smartmenus.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\wp-polyfill.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\frontend.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\swiper.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\custom[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\cookie-law-info-public[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\sticky-element[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\dom-ready.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\jet-sticky-frontend[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\frontend[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\waypoints.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\ResizeSensor.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\jquery.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\animate-circle[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\jquery.jsticky[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\encoder-form[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\sticky-sidebar.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\elements-handlers.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\webpack-pro.runtime.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\base[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\frontend-script[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\jquery-migrate.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\v4-shims.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\frontend-modules.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\core.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\regenerator-runtime.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\elementor[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\i18n.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\frontend.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\webpack.runtime.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\wp-emoji-release.min[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\hooks.min[1].js
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x000007fffff70000
process_handle: 0xffffffffffffffff
1 0 0
url https://ssl.pstatic.net/tveta/libs/1287/1287046/6df1cc02334922baa2d4_20200806172035021.jpg
url https://ssl.pstatic.net/static/pwe/common/img_use_mobile_version.png
url http://uk.ask.com/favicon.ico
url https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wWA.woff
url http://crl.identrust.com/DSTROOTCAX3CRL.crl0
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/477.png
url http://www.cnet.com/favicon.ico
url https://castbox.shopping.naver.com/js/lazyload.js
url https://s.pstatic.net/shopping.phinf/20200729_1/2931dd60-1842-4048-a39c-1e3389db4a0e.jpg
url http://search.hanafos.com/favicon.ico
url https://ssl.pstatic.net/tveta/libs/1298/1298853/743c01d46e807a376d99_20200730182507675.png
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/820.png
url http://search.livedoor.com/favicon.ico
url https://file-examples-com.github.io/uploads/2017/02/file-sample_1MB.doc
url https://s.pstatic.net/shopping.phinf/20211025_16/fb4391ad-80a4-4058-a54e-c294a35d0275.jpg?type=f214_292
url https://achillharpfestival.ie/wp-content/plugins/auto-terms-of-service-and-privacy-policy/css/wpautoterms.css?ver=6.0
url http://blogimgs.naver.com/nblog/skins/happybean/bg-head.gif
url http://www.amazon.co.jp/
url http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
url http://yellowpages.superpages.com/
url https://achillharpfestival.ie/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=2.6.2
url https://www.naver.com
url https://s.pstatic.net/shopping.phinf/20211028_9/adf7905c-28ea-4ddf-93b2-aa96dad57752.jpg
url https://s.pstatic.net/shopping.phinf/20200806_26/3cad46ab-3fa4-4756-9e01-d61372890bd0.jpg
url https://s.pstatic.net/dthumb.phinf/?src=%22http%3A%2F%2Fstatic.naver.net%2Fwww%2Fmobile%2Fedit%2F2020%2F0804%2Fmobile_212629657646c.jpg%22
url https://my.sendinblue.com/public/theme/version4/assets/images/loader_sblue.gif
url https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F20211029_1095%2Fupload_163546934024588ZQX.jpg%22
url https://ssl.pstatic.net/static/pwe/nm/sp_mail_setup_140716.png
url http://search.sify.com/
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/410.png
url http://search.msn.com/results.aspx?q=
url https://s.pstatic.net/shopping.phinf/20200731_21/4628ed28-27dc-4586-871c-f7f22524da89.jpg?type=f214_292
url https://s.pstatic.net/imgshopping/static/sb/js/sb/nclktagS01_v1.js?v=2020080314
url https://ssl.pstatic.net/tveta/libs/1299/1299024/c033376e145702a0a471_20200806171156016.jpg
url https://fonts.googleapis.com/css?family=Open
url http://isrg.trustid.ocsp.identrust.com0
url http://si.wikipedia.org/w/api.php?action=opensearch
url http://www.signatur.rtr.at/de/directory/cps.html0
url http://search.ebay.fr/
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/921.png
url https://file-examples.com/wp-content/themes/file-examples/vendor/font-awesome/fonts/fontawesome-webfont.eot?
url http://www.certplus.com/CRL/class3TS.crl0
url https://s.pstatic.net/shopping.phinf/20200603_16/34b72b79-bb6a-40b2-b35d-ae82e0ee5115.jpg
url http://it.wikipedia.org/favicon.ico
url http://uk.ask.com/
url https://fonts.gstatic.com/s/muli/v22/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30e4.woff
url https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F20211027_1095%2Fupload_1635293110459bqWPi.jpg%22
url https://s.pstatic.net/static/www/img/uit/2020/sp_shop.4e0461.png
url http://www.google.cz/
url http://search.ebay.co.uk/
description Create a windows service rule Create_Service
description Communication using DGA rule Network_DGA
description Communications over RAW Socket rule Network_TCP_Socket
description Take ScreenShot rule ScreenShot
description Communications use DNS rule Network_DNS
description Match Windows Inet API call rule Str_Win32_Internet_API
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description PWS Memory rule Generic_PWS_Memory_Zero
description Hijack network configuration rule Hijack_Network
description Record Audio rule Sniff_Audio
description Communications over HTTP rule Network_HTTP
description Steal credential rule local_credential_Steal
description Run a KeyLogger rule KeyLogger
description Communications over P2P network rule Network_P2P_Win
description File Downloader rule Network_Downloader
description Escalate priviledges rule Escalate_priviledges
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerCheck__RemoteAPI
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__ConsoleCtrl
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description (no description) rule Check_Dlls
description Checks if being debugged rule anti_dbg
description Anti-Sandbox checks for ThreatExpert rule antisb_threatExpert
description Bypass DEP rule disable_dep
description Affect hook table rule win_hook
description Install itself for autorun at Windows startup rule Persistence
description Communications over FTP rule Network_FTP
description Match Windows Http API call rule Str_Win32_Http_API
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Match Windows Inet API call rule Str_Win32_Internet_API
description PWS Memory rule Generic_PWS_Memory_Zero
description Virtual currency rule Virtual_currency_Zero
description Possibly employs anti-virtualization techniques rule vmdetect
description Bypass DEP rule disable_dep
description Match Windows Http API call rule Str_Win32_Http_API
cmdline "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2716 CREDAT:145409
host 117.18.232.200
Process injection Process 2716 resumed a thread in remote process 2800
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x0000000000000330
suspend_count: 1
process_identifier: 2800
1 0 0