popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

https://vk.com/doc10773776_660112299?hash=I2VLI6zO1UlHlLAqxkcgyoPp4Hkne10esOuPGssj5tk&dl=GEYDONZTG43TM:1677317418:ZCN9zeL9nd2BautKyDoGqekAf2LqZudHP1fSmVyEffs&api=1&no_preview=1#the1

Downloader FTP Code injection DGA HTTP Socket ScreenShot Hijack Network Create Service KeyLogger Internet API Sniff Audio DNS Escalate priviledges Http API Steal credential persistence P2P MSOffice File AntiVM AntiDebug
  1. Resubmit sample
Category Machine Started Completed
URL s1_win7_x6401 March 5, 2023, 3:58 a.m. March 5, 2023, 4 a.m.
URL https://vk.com/doc10773776_660112299?hash=I2VLI6zO1UlHlLAqxkcgyoPp4Hkne10esOuPGssj5tk&dl=GEYDONZTG43TM:1677317418:ZCN9zeL9nd2BautKyDoGqekAf2LqZudHP1fSmVyEffs&api=1&no_preview=1#the1

Name Response Post-Analysis Lookup
st6-22.vk.com
A 95.142.206.2
CNAME sun6-22.userapi.com
95.142.206.2
vk.com
A 87.240.129.133
A 87.240.132.72
A 87.240.132.67
A 87.240.137.164
A 93.186.225.194
A 87.240.132.78
87.240.132.67
login.vk.com
A 87.240.129.135
A 87.240.129.181
87.240.129.135
IP Address Status Action
117.18.232.200 Active Moloch
164.124.101.2 Active Moloch
87.240.129.181 Active Moloch
87.240.132.67 Active Moloch
95.142.206.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49168 -> 87.240.132.67:443 2038650 ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49168 -> 87.240.132.67:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49171 -> 87.240.132.67:443 2038650 ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49171 -> 87.240.132.67:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49185 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49175 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49173 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
UDP 192.168.56.101:59002 -> 164.124.101.2:53 2038648 ET INFO URL Shortening Service Domain in DNS Lookup (vk .com) Potentially Bad Traffic
TCP 192.168.56.101:49170 -> 87.240.132.67:443 2038650 ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49170 -> 87.240.132.67:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49169 -> 87.240.132.67:443 2038650 ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49169 -> 87.240.132.67:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49178 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49176 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49181 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49186 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49180 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49183 -> 87.240.129.181:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49189 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49190 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49177 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49167 -> 87.240.132.67:443 2038650 ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49167 -> 87.240.132.67:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49172 -> 87.240.132.67:443 2038650 ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.101:49172 -> 87.240.132.67:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49184 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49187 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49174 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49197 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49191 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49182 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49194 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49188 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49192 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49200 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49193 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49195 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49198 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49196 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49199 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49202 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49208 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 117.18.232.200:443 -> 192.168.56.101:49218 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49207 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49211 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49212 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49216 -> 117.18.232.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49217 -> 117.18.232.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49201 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49209 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49204 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49210 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49203 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49205 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49206 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49168
87.240.132.67:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 50:24:2a:d1:17:55:8b:34:61:58:4d:21:51:d3:9a:ae:ce:a7:06:97
TLSv1
192.168.56.101:49171
87.240.132.67:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 50:24:2a:d1:17:55:8b:34:61:58:4d:21:51:d3:9a:ae:ce:a7:06:97
TLSv1
192.168.56.101:49185
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49175
95.142.206.2:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 8b:96:fa:92:57:99:e9:b5:8e:63:db:6b:bd:82:24:de:20:13:b6:a0
TLSv1
192.168.56.101:49173
95.142.206.2:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 8b:96:fa:92:57:99:e9:b5:8e:63:db:6b:bd:82:24:de:20:13:b6:a0
TLSv1
192.168.56.101:49170
87.240.132.67:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 50:24:2a:d1:17:55:8b:34:61:58:4d:21:51:d3:9a:ae:ce:a7:06:97
TLSv1
192.168.56.101:49169
87.240.132.67:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 50:24:2a:d1:17:55:8b:34:61:58:4d:21:51:d3:9a:ae:ce:a7:06:97
TLSv1
192.168.56.101:49176
95.142.206.2:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 8b:96:fa:92:57:99:e9:b5:8e:63:db:6b:bd:82:24:de:20:13:b6:a0
TLSv1
192.168.56.101:49178
95.142.206.2:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 8b:96:fa:92:57:99:e9:b5:8e:63:db:6b:bd:82:24:de:20:13:b6:a0
TLSv1
192.168.56.101:49181
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49186
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49180
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49183
87.240.129.181:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 1a:b2:75:01:32:fe:a4:5c:58:ef:57:24:44:65:8c:a1:8b:d1:fe:c4
TLSv1
192.168.56.101:49189
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49190
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49177
95.142.206.2:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 8b:96:fa:92:57:99:e9:b5:8e:63:db:6b:bd:82:24:de:20:13:b6:a0
TLSv1
192.168.56.101:49167
87.240.132.67:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 50:24:2a:d1:17:55:8b:34:61:58:4d:21:51:d3:9a:ae:ce:a7:06:97
TLSv1
192.168.56.101:49172
87.240.132.67:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 50:24:2a:d1:17:55:8b:34:61:58:4d:21:51:d3:9a:ae:ce:a7:06:97
TLSv1
192.168.56.101:49184
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49187
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49174
95.142.206.2:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 8b:96:fa:92:57:99:e9:b5:8e:63:db:6b:bd:82:24:de:20:13:b6:a0
TLSv1
192.168.56.101:49197
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49191
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49182
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49194
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49188
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49200
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49192
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49193
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49195
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49198
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49196
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49199
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49202
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49208
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49207
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49211
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49212
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49201
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49204
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49210
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49209
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49203
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49205
95.142.206.2:443 		None None None
TLSv1
192.168.56.101:49206
95.142.206.2:443 		None None None

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd4fa49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdba73c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefd9243bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdbc5295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdbc2799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdc6af1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdc6b76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdbc48d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefda50883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefda50ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefda50c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefd90a4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefd91d551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefda5347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefda5122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefda53542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefd91d42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefd91d1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x769c9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x769c98da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefd91d0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefda43e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefd8f0106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefd8f0182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefd4fa49d
registers.r14: 0
registers.r15: 0
registers.rcx: 105767952
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 105773904
registers.r11: 105769712
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1890209178
registers.r13: 0
1 0 0
request GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
request GET https://vk.com/doc10773776_660112299?hash=I2VLI6zO1UlHlLAqxkcgyoPp4Hkne10esOuPGssj5tk&dl=GEYDONZTG43TM:1677317418:ZCN9zeL9nd2BautKyDoGqekAf2LqZudHP1fSmVyEffs&api=1&no_preview=1
request GET https://vk.com/js/loader_nav20746467872_17.js
request GET https://vk.com/js/lang17_0.js?27965938
request GET https://vk.com/js/lib/px.js?ch=1
request GET https://vk.com/dist/web/language.13cbd4193255cbaaab3a.js?c9e9113960ae98d68204079f43f790dd
request GET https://vk.com/js/lib/px.js?ch=2
request GET https://st6-22.vk.com/dist/polyfills.1881adbf36454e07c9c6.js?a69ef34dc1979f8d5126
request GET https://st6-22.vk.com/dist/web/polyfills/cookie_manager.8cfe6896e33857a19781.js?0afee3c7b5f648f55648a21de4cfaae9
request GET https://st6-22.vk.com/css/al/fonts_utf.2546d253c69649b0561c.css
request GET https://st6-22.vk.com/css/al/vkui.9a6b5aa7dbb00c120b74.css
request GET https://st6-22.vk.com/css/al/base.1c25eeb7ac42cd36d08a.css
request GET https://vk.com/badbrowser_stat.php?act=nomodule
request GET https://st6-22.vk.com/dist/web/polyfills/intersection_observer.0062cad0ff26ba906a55.js?3651dae73da1d676cd37
request GET https://st6-22.vk.com/dist/web/polyfills/resize_observer.233e96db629d43de3623.js?685418a51d9509d705d3
request GET https://st6-22.vk.com/css/al/common.a393edc4164b1b81495c.css
request GET https://st6-22.vk.com/dist/web/polyfills/canvas_to_blob.e77dcc6129127456cc4f.js?6a4a06039f2295cdc4f936f4051ae4d3
request GET https://st6-22.vk.com/dist/web/polyfills/object_functions.06c76fa223949a027bf2.js?e8b681406f943258346d7925b82e6243
request GET https://st6-22.vk.com/dist/web/polyfills/promise_functions.66c5719129d3a45c5b29.js?c08a609e174e79347eaf8c692cf63cf3
request GET https://st6-22.vk.com/dist/web/polyfills/string_functions.d2f7aff1dc899fb950c4.js?06c31459c645dd6049c4d07642d01d54
request GET https://st6-22.vk.com/dist/web/polyfills/element_functions.7f6f4401ad09c642705f.js?f88d496bc9aa020bbceb949a351fa85a
request GET https://st6-22.vk.com/dist/web/polyfills/other_functions.4de689b5f53cdbdebf7d.js?8c0d070969c2bdddf902
request GET https://st6-22.vk.com/dist/web/polyfills/array_functions.5ed53e616feed60bc4e8.js?53b5630d9d361c93a7d8a918fd06d21d
request GET https://st6-22.vk.com/dist/react.6d787991b51243317269.js?cb151ae0d77e1fe8ca23
request GET https://st6-22.vk.com/dist/palette.28ed80ebcd89c370bca4.js?ceacf32c0417ea87ee9e
request GET https://st6-22.vk.com/dist/vkcom-kit.1681489e5ef06505d479.css
request GET https://st6-22.vk.com/css/al/fonts_cnt.a289ed70815ffbd082ae.css
request GET https://st6-22.vk.com/dist/vkui.e4d670f36de4368e7b1a.js?53396daa49f4462b4a11
request GET https://st6-22.vk.com/dist/vkcom-kit.a7d2347300fcdde7314f.js?
request GET https://st6-22.vk.com/dist/common.ca1f22646967566b8a79.js?313ec3f775a31892f568f1d
request GET https://st6-22.vk.com/dist/state-management.a54b236ef99f71c730de.js?503a0b3068ebfc42423d
request GET https://st6-22.vk.com/dist/audioplayer.a025fbbc26f0baaf6890.js?31337e095824bcf8034a4f5
request GET https://st6-22.vk.com/dist/web/common_web.3a98749ca45868f84306.css
request GET https://st6-22.vk.com/dist/web/common_web.c98533736ab3d5f6f60d.js?
request GET https://st6-22.vk.com/css/al/uncommon.431a60ba5d2797d2fdb1.css
request GET https://st6-22.vk.com/dist/web/docs.6d9ff04ed31e8fa804a8.js?cca036aa8769d40ddfa14e3fbd15949c
request GET https://st6-22.vk.com/dist/web/unauthorized.b7057b2c97d6727decd8.js?e26656d2ddb168519bdb1f04edf58369
request GET https://st6-22.vk.com/dist/web/css_types.9345eb394b7d4d7e68a9.js?f6dbdbc1de537596e14e
request GET https://st6-22.vk.com/dist/web/page_layout.5672d3fc73a320a2be06.js?f032491390251591131dd5c0659e5ead
request GET https://st6-22.vk.com/dist/web/ui_common.84e2442a05004320e11f.js?6245ba39b63448019203f2729b74d21f
request GET https://st6-22.vk.com/css/al/ui_common.0a29c544720bdcf89154.css
request GET https://st6-22.vk.com/dist/web/likes.5170c24445a69da4da21.js?ec4d1f4027dfa57b38816d57a184cf8d
request GET https://st6-22.vk.com/dist/web/grip.16ff158c2e1e11fd3b80.js?28c136bb922051f2f6b95a6a08ccc41f
request GET https://st6-22.vk.com/dist/web/performance_observers.2498c067f2dd4f142b98.js?39ba189ff3c74982dba3105279a1e431
request GET https://st6-22.vk.com/dist/web/jobs_devtools_notification.eafd4d4aa0ae5bbfd7e6.js?a73adfb8fd6e0413085d78a67df5c20f
request GET https://vk.com/badbrowser_stat.php?act=track&event=showAlert_atom
request GET https://st6-22.vk.com/images/backlink.gif?4
request GET https://st6-22.vk.com/images/upload.gif
request GET https://vk.com/images/icons/favicons/fav_logo.ico?6
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2628
region_size: 8261632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002b50000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2628
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000003330000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769cd000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769f2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769d4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769f2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefbca5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefbca5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefefc4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefdcd1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769ba000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2628
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000031a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000000007304c000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2628
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000074213000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2712
region_size: 10424320
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002b70000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2712
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000003560000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076a21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769cd000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769f2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769d4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769f2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefbca5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefbca5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefefc4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefdcd1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769ba000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769bf000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769bd000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769bb000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c26000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076d76000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c21000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769c0000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000769ba000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076d4f000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076d5b000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefda37000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefef64000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefef61000
process_handle: 0xffffffffffffffff
1 0 0
Application Crash Process iexplore.exe with pid 2628 crashed
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd4fa49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefdba73c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefd9243bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdbc5295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdbc2799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefdc6af1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefdc6b76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdbc48d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefda50883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefda50ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefda50c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefd90a4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefd91d551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefda5347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefda5122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefda53542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefd91d42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefd91d1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x769c9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x769c98da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefd91d0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefda43e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefd8f0106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefd8f0182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefd4fa49d
registers.r14: 0
registers.r15: 0
registers.rcx: 105767952
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 105773904
registers.r11: 105769712
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1890209178
registers.r13: 0
1 0 0
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\array_functions.5ed53e616feed60bc4e8[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\canvas_to_blob.e77dcc6129127456cc4f[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\other_functions.4de689b5f53cdbdebf7d[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\cookie_manager.8cfe6896e33857a19781[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\react.6d787991b51243317269[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\page_layout.5672d3fc73a320a2be06[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\palette.28ed80ebcd89c370bca4[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\common.ca1f22646967566b8a79[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\unauthorized.b7057b2c97d6727decd8[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\promise_functions.66c5719129d3a45c5b29[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\language.13cbd4193255cbaaab3a[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\resize_observer.233e96db629d43de3623[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\audioplayer.a025fbbc26f0baaf6890[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\vkui.e4d670f36de4368e7b1a[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\polyfills.1881adbf36454e07c9c6[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\css_types.9345eb394b7d4d7e68a9[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\docs.6d9ff04ed31e8fa804a8[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\grip.16ff158c2e1e11fd3b80[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\vkcom-kit.a7d2347300fcdde7314f[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\intersection_observer.0062cad0ff26ba906a55[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\lang17_0[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\performance_observers.2498c067f2dd4f142b98[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\likes.5170c24445a69da4da21[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\px[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\common_web.c98533736ab3d5f6f60d[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\jobs_devtools_notification.eafd4d4aa0ae5bbfd7e6[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\object_functions.06c76fa223949a027bf2[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\state-management.a54b236ef99f71c730de[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\ui_common.84e2442a05004320e11f[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\px[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\element_functions.7f6f4401ad09c642705f[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\string_functions.d2f7aff1dc899fb950c4[1].js
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2712
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x000007fffff60000
process_handle: 0xffffffffffffffff
1 0 0
url https://ssl.pstatic.net/tveta/libs/1287/1287046/6df1cc02334922baa2d4_20200806172035021.jpg
url https://ssl.pstatic.net/static/pwe/common/img_use_mobile_version.png
url http://uk.ask.com/favicon.ico
url https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wWA.woff
url http://crl.identrust.com/DSTROOTCAX3CRL.crl0
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/477.png
url http://www.cnet.com/favicon.ico
url https://castbox.shopping.naver.com/js/lazyload.js
url https://s.pstatic.net/shopping.phinf/20200729_1/2931dd60-1842-4048-a39c-1e3389db4a0e.jpg
url https://st6-22.vk.com/dist/web/polyfills/promise_functions.66c5719129d3a45c5b29.js?c08a609e174e79347eaf8c692cf63cf3
url http://search.hanafos.com/favicon.ico
url https://ssl.pstatic.net/tveta/libs/1298/1298853/743c01d46e807a376d99_20200730182507675.png
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/820.png
url http://search.livedoor.com/favicon.ico
url https://file-examples-com.github.io/uploads/2017/02/file-sample_1MB.doc
url https://s.pstatic.net/shopping.phinf/20211025_16/fb4391ad-80a4-4058-a54e-c294a35d0275.jpg?type=f214_292
url http://blogimgs.naver.com/nblog/skins/happybean/bg-head.gif
url http://www.amazon.co.jp/
url http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
url http://yellowpages.superpages.com/
url https://www.naver.com
url https://s.pstatic.net/shopping.phinf/20211028_9/adf7905c-28ea-4ddf-93b2-aa96dad57752.jpg
url https://s.pstatic.net/shopping.phinf/20200806_26/3cad46ab-3fa4-4756-9e01-d61372890bd0.jpg
url https://s.pstatic.net/dthumb.phinf/?src=%22http%3A%2F%2Fstatic.naver.net%2Fwww%2Fmobile%2Fedit%2F2020%2F0804%2Fmobile_212629657646c.jpg%22
url https://my.sendinblue.com/public/theme/version4/assets/images/loader_sblue.gif
url https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F20211029_1095%2Fupload_163546934024588ZQX.jpg%22
url https://ssl.pstatic.net/static/pwe/nm/sp_mail_setup_140716.png
url http://search.sify.com/
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/410.png
url http://search.msn.com/results.aspx?q=
url https://s.pstatic.net/shopping.phinf/20200731_21/4628ed28-27dc-4586-871c-f7f22524da89.jpg?type=f214_292
url https://s.pstatic.net/imgshopping/static/sb/js/sb/nclktagS01_v1.js?v=2020080314
url https://ssl.pstatic.net/tveta/libs/1299/1299024/c033376e145702a0a471_20200806171156016.jpg
url https://fonts.googleapis.com/css?family=Open
url http://isrg.trustid.ocsp.identrust.com0
url http://si.wikipedia.org/w/api.php?action=opensearch
url http://www.signatur.rtr.at/de/directory/cps.html0
url https://st6-22.vk.com/css/al/common.a393edc4164b1b81495c.css
url http://search.ebay.fr/
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/921.png
url https://st6-22.vk.com/dist/web/polyfills/other_functions.4de689b5f53cdbdebf7d.js?8c0d070969c2bdddf902
url https://file-examples.com/wp-content/themes/file-examples/vendor/font-awesome/fonts/fontawesome-webfont.eot?
url http://www.certplus.com/CRL/class3TS.crl0
url https://s.pstatic.net/shopping.phinf/20200603_16/34b72b79-bb6a-40b2-b35d-ae82e0ee5115.jpg
url http://it.wikipedia.org/favicon.ico
url http://uk.ask.com/
url https://fonts.gstatic.com/s/muli/v22/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30e4.woff
url https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F20211027_1095%2Fupload_1635293110459bqWPi.jpg%22
url https://s.pstatic.net/static/www/img/uit/2020/sp_shop.4e0461.png
url http://blogimgs.naver.com/blog20/blog/layout_photo/viewer2/btn_right.gif
description Create a windows service rule Create_Service
description Communication using DGA rule Network_DGA
description Communications over RAW Socket rule Network_TCP_Socket
description Take ScreenShot rule ScreenShot
description Communications use DNS rule Network_DNS
description Match Windows Inet API call rule Str_Win32_Internet_API
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description PWS Memory rule Generic_PWS_Memory_Zero
description Hijack network configuration rule Hijack_Network
description Record Audio rule Sniff_Audio
description Communications over HTTP rule Network_HTTP
description Steal credential rule local_credential_Steal
description Run a KeyLogger rule KeyLogger
description Communications over P2P network rule Network_P2P_Win
description File Downloader rule Network_Downloader
description Escalate priviledges rule Escalate_priviledges
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerCheck__RemoteAPI
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__ConsoleCtrl
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description (no description) rule Check_Dlls
description Checks if being debugged rule anti_dbg
description Anti-Sandbox checks for ThreatExpert rule antisb_threatExpert
description Bypass DEP rule disable_dep
description Affect hook table rule win_hook
description Install itself for autorun at Windows startup rule Persistence
description Communications over FTP rule Network_FTP
description Match Windows Http API call rule Str_Win32_Http_API
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Create a windows service rule Create_Service
description Communication using DGA rule Network_DGA
description Communications over RAW Socket rule Network_TCP_Socket
description Take ScreenShot rule ScreenShot
description Communications use DNS rule Network_DNS
description Match Windows Inet API call rule Str_Win32_Internet_API
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description PWS Memory rule Generic_PWS_Memory_Zero
description Hijack network configuration rule Hijack_Network
cmdline "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2628 CREDAT:145409
host 117.18.232.200
Process injection Process 2628 resumed a thread in remote process 2712
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x0000000000000334
suspend_count: 1
process_identifier: 2712
1 0 0