popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

https://vk.com/doc139074685_656697243?hash=GreSHrVF38V5DMrObt30SXhfoyeGeBvg8CnZDIzcIZH&dl=GEZTSMBXGQ3DQNI:1677252373:7fah7CGHLPVPdY7cXmr9ZOJbbTO2nDEVBuqWbPIrZxz&api=1&no_preview=1#win1

Downloader FTP Code injection DGA HTTP Socket ScreenShot Hijack Network Create Service KeyLogger Internet API Sniff Audio DNS Escalate priviledges Http API Steal credential persistence P2P MSOffice File AntiVM AntiDebug
  1. Resubmit sample
Category Machine Started Completed
URL s1_win7_x6402 March 5, 2023, 5:55 a.m. March 5, 2023, 6:04 a.m.
URL https://vk.com/doc139074685_656697243?hash=GreSHrVF38V5DMrObt30SXhfoyeGeBvg8CnZDIzcIZH&dl=GEZTSMBXGQ3DQNI:1677252373:7fah7CGHLPVPdY7cXmr9ZOJbbTO2nDEVBuqWbPIrZxz&api=1&no_preview=1#win1

Name Response Post-Analysis Lookup
st6-22.vk.com
A 95.142.206.2
CNAME sun6-22.userapi.com
95.142.206.2
vk.com
A 87.240.129.133
A 87.240.132.72
A 87.240.132.78
A 87.240.137.164
A 93.186.225.194
A 87.240.132.67
93.186.225.194
login.vk.com
A 87.240.129.135
A 87.240.129.181
87.240.129.135
IP Address Status Action
117.18.232.200 Active Moloch
164.124.101.2 Active Moloch
87.240.129.135 Active Moloch
87.240.132.78 Active Moloch
95.142.206.2 Active Moloch

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.102:63709 -> 164.124.101.2:53 2038648 ET INFO URL Shortening Service Domain in DNS Lookup (vk .com) Potentially Bad Traffic
TCP 192.168.56.102:49168 -> 87.240.132.78:443 2038650 ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.102:49178 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49168 -> 87.240.132.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49164 -> 87.240.132.78:443 2038650 ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.102:49164 -> 87.240.132.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49170 -> 87.240.132.78:443 2038650 ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.102:49180 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49170 -> 87.240.132.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49177 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49167 -> 87.240.132.78:443 2038650 ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.102:49167 -> 87.240.132.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49169 -> 87.240.132.78:443 2038650 ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.102:49182 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49169 -> 87.240.132.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49175 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49165 -> 87.240.132.78:443 2038650 ET INFO Observed URL Shortening Service Domain (vk .com in TLS SNI) Potentially Bad Traffic
TCP 192.168.56.102:49165 -> 87.240.132.78:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49173 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49187 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49171 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49172 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49191 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49174 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49176 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49207 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49181 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49208 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49183 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49179 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49184 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49186 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49195 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49213 -> 117.18.232.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49192 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49185 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49203 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49202 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49204 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49209 -> 87.240.129.135:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49206 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49188 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49190 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49193 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49189 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49198 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49200 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49214 -> 117.18.232.200:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49194 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49197 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 117.18.232.200:443 -> 192.168.56.102:49215 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.102:49196 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49199 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49201 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.102:49205 -> 95.142.206.2:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.102:49168
87.240.132.78:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 50:24:2a:d1:17:55:8b:34:61:58:4d:21:51:d3:9a:ae:ce:a7:06:97
TLSv1
192.168.56.102:49178
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49164
87.240.132.78:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 50:24:2a:d1:17:55:8b:34:61:58:4d:21:51:d3:9a:ae:ce:a7:06:97
TLSv1
192.168.56.102:49180
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49170
87.240.132.78:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 50:24:2a:d1:17:55:8b:34:61:58:4d:21:51:d3:9a:ae:ce:a7:06:97
TLSv1
192.168.56.102:49177
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49167
87.240.132.78:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 50:24:2a:d1:17:55:8b:34:61:58:4d:21:51:d3:9a:ae:ce:a7:06:97
TLSv1
192.168.56.102:49182
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49175
95.142.206.2:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 8b:96:fa:92:57:99:e9:b5:8e:63:db:6b:bd:82:24:de:20:13:b6:a0
TLSv1
192.168.56.102:49169
87.240.132.78:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 50:24:2a:d1:17:55:8b:34:61:58:4d:21:51:d3:9a:ae:ce:a7:06:97
TLSv1
192.168.56.102:49165
87.240.132.78:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 50:24:2a:d1:17:55:8b:34:61:58:4d:21:51:d3:9a:ae:ce:a7:06:97
TLSv1
192.168.56.102:49173
95.142.206.2:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 8b:96:fa:92:57:99:e9:b5:8e:63:db:6b:bd:82:24:de:20:13:b6:a0
TLSv1
192.168.56.102:49171
95.142.206.2:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 8b:96:fa:92:57:99:e9:b5:8e:63:db:6b:bd:82:24:de:20:13:b6:a0
TLSv1
192.168.56.102:49187
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49172
95.142.206.2:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 8b:96:fa:92:57:99:e9:b5:8e:63:db:6b:bd:82:24:de:20:13:b6:a0
TLSv1
192.168.56.102:49191
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49174
95.142.206.2:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 8b:96:fa:92:57:99:e9:b5:8e:63:db:6b:bd:82:24:de:20:13:b6:a0
TLSv1
192.168.56.102:49176
95.142.206.2:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 8b:96:fa:92:57:99:e9:b5:8e:63:db:6b:bd:82:24:de:20:13:b6:a0
TLSv1
192.168.56.102:49207
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49181
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49208
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49183
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49179
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49184
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49186
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49195
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49192
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49185
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49203
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49202
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49209
87.240.129.135:443 		C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 C=RU, ST=Saint Petersburg, L=Saint Petersburg, O=V Kontakte LLC, CN=*.vk.com 1a:b2:75:01:32:fe:a4:5c:58:ef:57:24:44:65:8c:a1:8b:d1:fe:c4
TLSv1
192.168.56.102:49204
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49206
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49188
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49190
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49193
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49189
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49198
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49200
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49194
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49197
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49196
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49199
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49201
95.142.206.2:443 		None None None
TLSv1
192.168.56.102:49205
95.142.206.2:443 		None None None

Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefda5a49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefddc73c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefe0043bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdde5295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdde2799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefde8af1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefde8b76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdde48d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefe130883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefe130ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefe130c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefdfea4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefdffd551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefe13347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefe13122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefe133542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefdffd42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefdffd1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x76ba9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x76ba98da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefdffd0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefe123e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefdfd0106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefdfd0182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefda5a49d
registers.r14: 0
registers.r15: 0
registers.rcx: 106621072
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 106627024
registers.r11: 106622832
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1902213288
registers.r13: 0
1 0 0
request GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
request GET https://vk.com/doc139074685_656697243?hash=GreSHrVF38V5DMrObt30SXhfoyeGeBvg8CnZDIzcIZH&dl=GEZTSMBXGQ3DQNI:1677252373:7fah7CGHLPVPdY7cXmr9ZOJbbTO2nDEVBuqWbPIrZxz&api=1&no_preview=1
request GET https://vk.com/js/loader_nav20746467872_17.js
request GET https://vk.com/js/lang17_0.js?27966062
request GET https://vk.com/dist/web/language.13cbd4193255cbaaab3a.js?c9e9113960ae98d68204079f43f790dd
request GET https://vk.com/js/lib/px.js?ch=2
request GET https://vk.com/js/lib/px.js?ch=1
request GET https://st6-22.vk.com/css/al/common.a393edc4164b1b81495c.css
request GET https://st6-22.vk.com/dist/web/polyfills/intersection_observer.0062cad0ff26ba906a55.js?3651dae73da1d676cd37
request GET https://st6-22.vk.com/dist/polyfills.1881adbf36454e07c9c6.js?a69ef34dc1979f8d5126
request GET https://vk.com/badbrowser_stat.php?act=nomodule
request GET https://st6-22.vk.com/css/al/vkui.9a6b5aa7dbb00c120b74.css
request GET https://st6-22.vk.com/dist/web/polyfills/resize_observer.233e96db629d43de3623.js?685418a51d9509d705d3
request GET https://st6-22.vk.com/dist/web/polyfills/canvas_to_blob.e77dcc6129127456cc4f.js?6a4a06039f2295cdc4f936f4051ae4d3
request GET https://st6-22.vk.com/dist/web/polyfills/object_functions.06c76fa223949a027bf2.js?e8b681406f943258346d7925b82e6243
request GET https://st6-22.vk.com/dist/web/polyfills/promise_functions.66c5719129d3a45c5b29.js?c08a609e174e79347eaf8c692cf63cf3
request GET https://st6-22.vk.com/dist/web/polyfills/string_functions.d2f7aff1dc899fb950c4.js?06c31459c645dd6049c4d07642d01d54
request GET https://st6-22.vk.com/css/al/base.1c25eeb7ac42cd36d08a.css
request GET https://st6-22.vk.com/css/al/fonts_cnt.a289ed70815ffbd082ae.css
request GET https://st6-22.vk.com/dist/web/polyfills/element_functions.7f6f4401ad09c642705f.js?f88d496bc9aa020bbceb949a351fa85a
request GET https://st6-22.vk.com/dist/web/polyfills/other_functions.4de689b5f53cdbdebf7d.js?8c0d070969c2bdddf902
request GET https://st6-22.vk.com/dist/web/polyfills/array_functions.5ed53e616feed60bc4e8.js?53b5630d9d361c93a7d8a918fd06d21d
request GET https://st6-22.vk.com/dist/react.6d787991b51243317269.js?cb151ae0d77e1fe8ca23
request GET https://st6-22.vk.com/dist/palette.28ed80ebcd89c370bca4.js?ceacf32c0417ea87ee9e
request GET https://st6-22.vk.com/dist/vkui.e4d670f36de4368e7b1a.js?53396daa49f4462b4a11
request GET https://st6-22.vk.com/css/al/fonts_utf.2546d253c69649b0561c.css
request GET https://st6-22.vk.com/dist/web/polyfills/cookie_manager.8cfe6896e33857a19781.js?0afee3c7b5f648f55648a21de4cfaae9
request GET https://st6-22.vk.com/dist/vkcom-kit.1681489e5ef06505d479.css
request GET https://st6-22.vk.com/dist/vkcom-kit.a7d2347300fcdde7314f.js?
request GET https://st6-22.vk.com/dist/state-management.a54b236ef99f71c730de.js?503a0b3068ebfc42423d
request GET https://st6-22.vk.com/dist/audioplayer.a025fbbc26f0baaf6890.js?31337e095824bcf8034a4f5
request GET https://st6-22.vk.com/dist/web/common_web.3a98749ca45868f84306.css
request GET https://st6-22.vk.com/dist/web/common_web.c98533736ab3d5f6f60d.js?
request GET https://st6-22.vk.com/dist/web/docs.6d9ff04ed31e8fa804a8.js?cca036aa8769d40ddfa14e3fbd15949c
request GET https://st6-22.vk.com/css/al/uncommon.431a60ba5d2797d2fdb1.css
request GET https://st6-22.vk.com/dist/web/performance_observers.2498c067f2dd4f142b98.js?39ba189ff3c74982dba3105279a1e431
request GET https://st6-22.vk.com/dist/web/css_types.9345eb394b7d4d7e68a9.js?f6dbdbc1de537596e14e
request GET https://st6-22.vk.com/dist/web/unauthorized.b7057b2c97d6727decd8.js?e26656d2ddb168519bdb1f04edf58369
request GET https://st6-22.vk.com/dist/web/page_layout.5672d3fc73a320a2be06.js?f032491390251591131dd5c0659e5ead
request GET https://st6-22.vk.com/dist/web/jobs_devtools_notification.eafd4d4aa0ae5bbfd7e6.js?a73adfb8fd6e0413085d78a67df5c20f
request GET https://st6-22.vk.com/css/al/ui_common.0a29c544720bdcf89154.css
request GET https://st6-22.vk.com/dist/web/ui_common.84e2442a05004320e11f.js?6245ba39b63448019203f2729b74d21f
request GET https://st6-22.vk.com/dist/web/likes.5170c24445a69da4da21.js?ec4d1f4027dfa57b38816d57a184cf8d
request GET https://st6-22.vk.com/dist/web/grip.16ff158c2e1e11fd3b80.js?28c136bb922051f2f6b95a6a08ccc41f
request GET https://vk.com/badbrowser_stat.php?act=track&event=showAlert_atom
request GET https://st6-22.vk.com/images/backlink.gif?4
request GET https://st6-22.vk.com/images/upload.gif
request GET https://vk.com/images/icons/favicons/fav_logo.ico?6
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 1604
region_size: 7671808
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000003060000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1604
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000037b0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c01000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c01000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c01000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c01000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c01000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c01000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076bad000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076bd2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076bb4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076bd2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc1d5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc1d5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefdc44000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefdad1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076b9a000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1604
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000003710000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefa1b7000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fef69c9000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 1604
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007feefdc9000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2884
region_size: 9834496
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000002ad0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2884
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000003430000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c01000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c01000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c01000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c01000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c01000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076c01000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076bad000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076bd2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076bb4000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076bd2000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc1d5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefc1d5000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefdc44000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefdad1000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076b9a000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076b9f000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076b9d000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076b9b000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077186000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772d6000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000077181000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076ba0000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0000000076b9a000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772af000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000772bb000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefe117000
process_handle: 0xffffffffffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x000007fefdbe4000
process_handle: 0xffffffffffffffff
1 0 0
Application Crash Process iexplore.exe with pid 1604 crashed
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefda5a49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7fefddc73c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7fefe0043bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7fefdde5295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7fefdde2799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7fefde8af1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7fefde8b76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7fefdde48d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7fefe130883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7fefe130ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7fefe130c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7fefdfea4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7fefdffd551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7fefe13347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7fefe13122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7fefe133542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7fefdffd42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7fefdffd1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x76ba9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x76ba98da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7fefdffd0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7fefe123e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7fefdfd0106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7fefdfd0182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefda5a49d
registers.r14: 0
registers.r15: 0
registers.rcx: 106621072
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 106627024
registers.r11: 106622832
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1902213288
registers.r13: 0
1 0 0
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\string_functions.d2f7aff1dc899fb950c4[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\px[2].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\state-management.a54b236ef99f71c730de[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\cookie_manager.8cfe6896e33857a19781[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\likes.5170c24445a69da4da21[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\grip.16ff158c2e1e11fd3b80[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\palette.28ed80ebcd89c370bca4[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\vkcom-kit.a7d2347300fcdde7314f[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\unauthorized.b7057b2c97d6727decd8[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\promise_functions.66c5719129d3a45c5b29[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\css_types.9345eb394b7d4d7e68a9[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\language.13cbd4193255cbaaab3a[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\element_functions.7f6f4401ad09c642705f[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\react.6d787991b51243317269[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\polyfills.1881adbf36454e07c9c6[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\ui_common.84e2442a05004320e11f[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\audioplayer.a025fbbc26f0baaf6890[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\intersection_observer.0062cad0ff26ba906a55[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\jobs_devtools_notification.eafd4d4aa0ae5bbfd7e6[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\lang17_0[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\array_functions.5ed53e616feed60bc4e8[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\other_functions.4de689b5f53cdbdebf7d[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\vkui.e4d670f36de4368e7b1a[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\px[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\page_layout.5672d3fc73a320a2be06[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\performance_observers.2498c067f2dd4f142b98[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\object_functions.06c76fa223949a027bf2[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\common.ca1f22646967566b8a79[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\docs.6d9ff04ed31e8fa804a8[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\resize_observer.233e96db629d43de3623[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\canvas_to_blob.e77dcc6129127456cc4f[1].js
file C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\common_web.c98533736ab3d5f6f60d[1].js
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2884
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x000007fffff70000
process_handle: 0xffffffffffffffff
1 0 0
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/941.png
url http://www.expedia.com/favicon.ico
url https://s.pstatic.net/shopping.phinf/20211101_9/6565979b-3e08-4e3d-8514-b2a585c9e46e.jpg
url http://uk.ask.com/favicon.ico
url http://www.priceminister.com/
url https://ssl.pstatic.net/static/pwe/common/img_use_mobile_version.png
url http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
url https://s.pstatic.net/static/www/mobile/edit/20210930/mobile_161522481722.png
url http://175.208.134.150:8282/test/test.eml
url http://www.disig.sk/ca/crl/ca_disig.crl0
url http://ru.wikipedia.org/
url http://ocsp.infonotary.com/responder.cgi0V
url http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAIII.crl0
url https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fpost.phinf%2FMjAyMTEwMjhfODMg%2FMDAxNjM1NDI3NzQ2NzIy.2dYtsiaZ54mXegxs67agf9wcR5tmDGp1Y4ohBZFgiUwg.sAd2wiczLBiMlHpQAGWMveuOZYV34C-EKWqJcJjoopsg.PNG%2FItRl8seMrlvR8kMW8HHc2emHOvVs.jpg%22
url http://www.merlin.com.pl/favicon.ico
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/477.png
url http://www.cnet.com/favicon.ico
url https://www.semicolonworld.com/public/editor/styles/simditor.css
url http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAII.crl0
url https://rcaptcha.nid.naver.com/rcaptCss?key=f2ZNjcOIuG0ASz
url https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
url http://crl.oces.certifikat.dk/oces.crl0
url http://www.yceml.net/0559/10408495-1499411010011
url https://ssl.pstatic.net/tveta/libs/1364/1364526/a5068a6f44555ea499da_20211029164146193.jpg
url http://t.static.blog.naver.net/mylog/versioning/JindoComponent-190469086.js
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/529.png
url https://st6-22.vk.com/dist/web/likes.5170c24445a69da4da21.js?ec4d1f4027dfa57b38816d57a184cf8d
url http://blogimgs.naver.net/nblog/mylog/post/btn_cancel3.gif
url https://siape.veta.naver.com/fxshow?su=SU10599
url https://s.pstatic.net/shopping.phinf/20211013_2/ee5c113b-bfae-4cf3-81e3-2ba12403fc6d.jpg
url http://www.usertrust.com1604
url https://ssl.pstatic.net/static/pwe/nm/b.gif
url http://search.nifty.com/
url https://castbox.shopping.naver.com/js/lazyload.js
url https://ssl.pstatic.net/tveta/libs/1339/1339221/f1a87c541e410a8250af_20211006100906815.jpg
url http://ns.adobe.com/exif/1.0/
url https://s.pstatic.net/shopping.phinf/20200729_1/2931dd60-1842-4048-a39c-1e3389db4a0e.jpg
url https://ssl.pstatic.net/static/pwe/nm/spr_vertical_0d25bb77f8.png
url http://www.etmall.com.tw/
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/042.png
url https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F20211012_1095%2Fupload_1634015607233BeFLd.JPEG%22
url http://crl.chambersign.org/publicnotaryroot.crl0
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/056.png
url http://search.goo.ne.jp/
url http://fr.wikipedia.org/favicon.ico
url http://busca.estadao.com.br/favicon.ico
url http://search.hanafos.com/favicon.ico
url https://s.pstatic.net/dthumb.phinf/?src=%22https%3A%2F%2Fs.pstatic.net%2Fstatic%2Fwww%2Fmobile%2Fedit%2F20211029_1095%2Fupload_1635469564183PpB2J.jpg%22
url https://s.pstatic.net/static/newsstand/2020/logo/light/0604/038.png
url http://search.chol.com/favicon.ico
description Create a windows service rule Create_Service
description Communication using DGA rule Network_DGA
description Communications over RAW Socket rule Network_TCP_Socket
description Take ScreenShot rule ScreenShot
description Communications use DNS rule Network_DNS
description Match Windows Inet API call rule Str_Win32_Internet_API
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description PWS Memory rule Generic_PWS_Memory_Zero
description Hijack network configuration rule Hijack_Network
description Record Audio rule Sniff_Audio
description Communications over HTTP rule Network_HTTP
description Steal credential rule local_credential_Steal
description Run a KeyLogger rule KeyLogger
description Communications over P2P network rule Network_P2P_Win
description File Downloader rule Network_Downloader
description Escalate priviledges rule Escalate_priviledges
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerCheck__RemoteAPI
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__ConsoleCtrl
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description (no description) rule Check_Dlls
description Checks if being debugged rule anti_dbg
description Anti-Sandbox checks for ThreatExpert rule antisb_threatExpert
description Bypass DEP rule disable_dep
description Affect hook table rule win_hook
description Install itself for autorun at Windows startup rule Persistence
description Communications over FTP rule Network_FTP
description Match Windows Http API call rule Str_Win32_Http_API
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Create a windows service rule Create_Service
description Communication using DGA rule Network_DGA
description Communications over RAW Socket rule Network_TCP_Socket
description Take ScreenShot rule ScreenShot
description Communications use DNS rule Network_DNS
description Match Windows Inet API call rule Str_Win32_Internet_API
description Code injection with CreateRemoteThread in a remote process rule Code_injection
description PWS Memory rule Generic_PWS_Memory_Zero
description Hijack network configuration rule Hijack_Network
cmdline "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1604 CREDAT:145409
host 117.18.232.200
url http://175.208.134.150:8282/test/test.eml
url http://175.208.134.150:8282/favicon.ico
url http://192.168.3.119/
url https://192.168.3.119/
Process injection Process 1604 resumed a thread in remote process 2884
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x000000000000032c
suspend_count: 1
process_identifier: 2884
1 0 0