Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	April 22, 2023, 8:43 a.m.	April 22, 2023, 8:58 a.m.

Size	302.9KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`3c6363eaa26123a42f5051a443385d1e`
SHA256	`3eed1149a953d30bd605abb73bfb88e2e83a463ce45070b292596575b4107140`
CRC32	`68CBD5B4`
ssdeep	`3072:/iTJagdQYD7GBjarnK/nEaIQrwcNPTNh6aK25HrazOw6CEKr65LizjUu/rNI7gIk:/OagpDn9GJbNw55jUAcbqyO1`
PDB Path	javaaccessbridge.pdb
Yara	UPX_Zero - UPX packed file Win32_Trojan_Gen_2_0904B0_Zero - Win32 Trojan Gen OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature Malicious_Library_Zero - Malicious_Library

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_focusGained
2636
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_focusGained
  604
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate
2544
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate
  2372
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_focusLost
2728
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_focusLost
  2120
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_javaShutdown
2816
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_javaShutdown
  2216
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_jawtGetComponentFromNativeWindowHandle
2908
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_jawtGetComponentFromNativeWindowHandle
  2516
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_jawtGetNativeWindowHandleFromComponent
3000
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_jawtGetNativeWindowHandleFromComponent
  2608
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_menuCanceled
2076
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_menuCanceled
  2656
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_menuDeselected
2244
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_menuDeselected
  2920
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_menuSelected
2740
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_menuSelected
  2976
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_mouseClicked
2984
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_mouseClicked
  2776
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_mouseEntered
2748
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_mouseEntered
  3092
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_mouseExited
2804
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_mouseExited
  3232
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_mousePressed
3124
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_mousePressed
  3336
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_mouseReleased
3292
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_mouseReleased
  3520
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuCanceled
3468
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuCanceled
  3812
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuWillBecomeInvisible
3616
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuWillBecomeInvisible
  3844
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuWillBecomeVisible
3752
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuWillBecomeVisible
  3116
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyActiveDescendentChange
3980
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyActiveDescendentChange
  3400
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyCaretChange
4092
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyCaretChange
  3532
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyChildChange
3272
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyChildChange
  3460
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyDescriptionChange
3648
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyDescriptionChange
  4040
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyNameChange
3916
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyNameChange
  3192
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertySelectionChange
3492
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertySelectionChange
  3900
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyStateChange
3940
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyStateChange
  3164
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyTableModelChange
3508
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyTableModelChange
  1080
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyTextChange
2360
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyTextChange
  4360
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyValueChange
4220
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyValueChange
  4464
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyVisibleDataChange
4320
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_propertyVisibleDataChange
  4520
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_runDLL
4484
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_runDLL
  4716
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,ping
4688
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,ping
  4952
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,
4884

Name	Response	Post-Analysis Lookup
pingwiskot.com	A 80.78.24.30	80.78.24.30

IP Address	Status	Action
164.124.101.2	Active	Moloch
80.78.24.30	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49228 -> 80.78.24.30:80	2032086	ET MALWARE Win32/IcedID Request Cookie	A Network Trojan was detected
TCP 192.168.56.101:49224 -> 80.78.24.30:80	2032086	ET MALWARE Win32/IcedID Request Cookie	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (30 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0
IsDebuggerPresent April 22, 2023, 8:43 a.m.			0	0

This executable has a PDB path (1 event)

pdb_path

javaaccessbridge.pdb

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

_RDATA

One or more processes crashed (29 events)

Time & API	Arguments	Status
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x39a2 797979+0xc1e2 @ 0x7fef433c1e2 lava_com_sun_java_accessibility_internal_AccessBridge_focusGained+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_focusLost-0x6 797979+0xfbc6 @ 0x7fef433fbc6 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 c0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x39a2 797979+0xc1e2 exception.address: 0x7fef433c1e2 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1375696 registers.r11: 1374784 registers.r8: 4288610304 registers.r9: 3260846 registers.rdx: 262432 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936898291938 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x3876 797979+0xc30e @ 0x7fef433c30e lava_com_sun_java_accessibility_internal_AccessBridge_focusLost+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_javaShutdown-0x6 797979+0xfbea @ 0x7fef433fbea rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 c0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x3876 797979+0xc30e exception.address: 0x7fef433c30e registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2685056 registers.r11: 2684144 registers.r8: 4288610304 registers.r9: 4768170 registers.rdx: 524664 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936901175218 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x3ace 797979+0xc0b6 @ 0x7fef433c0b6 lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_focusGained-0x6 797979+0xfba2 @ 0x7fef433fba2 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 c0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x3ace 797979+0xc0b6 exception.address: 0x7fef433c0b6 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2030992 registers.r11: 2030080 registers.r8: 4288610304 registers.r9: 2671022 registers.rdx: 327992 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936897636514 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x16e3 797979+0xe4a1 @ 0x7fef433e4a1 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 4d 8b c8 4c 8b c2 48 89 44 24 20 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x16e3 797979+0xe4a1 exception.address: 0x7fef433e4a1 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2031136 registers.r11: 2030224 registers.r8: 4288610304 registers.r9: 10 registers.rdx: 131454 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936897636738 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: 0x40b82 lava_com_sun_java_accessibility_internal_AccessBridge_jawtGetComponentFromNativeWindowHandle+0x23 lava_com_sun_java_accessibility_internal_AccessBridge_jawtGetNativeWindowHandleFromComponent-0x21 797979+0xfc27 @ 0x7fef433fc27 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: add byte ptr [rax], al exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40b82 registers.r14: 0 registers.r15: 0 registers.rcx: 262466 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1177888 registers.r11: 1176976 registers.r8: 2409012 registers.r9: 10 registers.rdx: 1177248 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 262466 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x3748 797979+0xc43c @ 0x7fef433c43c lava_com_sun_java_accessibility_internal_AccessBridge_menuCanceled+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_menuDeselected-0x6 797979+0xfcce @ 0x7fef433fcce rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 d0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x3748 797979+0xc43c exception.address: 0x7fef433c43c registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2357680 registers.r11: 2356768 registers.r8: 4288610304 registers.r9: 3522992 registers.rdx: 262468 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936901502098 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: 0x40b82 lava_com_sun_java_accessibility_internal_AccessBridge_jawtGetNativeWindowHandleFromComponent+0x23 lava_com_sun_java_accessibility_internal_AccessBridge_menuCanceled-0x45 797979+0xfc6b @ 0x7fef433fc6b rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 exception.instruction: add byte ptr [rax], al exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x40b82 registers.r14: 0 registers.r15: 0 registers.rcx: 262472 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1309488 registers.r11: 1308576 registers.r8: 1950260 registers.r9: 10 registers.rdx: 1308848 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 262472 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x34e8 797979+0xc69c @ 0x7fef433c69c lava_com_sun_java_accessibility_internal_AccessBridge_menuSelected+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_mouseClicked-0x6 797979+0xfd16 @ 0x7fef433fd16 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 d0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x34e8 797979+0xc69c exception.address: 0x7fef433c69c registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1439968 registers.r11: 1439056 registers.r8: 4288610304 registers.r9: 3195312 registers.rdx: 262458 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936898226146 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x3618 797979+0xc56c @ 0x7fef433c56c lava_com_sun_java_accessibility_internal_AccessBridge_menuDeselected+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_menuSelected-0x6 797979+0xfcf2 @ 0x7fef433fcf2 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 d0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x3618 797979+0xc56c exception.address: 0x7fef433c56c registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2161456 registers.r11: 2160544 registers.r8: 4288610304 registers.r9: 2671028 registers.rdx: 262442 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936901700114 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x33ba 797979+0xc7ca @ 0x7fef433c7ca lava_com_sun_java_accessibility_internal_AccessBridge_mouseClicked+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_mouseEntered-0x6 797979+0xfd3a @ 0x7fef433fd3a rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 c0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x33ba 797979+0xc7ca exception.address: 0x7fef433c7ca registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1375392 registers.r11: 1374480 registers.r8: 4288610304 registers.r9: 2212272 registers.rdx: 66052 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936898292626 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x328e 797979+0xc8f6 @ 0x7fef433c8f6 lava_com_sun_java_accessibility_internal_AccessBridge_mouseEntered+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_mouseExited-0x6 797979+0xfd5e @ 0x7fef433fd5e rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 c0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x328e 797979+0xc8f6 exception.address: 0x7fef433c8f6 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1900272 registers.r11: 1899360 registers.r8: 4288610304 registers.r9: 2081200 registers.rdx: 66248 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936897767874 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x3162 797979+0xca22 @ 0x7fef433ca22 lava_com_sun_java_accessibility_internal_AccessBridge_mouseExited+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_mousePressed-0x6 797979+0xfd82 @ 0x7fef433fd82 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 c0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x3162 797979+0xca22 exception.address: 0x7fef433ca22 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1965856 registers.r11: 1964944 registers.r8: 4288610304 registers.r9: 2277806 registers.rdx: 66298 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936897703442 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x3036 797979+0xcb4e @ 0x7fef433cb4e lava_com_sun_java_accessibility_internal_AccessBridge_mousePressed+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_mouseReleased-0x6 797979+0xfda6 @ 0x7fef433fda6 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 c0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x3036 797979+0xcb4e exception.address: 0x7fef433cb4e registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 719648 registers.r11: 718736 registers.r8: 4288610304 registers.r9: 1687984 registers.rdx: 66302 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936898947602 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2f08 797979+0xcc7c @ 0x7fef433cc7c lava_com_sun_java_accessibility_internal_AccessBridge_mouseReleased+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuCanceled-0x6 797979+0xfdca @ 0x7fef433fdca rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 d0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2f08 797979+0xcc7c exception.address: 0x7fef433cc7c registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 784720 registers.r11: 783808 registers.r8: 4288610304 registers.r9: 3326386 registers.rdx: 66306 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936898880626 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2dd8 797979+0xcdac @ 0x7fef433cdac lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuCanceled+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuWillBecomeInvisible-0x6 797979+0xfdee @ 0x7fef433fdee rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 d0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2dd8 797979+0xcdac exception.address: 0x7fef433cdac registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 917376 registers.r11: 916464 registers.r8: 4288610304 registers.r9: 2343386 registers.rdx: 131842 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936898752066 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2ca8 797979+0xcedc @ 0x7fef433cedc lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuWillBecomeInvisible+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuWillBecomeVisible-0x6 797979+0xfe12 @ 0x7fef433fe12 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 d0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2ca8 797979+0xcedc exception.address: 0x7fef433cedc registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2357712 registers.r11: 2356800 registers.r8: 4288610304 registers.r9: 4375040 registers.rdx: 66406 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936901502194 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2b78 797979+0xd00c @ 0x7fef433d00c lava_com_sun_java_accessibility_internal_AccessBridge_popupMenuWillBecomeVisible+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_propertyActiveDescendentChange-0x6 797979+0xfe36 @ 0x7fef433fe36 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 41 08 49 8b e9 4c 8b b4 24 d0 00 00 00 48 exception.instruction: mov rax, qword ptr [rcx + 8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2b78 797979+0xd00c exception.address: 0x7fef433d00c registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1964832 registers.r11: 1963920 registers.r8: 4288610304 registers.r9: 2343420 registers.rdx: 66474 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936897702434 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2a07 797979+0xd17d @ 0x7fef433d17d lava_com_sun_java_accessibility_internal_AccessBridge_propertyActiveDescendentChange+0x32 lava_com_sun_java_accessibility_internal_AccessBridge_propertyCaretChange-0x6 797979+0xfe6e @ 0x7fef433fe6e rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 5e 10 48 85 db 75 0c 48 8d 0d 4b 68 02 00 exception.instruction: mov rbx, qword ptr [rsi + 0x10] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2a07 797979+0xd17d exception.address: 0x7fef433d17d registers.r14: 0 registers.r15: 0 registers.rcx: 8791600291344 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1046896 registers.r11: 1045984 registers.r8: 4288610304 registers.r9: 1360388 registers.rdx: 66478 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1046072 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x278f 797979+0xd3f5 @ 0x7fef433d3f5 lava_com_sun_java_accessibility_internal_AccessBridge_propertyChildChange+0x32 lava_com_sun_java_accessibility_internal_AccessBridge_propertyDescriptionChange-0x6 797979+0xfeda @ 0x7fef433feda rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 5e 10 48 85 db 75 0c 48 8d 0d d3 65 02 00 exception.instruction: mov rbx, qword ptr [rsi + 0x10] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x278f 797979+0xd3f5 exception.address: 0x7fef433d3f5 registers.r14: 0 registers.r15: 0 registers.rcx: 8791600291008 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293104 registers.r11: 2292192 registers.r8: 4288610304 registers.r9: 2867678 registers.rdx: 66480 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2292280 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x28b2 797979+0xd2d2 @ 0x7fef433d2d2 lava_com_sun_java_accessibility_internal_AccessBridge_propertyCaretChange+0x2e lava_com_sun_java_accessibility_internal_AccessBridge_propertyChildChange-0x6 797979+0xfea2 @ 0x7fef433fea2 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 5f 10 48 85 db 75 0c 48 8d 0d f6 66 02 00 exception.instruction: mov rbx, qword ptr [rdi + 0x10] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x28b2 797979+0xd2d2 exception.address: 0x7fef433d2d2 registers.r14: 0 registers.r15: 0 registers.rcx: 8791600289376 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1243424 registers.r11: 1242512 registers.r8: 4288610304 registers.r9: 3457502 registers.rdx: 66486 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1242616 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2632 797979+0xd552 @ 0x7fef433d552 lava_com_sun_java_accessibility_internal_AccessBridge_propertyDescriptionChange+0x32 lava_com_sun_java_accessibility_internal_AccessBridge_propertyNameChange-0x6 797979+0xff12 @ 0x7fef433ff12 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 7e 10 48 85 ff 75 0c 48 8d 0d 76 64 02 00 exception.instruction: mov rdi, qword ptr [rsi + 0x10] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2632 797979+0xd552 exception.address: 0x7fef433d552 registers.r14: 0 registers.r15: 0 registers.rcx: 8791600289648 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2488896 registers.r11: 2487984 registers.r8: 4288610304 registers.r9: 1098234 registers.rdx: 66618 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2487048 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x240a 797979+0xd77a @ 0x7fef433d77a lava_com_sun_java_accessibility_internal_AccessBridge_propertyNameChange+0x32 lava_com_sun_java_accessibility_internal_AccessBridge_propertySelectionChange-0x6 797979+0xff4a @ 0x7fef433ff4a rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 7e 10 48 85 ff 75 0c 48 8d 0d 4e 62 02 00 exception.instruction: mov rdi, qword ptr [rsi + 0x10] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x240a 797979+0xd77a exception.address: 0x7fef433d77a registers.r14: 0 registers.r15: 0 registers.rcx: 8791600289952 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2619808 registers.r11: 2618896 registers.r8: 4288610304 registers.r9: 4833756 registers.rdx: 66622 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2617960 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2208 797979+0xd97c @ 0x7fef433d97c lava_com_sun_java_accessibility_internal_AccessBridge_propertySelectionChange+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_propertyStateChange-0x6 797979+0xff6e @ 0x7fef433ff6e rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 5f 10 48 85 db 75 0c 48 8d 0d 4c 60 02 00 exception.instruction: mov rbx, qword ptr [rdi + 0x10] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x2208 797979+0xd97c exception.address: 0x7fef433d97c registers.r14: 0 registers.r15: 0 registers.rcx: 8791600290192 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1834432 registers.r11: 1833520 registers.r8: 4288610304 registers.r9: 3129830 registers.rdx: 66690 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1833672 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x1ec6 797979+0xdcbe @ 0x7fef433dcbe lava_com_sun_java_accessibility_internal_AccessBridge_propertyTableModelChange+0x32 lava_com_sun_java_accessibility_internal_AccessBridge_propertyTextChange-0x6 797979+0xffde @ 0x7fef433ffde rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 7e 10 48 85 ff 75 0c 48 8d 0d 0a 5d 02 00 exception.instruction: mov rdi, qword ptr [rsi + 0x10] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x1ec6 797979+0xdcbe exception.address: 0x7fef433dcbe registers.r14: 0 registers.r15: 0 registers.rcx: 8791600291680 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2358240 registers.r11: 2357328 registers.r8: 4288610304 registers.r9: 3326456 registers.rdx: 66694 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2356392 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x20ee 797979+0xda96 @ 0x7fef433da96 lava_com_sun_java_accessibility_internal_AccessBridge_propertyStateChange+0x32 lava_com_sun_java_accessibility_internal_AccessBridge_propertyTableModelChange-0x6 797979+0xffa6 @ 0x7fef433ffa6 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 7e 10 48 85 ff 75 0c 48 8d 0d 32 5f 02 00 exception.instruction: mov rdi, qword ptr [rsi + 0x10] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x20ee 797979+0xda96 exception.address: 0x7fef433da96 registers.r14: 0 registers.r15: 0 registers.rcx: 8791600290352 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1636800 registers.r11: 1635888 registers.r8: 4288610304 registers.r9: 3785182 registers.rdx: 66696 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1634952 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x1cc0 797979+0xdec4 @ 0x7fef433dec4 lava_com_sun_java_accessibility_internal_AccessBridge_propertyTextChange+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_propertyValueChange-0x6 797979+0x10002 @ 0x7fef4340002 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 5f 10 48 85 db 75 0c 48 8d 0d 04 5b 02 00 exception.instruction: mov rbx, qword ptr [rdi + 0x10] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x1cc0 797979+0xdec4 exception.address: 0x7fef433dec4 registers.r14: 0 registers.r15: 0 registers.rcx: 8791600290512 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1113088 registers.r11: 1112176 registers.r8: 4288610304 registers.r9: 2539996 registers.rdx: 66702 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1112328 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x19a4 797979+0xe1e0 @ 0x7fef433e1e0 lava_com_sun_java_accessibility_internal_AccessBridge_propertyVisibleDataChange+0x1e lava_com_sun_java_accessibility_internal_AccessBridge_runDLL-0x6 797979+0x1005e @ 0x7fef434005e rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 5f 10 48 85 db 75 0c 48 8d 0d e8 57 02 00 exception.instruction: mov rbx, qword ptr [rdi + 0x10] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x19a4 797979+0xe1e0 exception.address: 0x7fef433e1e0 registers.r14: 0 registers.r15: 0 registers.rcx: 8791600290832 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2293152 registers.r11: 2292240 registers.r8: 4288610304 registers.r9: 3523066 registers.rdx: 66772 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2292392 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x1ba6 797979+0xdfde @ 0x7fef433dfde lava_com_sun_java_accessibility_internal_AccessBridge_propertyValueChange+0x32 lava_com_sun_java_accessibility_internal_AccessBridge_propertyVisibleDataChange-0x6 797979+0x1003a @ 0x7fef434003a rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 8b 7e 10 48 85 ff 75 0c 48 8d 0d ea 59 02 00 exception.instruction: mov rdi, qword ptr [rsi + 0x10] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x1ba6 797979+0xdfde exception.address: 0x7fef433dfde registers.r14: 0 registers.r15: 0 registers.rcx: 8791600290672 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1374640 registers.r11: 1373728 registers.r8: 4288610304 registers.r9: 1753566 registers.rdx: 66802 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1372792 registers.r13: 0	1
__exception__ April 22, 2023, 8:43 a.m.	stacktrace: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x186d 797979+0xe317 @ 0x7fef433e317 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: ff 90 d8 06 00 00 85 c0 0f 85 47 01 00 00 48 8b exception.instruction: call qword ptr [rax + 0x6d8] exception.exception_code: 0xc0000005 exception.symbol: lava_com_sun_java_accessibility_internal_AccessBridge_caretUpdate-0x186d 797979+0xe317 exception.address: 0x7fef433e317 registers.r14: 0 registers.r15: 0 registers.rcx: 66806 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 851072 registers.r11: 850160 registers.r8: 4288610304 registers.r9: 10 registers.rdx: 24 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

GET method with no useragent header

suspicious_request

GET http://pingwiskot.com/

Performs some HTTP requests (1 event)

request

GET http://pingwiskot.com/

Allocates read-write-execute memory (usually to unpack itself) (30 events)

Time & API	Arguments	Status
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 604 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 2120 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 2372 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 2216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 2516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 2656 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 2608 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 2976 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 2920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 2776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 3092 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 3232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 3336 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 3520 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 3812 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 3844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 3116 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 3400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 3460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 3532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 4040 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 3192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 3900 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 1080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 3164 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 4360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 4520 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 4464 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 4716 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 4952 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1

A process attempted to delay the analysis task. (1 event)

description

rundll32.exe tried to sleep 178 seconds, actually delayed analysis time by 178 seconds

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory April 22, 2023, 8:43 a.m.	process_identifier: 4952 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 16384 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x0000000001e00000 process_handle: 0xffffffffffffffff	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00006000', u'virtual_address': u'0x00048000', u'entropy': 7.00551987873516, u'name': u'.reloc', u'virtual_size': u'0x000056b2'}

entropy

7.00551987874

description

A section with a high entropy has been found

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

"C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\797979.dll,lava_com_sun_java_accessibility_internal_AccessBridge_javaShutdown

File has been identified by 16 AntiVirus engines on VirusTotal as malicious (16 events)

CrowdStrike	win/malicious_confidence_100% (W)
Symantec	ML.Attribute.HighConfidence
Kaspersky	Trojan-Banker.Win32.IcedID.uokc
Rising	Trojan.IcedID!8.102AF (CLOUD)
TrendMicro	TrojanSpy.Win64.ICEDID.YXDDUZ
McAfee-GW-Edition	BehavesLike.Win64.Infected.fh
Sophos	Mal/Generic-S
GData	Win32.Trojan-Downloader.IcedID.VXL7DN
Webroot	W32.Trojan.Gen
ZoneAlarm	Trojan-Banker.Win32.IcedID.uokc
Microsoft	Trojan:Win32/Tasker!MTB
McAfee	Artemis!3C6363EAA261
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TrojanSpy.Win64.ICEDID.YXDDUZ
Ikarus	Win32.Outbreak
DeepInstinct	MALICIOUS

797979.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All