Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 14, 2023, 7:38 p.m.	June 14, 2023, 7:38 p.m.

Size	313.0KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`b904bd494f4eee2a317404eb1cc1162e`
SHA256	`a6f1edb5183a7c82e8965634f04bb55fc4e528df620deb4cb2e5fe34c93042ba`
CRC32	`C2A51166`
ssdeep	`6144:5xb8ZqekwkREHYuRP/4Th3gpjMl6x/Vlhg2U7V50DErMEhoI1+hRRw9mb:5xb8ZqekwkJPaThgyDChXohRRw6`
PDB Path	C:\tools\msys64\home\micro\src\libsodium\bin\x64\Release\v141\dynamic\libsodium.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_abytes
108
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_abytes
  2496
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_decrypt
2236
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_decrypt
  2548
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_beforenm
2144
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_beforenm
  2608
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_decrypt_afternm
2324
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_decrypt_afternm
  2640
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_decrypt_detached
2416
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_decrypt_detached
  2792
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_decrypt_detached_afternm
2576
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_decrypt_detached_afternm
  2856
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_encrypt
2772
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_encrypt
  2972
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_encrypt_afternm
2952
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_encrypt_afternm
  2492
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_encrypt_detached
2180
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_encrypt_detached
  2544
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_encrypt_detached_afternm
2408
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_encrypt_detached_afternm
  2944
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_is_available
2872
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_is_available
  2368
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_keybytes
2292
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_keybytes
  2376
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_keygen
3012
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_keygen
  2464
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_messagebytes_max
2536
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_messagebytes_max
  2788
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_npubbytes
1836
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_npubbytes
  3104
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_nsecbytes
2164
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_nsecbytes
  3316
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_statebytes
3208
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_aes256gcm_statebytes
  3488
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_abytes
3308
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_abytes
  3532
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_decrypt
3440
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_decrypt
  3724
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_decrypt_detached
3612
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_decrypt_detached
  3792
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_encrypt
3712
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_encrypt
  3936
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_encrypt_detached
3892
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_encrypt_detached
  3164
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_abytes
4048
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_abytes
  3380
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_decrypt
3272
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_decrypt
  3600
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_decrypt_detached
3520
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_decrypt_detached
  3836
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_encrypt
3884
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_encrypt
  3120
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_encrypt_detached
4088
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_encrypt_detached
  3676
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_keybytes
3368
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_keybytes
  1940
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_keygen
3912
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_keygen
  3560
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_messagebytes_max
3352
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_messagebytes_max
  3808
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_npubbytes
3288
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_npubbytes
  3764
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_nsecbytes
2832
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_ietf_nsecbytes
  4276
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_keybytes
3384
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_keybytes
  4324
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_keygen
4208
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_keygen
  4744
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_messagebytes_max
4372
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_messagebytes_max
  4524
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_npubbytes
4476
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_npubbytes
  4832
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_nsecbytes
4620
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_chacha20poly1305_nsecbytes
  4804
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_abytes
4712
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_abytes
  5060
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt
4932
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt
  3816
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt_detached
5032
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt_detached
  4292
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt
4132
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt
  4488
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt_detached
4420
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt_detached
  4736
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_keybytes
4268
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_keybytes
  4396
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_keygen
4976
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_keygen
  4700
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_messagebytes_max
5108
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_messagebytes_max
  4916
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_npubbytes
4308
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_npubbytes
  5104
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_nsecbytes
4320
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_aead_xchacha20poly1305_ietf_nsecbytes
  4716
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth
3240
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth
  4728
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_bytes
4768
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_bytes
  4280
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256
4228
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256
  4368
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_bytes
4956
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_bytes
  4972
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_final
5012
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_final
  5180
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_init
5144
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_init
  5424
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_keybytes
5292
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_keybytes
  5516
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_keygen
5468
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_keygen
  5744
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_statebytes
5620
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_statebytes
  5788
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_update
5736
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_update
  5988
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_verify
5916
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha256_verify
  6096
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512
6048
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512
  5488
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256
5236
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256
  5700
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_bytes
5396
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_bytes
  5936
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_final
5644
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_final
  6064
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_init
5928
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_init
  5604
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_keybytes
5224
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_keybytes
  5768
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_keygen
5836
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_keygen
  5716
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_statebytes
6076
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_statebytes
  5200
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_update
5568
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_update
  5444
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_verify
5176
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512256_verify
  5316
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512_bytes
6072
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512_final
6240
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\berr.php.dll,rrypto_auth_hmacsha512_init
6396

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (50 out of 68 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0
IsDebuggerPresent June 14, 2023, 7:38 p.m.			0	0

This executable has a PDB path (1 event)

pdb_path

C:\tools\msys64\home\micro\src\libsodium\bin\x64\Release\v141\dynamic\libsodium.pdb

One or more processes crashed (39 events)

Time & API	Arguments	Status
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x4d0 rrypto_aead_aes256gcm_encrypt-0xeb0 berr+0x26d20 @ 0x7fef3eb6d20 rrypto_aead_aes256gcm_decrypt_afternm+0x7d rrypto_aead_aes256gcm_decrypt_detached-0x23 berr+0x2676d @ 0x7fef3eb676d rrypto_aead_aes256gcm_decrypt+0x92 rrypto_aead_aes256gcm_decrypt_afternm-0x3e berr+0x266b2 @ 0x7fef3eb66b2 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x4d0 rrypto_aead_aes256gcm_encrypt-0xeb0 berr+0x26d20 exception.address: 0x7fef3eb6d20 registers.r14: 0 registers.r15: 0 registers.rcx: 37865 registers.rsi: 0 registers.r10: 2555146 registers.rbx: 0 registers.rsp: 2555600 registers.r11: 2554296 registers.r8: 10 registers.r9: 2555136 registers.rdx: 4374986 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2686992 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_aead_aes256gcm_beforenm+0x1f rrypto_aead_aes256gcm_decrypt-0x81 berr+0x2659f @ 0x7fef3eb659f rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 66 0f 38 dc 4a 10 66 0f 38 dc 4a 20 66 0f 38 dc exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_beforenm+0x1f rrypto_aead_aes256gcm_decrypt-0x81 berr+0x2659f exception.address: 0x7fef3eb659f registers.r14: 0 registers.r15: 0 registers.rcx: 4288610304 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1048448 registers.r11: 1047536 registers.r8: 2081228 registers.r9: 10 registers.rdx: 65892 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x103 rrypto_aead_aes256gcm_encrypt-0x127d berr+0x26953 @ 0x7fef3eb6953 rrypto_aead_aes256gcm_decrypt_afternm+0x7d rrypto_aead_aes256gcm_decrypt_detached-0x23 berr+0x2676d @ 0x7fef3eb676d rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 66 41 0f ef 4d 00 66 41 0f 6f c1 66 41 0f 38 dc exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x103 rrypto_aead_aes256gcm_encrypt-0x127d berr+0x26953 exception.address: 0x7fef3eb6953 registers.r14: 0 registers.r15: 0 registers.rcx: 65890 registers.rsi: 0 registers.r10: 2029450 registers.rbx: 0 registers.rsp: 2029904 registers.r11: 2029256 registers.r8: 10 registers.r9: 2029440 registers.rdx: 3916282 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 16235520 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x4d0 rrypto_aead_aes256gcm_encrypt-0xeb0 berr+0x26d20 @ 0x7fef3eb6d20 rrypto_aead_aes256gcm_decrypt_detached+0x92 rrypto_aead_aes256gcm_decrypt_detached_afternm-0x2e berr+0x26822 @ 0x7fef3eb6822 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x4d0 rrypto_aead_aes256gcm_encrypt-0xeb0 berr+0x26d20 exception.address: 0x7fef3eb6d20 registers.r14: 0 registers.r15: 0 registers.rcx: 26522 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1703152 registers.r11: 1701944 registers.r8: 2015740 registers.r9: 10 registers.rdx: 4288610304 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1708016 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x103 rrypto_aead_aes256gcm_encrypt-0x127d berr+0x26953 @ 0x7fef3eb6953 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 66 41 0f ef 4d 00 66 41 0f 6f c1 66 41 0f 38 dc exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x103 rrypto_aead_aes256gcm_encrypt-0x127d berr+0x26953 exception.address: 0x7fef3eb6953 registers.r14: 0 registers.r15: 0 registers.rcx: 131434 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1965408 registers.r11: 1964856 registers.r8: 3260956 registers.r9: 10 registers.rdx: 4288610304 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 80 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 berr+0x282e0 @ 0x7fef3eb82e0 rrypto_aead_aes256gcm_encrypt_afternm+0x61 rrypto_aead_aes256gcm_encrypt_detached-0x1f berr+0x27d01 @ 0x7fef3eb7d01 rrypto_aead_aes256gcm_encrypt+0x8f rrypto_aead_aes256gcm_encrypt_afternm-0x41 berr+0x27c5f @ 0x7fef3eb7c5f rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 berr+0x282e0 exception.address: 0x7fef3eb82e0 registers.r14: 0 registers.r15: 0 registers.rcx: 22450 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1570816 registers.r11: 1569496 registers.r8: 0 registers.r9: 1569696 registers.rdx: 1570368 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1703968 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x12e rrypto_aead_aes256gcm_is_available-0x1232 berr+0x27f0e @ 0x7fef3eb7f0e rrypto_aead_aes256gcm_encrypt_afternm+0x61 rrypto_aead_aes256gcm_encrypt_detached-0x1f berr+0x27d01 @ 0x7fef3eb7d01 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 66 41 0f ef 4d 00 66 41 0f 38 dc 09 66 41 0f 38 exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x12e rrypto_aead_aes256gcm_is_available-0x1232 berr+0x27f0e exception.address: 0x7fef3eb7f0e registers.r14: 0 registers.r15: 0 registers.rcx: 66138 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1703216 registers.r11: 1702568 registers.r8: 0 registers.r9: 3785226 registers.rdx: 1702784 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 13622400 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 berr+0x282e0 @ 0x7fef3eb82e0 rrypto_aead_aes256gcm_encrypt_detached+0x9c rrypto_aead_aes256gcm_encrypt_detached_afternm-0x24 berr+0x27dbc @ 0x7fef3eb7dbc rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 berr+0x282e0 exception.address: 0x7fef3eb82e0 registers.r14: 0 registers.r15: 0 registers.rcx: 14236 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 916800 registers.r11: 915576 registers.r8: 1688060 registers.r9: 915680 registers.rdx: 916288 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 921600 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 berr+0x282e0 @ 0x7fef3eb82e0 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 berr+0x282e0 exception.address: 0x7fef3eb82e0 registers.r14: 0 registers.r15: 0 registers.rcx: 34745 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2357456 registers.r11: 2356904 registers.r8: 4047388 registers.r9: 4047216 registers.rdx: 2356992 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2490384 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 197314 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 2029768 registers.r11: 2029504 registers.r8: 2539976 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 2539824 registers.rdi: 197314 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 393958 registers.r15: 2277914 registers.rcx: 2029888 registers.rsi: 2030128 registers.r10: 8791771393930 registers.rbx: 64 registers.rsp: 2029416 registers.r11: 2029664 registers.r8: 64 registers.r9: 0 registers.rdx: 0 registers.r12: 8791771393930 registers.rbp: 10 registers.rdi: 2029888 registers.rax: 19221 registers.r13: 2277914	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 66282 registers.r15: 10 registers.rcx: 2292560 registers.rsi: 2292890 registers.r10: 8791771393930 registers.rbx: 64 registers.rsp: 2292088 registers.r11: 10 registers.r8: 64 registers.r9: 0 registers.rdx: 0 registers.r12: 8791771393930 registers.rbp: 2292880 registers.rdi: 2292560 registers.rax: 19221 registers.r13: 2933240	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 1884664 registers.r15: 66290 registers.rcx: 1047328 registers.rsi: 1884664 registers.r10: 8791771393930 registers.rbx: 64 registers.rsp: 1046872 registers.r11: 1047216 registers.r8: 64 registers.r9: 0 registers.rdx: 0 registers.r12: 66300 registers.rbp: 8791771393930 registers.rdi: 1047328 registers.rax: 19221 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 10 registers.r15: 66362 registers.rcx: 981312 registers.rsi: 2802016 registers.r10: 2802202 registers.rbx: 64 registers.rsp: 980856 registers.r11: 981104 registers.r8: 64 registers.r9: 0 registers.rdx: 0 registers.r12: 4288610304 registers.rbp: 2802202 registers.rdi: 981312 registers.rax: 7536741 registers.r13: 2802202	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 197438 registers.r15: 10 registers.rcx: 1373456 registers.rsi: 1373786 registers.r10: 8791771393930 registers.rbx: 64 registers.rsp: 1372984 registers.r11: 10 registers.r8: 64 registers.r9: 3588626 registers.rdx: 0 registers.r12: 8791771393930 registers.rbp: 1373776 registers.rdi: 1373456 registers.rax: 4144335688 registers.r13: 3588626	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 66436 registers.r15: 3326532 registers.rcx: 1505568 registers.rsi: 1505808 registers.r10: 8791771393930 registers.rbx: 64 registers.rsp: 1505096 registers.r11: 1505344 registers.r8: 64 registers.r9: 3326532 registers.rdx: 0 registers.r12: 8791771393930 registers.rbp: 10 registers.rdi: 1505568 registers.rax: 4144335688 registers.r13: 3326532	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 3457554 registers.r15: 66472 registers.rcx: 2226800 registers.rsi: 8791771393930 registers.r10: 8791771393930 registers.rbx: 64 registers.rsp: 2226344 registers.r11: 2226688 registers.r8: 64 registers.r9: 3457554 registers.rdx: 0 registers.r12: 66482 registers.rbp: 3457554 registers.rdi: 2226800 registers.rax: 4144335688 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 10 registers.r15: 66476 registers.rcx: 2423984 registers.rsi: 3457604 registers.r10: 3457604 registers.rbx: 64 registers.rsp: 2423528 registers.r11: 2423776 registers.r8: 64 registers.r9: 3457408 registers.rdx: 0 registers.r12: 4288610304 registers.rbp: 3457408 registers.rdi: 2423984 registers.rax: 268478487 registers.r13: 3457604	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 132048 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 1440760 registers.r11: 1440496 registers.r8: 1622544 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 1622368 registers.rdi: 132048 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 459762 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 2686024 registers.r11: 2685760 registers.r8: 3850742 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 3850576 registers.rdi: 459762 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 525300 registers.r15: 10 registers.rcx: 2684944 registers.rsi: 2685482 registers.r10: 2685168 registers.rbx: 64 registers.rsp: 2684472 registers.r11: 3415290100 registers.r8: 64 registers.r9: 2685184 registers.rdx: 0 registers.r12: 2685168 registers.rbp: 2685472 registers.rdi: 2684944 registers.rax: 611617608 registers.r13: 2685184	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 263158 registers.r15: 2343494 registers.rcx: 1702320 registers.rsi: 1702768 registers.r10: 1702544 registers.rbx: 64 registers.rsp: 1701848 registers.r11: 3133170975 registers.r8: 64 registers.r9: 1702560 registers.rdx: 0 registers.r12: 1702544 registers.rbp: 10 registers.rdi: 1702320 registers.rax: 611617608 registers.r13: 1702560	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 2081300 registers.r15: 66578 registers.rcx: 1439152 registers.rsi: 1439392 registers.r10: 1439392 registers.rbx: 64 registers.rsp: 1438696 registers.r11: 4055614201 registers.r8: 64 registers.r9: 1439408 registers.rdx: 0 registers.r12: 66588 registers.rbp: 66588 registers.rdi: 1439152 registers.rax: 611617608 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 10 registers.r15: 66626 registers.rcx: 2750592 registers.rsi: 2750832 registers.r10: 2750832 registers.rbx: 64 registers.rsp: 2750136 registers.r11: 3847617273 registers.r8: 64 registers.r9: 2750848 registers.rdx: 0 registers.r12: 4288610304 registers.rbp: 4288610304 registers.rdi: 2750592 registers.rax: 0 registers.r13: 4899398	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 393724 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 1964152 registers.r11: 1963888 registers.r8: 2540050 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 2539872 registers.rdi: 393724 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 2356784 registers.r15: 0 registers.rcx: 2356496 registers.rsi: 10 registers.r10: 0 registers.rbx: 4288610304 registers.rsp: 2356456 registers.r11: 2356880 registers.r8: 128 registers.r9: 10 registers.rdx: 54 registers.r12: 10 registers.rbp: 2356649 registers.rdi: 32 registers.rax: 0 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_auth_hmacsha256_init+0x15a rrypto_auth_hmacsha256_update-0x186 berr+0x1688a @ 0x7fef3ea688a rrypto_auth_hmacsha256+0x39 rrypto_auth_hmacsha256_final-0x47 berr+0x16669 @ 0x7fef3ea6669 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 41 0f b6 04 08 30 01 48 3b d7 72 ea 41 b8 40 00 exception.instruction: movzx eax, byte ptr [r8 + rcx] exception.exception_code: 0xc0000005 exception.symbol: rrypto_auth_hmacsha256_init+0x15a rrypto_auth_hmacsha256_update-0x186 berr+0x1688a exception.address: 0x7fef3ea688a registers.r14: 0 registers.r15: 0 registers.rcx: 1898080 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1899072 registers.r11: 1898160 registers.r8: -1898070 registers.r9: 10 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1898080 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_hash_sha256_statebytes+0xdd4 rrypto_hash_sha256-0x2c berr+0x25994 @ 0x7fef3eb5994 rrypto_hash_sha256_final+0x40 rrypto_hash_sha256_init-0x40 berr+0x25a70 @ 0x7fef3eb5a70 rrypto_auth_hmacsha256_final+0x49 rrypto_auth_hmacsha256_init-0x37 berr+0x166f9 @ 0x7fef3ea66f9 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 88 48 01 48 8d 40 04 c1 e9 08 88 48 fc c1 e9 08 exception.instruction: mov byte ptr [rax + 1], cl exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_sha256_statebytes+0xdd4 rrypto_hash_sha256-0x2c berr+0x25994 exception.address: 0x7fef3eb5994 registers.r14: 0 registers.r15: 0 registers.rcx: 3935891218 registers.rsi: 0 registers.r10: 849488 registers.rbx: 0 registers.rsp: 850256 registers.r11: 2261292434 registers.r8: 8 registers.r9: 849524 registers.rdx: -4288477960 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4288610306 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_hash_sha256_statebytes+0xd90 rrypto_hash_sha256-0x70 berr+0x25950 @ 0x7fef3eb5950 rrypto_hash_sha256_statebytes+0x185 rrypto_hash_sha256-0xc7b berr+0x24d45 @ 0x7fef3eb4d45 rrypto_hash_sha256_update+0x118 rrypto_aead_xchacha20poly1305_ietf_decrypt-0x3e8 berr+0x25be8 @ 0x7fef3eb5be8 rrypto_auth_hmacsha256_init+0x43 rrypto_auth_hmacsha256_update-0x29d berr+0x16773 @ 0x7fef3ea6773 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 0f b6 48 ff 0f b6 50 fe 48 8d 40 04 c1 e2 08 0b exception.instruction: movzx ecx, byte ptr [rax + 0xffffffffffffffff] exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_sha256_statebytes+0xd90 rrypto_hash_sha256-0x70 berr+0x25950 exception.address: 0x7fef3eb5950 registers.r14: 0 registers.r15: 0 registers.rcx: -4286575744 registers.rsi: 0 registers.r10: 132308 registers.rbx: 0 registers.rsp: 2097088 registers.r11: 2893861314 registers.r8: 16 registers.r9: -4286575746 registers.rdx: 4288671744 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4288671746 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 132344 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 1440648 registers.r11: 1440384 registers.r8: 1950154 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 1950000 registers.rdi: 132344 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_hash_sha256_statebytes+0xd90 rrypto_hash_sha256-0x70 berr+0x25950 @ 0x7fef3eb5950 rrypto_hash_sha256_statebytes+0x185 rrypto_hash_sha256-0xc7b berr+0x24d45 @ 0x7fef3eb4d45 rrypto_hash_sha256_update+0x118 rrypto_aead_xchacha20poly1305_ietf_decrypt-0x3e8 berr+0x25be8 @ 0x7fef3eb5be8 rrypto_auth_hmacsha256_update+0x9 rrypto_auth_hmacsha256_verify-0x7 berr+0x16a19 @ 0x7fef3ea6a19 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 0f b6 48 ff 0f b6 50 fe 48 8d 40 04 c1 e2 08 0b exception.instruction: movzx ecx, byte ptr [rax + 0xffffffffffffffff] exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_sha256_statebytes+0xd90 rrypto_hash_sha256-0x70 berr+0x25950 exception.address: 0x7fef3eb5950 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 132348 registers.rbx: 0 registers.rsp: 785232 registers.r11: 2793985072 registers.r8: 15 registers.r9: -4287887454 registers.rdx: 0 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4288671746 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_auth_hmacsha256_init+0x15a rrypto_auth_hmacsha256_update-0x186 berr+0x1688a @ 0x7fef3ea688a rrypto_auth_hmacsha256+0x39 rrypto_auth_hmacsha256_final-0x47 berr+0x16669 @ 0x7fef3ea6669 rrypto_auth_hmacsha256_verify+0x23 rrypto_kdf_derive_from_key-0x4d berr+0x16a43 @ 0x7fef3ea6a43 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 41 0f b6 04 08 30 01 48 3b d7 72 ea 41 b8 40 00 exception.instruction: movzx eax, byte ptr [r8 + rcx] exception.exception_code: 0xc0000005 exception.symbol: rrypto_auth_hmacsha256_init+0x15a rrypto_auth_hmacsha256_update-0x186 berr+0x1688a exception.address: 0x7fef3ea688a registers.r14: 0 registers.r15: 0 registers.rcx: 1635312 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1636416 registers.r11: 1635504 registers.r8: -1635302 registers.r9: 10 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1635312 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 2618848 registers.r15: 0 registers.rcx: 2618560 registers.rsi: 10 registers.r10: 0 registers.rbx: 4288610304 registers.rsp: 2618520 registers.r11: 2618944 registers.r8: 128 registers.r9: 10 registers.rdx: 54 registers.r12: 10 registers.rbp: 2618713 registers.rdi: 32 registers.rax: 0 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 2488016 registers.r15: 0 registers.rcx: 2487728 registers.rsi: 10 registers.r10: 0 registers.rbx: 4288610304 registers.rsp: 2487688 registers.r11: 2488112 registers.r8: 128 registers.r9: 10 registers.rdx: 54 registers.r12: 10 registers.rbp: 2487881 registers.rdi: 32 registers.rax: 0 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_auth_hmacsha512256_final+0x2e rrypto_auth_hmacsha512256_init-0x22 berr+0x1657e @ 0x7fef3ea657e rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 0f 11 03 0f 11 4b 10 48 8b 4c 24 60 48 33 cc e8 exception.exception_code: 0xc0000005 exception.symbol: rrypto_auth_hmacsha512256_final+0x2e rrypto_auth_hmacsha512256_init-0x22 berr+0x1657e exception.address: 0x7fef3ea657e registers.r14: 0 registers.r15: 0 registers.rcx: 3141592653589774336 registers.rsi: 0 registers.r10: 1243744 registers.rbx: 0 registers.rsp: 1244768 registers.r11: -3609730108830263161 registers.r8: 0 registers.r9: 1243744 registers.rdx: 64 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_hash_primitive+0xf60 rrypto_hash_sha512-0xd0 berr+0x24820 @ 0x7fef3eb4820 rrypto_hash_primitive+0x155 rrypto_hash_sha512-0xedb berr+0x23a15 @ 0x7fef3eb3a15 rrypto_hash_sha512_update+0x138 rrypto_hash_sha256_statebytes-0x68 berr+0x24b58 @ 0x7fef3eb4b58 rrypto_auth_hmacsha512_init+0x46 rrypto_auth_hmacsha512256_statebytes-0x27a berr+0x161c6 @ 0x7fef3ea61c6 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 0f b6 48 ff 0f b6 50 fe 48 8d 40 08 48 c1 e2 08 exception.instruction: movzx ecx, byte ptr [rax + 0xffffffffffffffff] exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_primitive+0xf60 rrypto_hash_sha512-0xd0 berr+0x24820 exception.address: 0x7fef3eb4820 registers.r14: 0 registers.r15: 0 registers.rcx: -4287559664 registers.rsi: 0 registers.r10: 66924 registers.rbx: 0 registers.rsp: 1113664 registers.r11: -5345043531784039855 registers.r8: 16 registers.r9: -4287559666 registers.rdx: 4288671744 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4288671746 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 66930 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 1046456 registers.r11: 1046192 registers.r8: 1360368 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 1360208 registers.rdi: 66930 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: rrypto_hash_primitive+0xf60 rrypto_hash_sha512-0xd0 berr+0x24820 @ 0x7fef3eb4820 rrypto_hash_primitive+0x155 rrypto_hash_sha512-0xedb berr+0x23a15 @ 0x7fef3eb3a15 rrypto_hash_sha512_update+0x138 rrypto_hash_sha256_statebytes-0x68 berr+0x24b58 @ 0x7fef3eb4b58 rrypto_auth_hmacsha512_update+0x9 rrypto_auth_hmacsha512_verify-0x7 berr+0x16459 @ 0x7fef3ea6459 rundll32+0x2f42 @ 0xff9f2f42 rundll32+0x3b7a @ 0xff9f3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 0f b6 48 ff 0f b6 50 fe 48 8d 40 08 48 c1 e2 08 exception.instruction: movzx ecx, byte ptr [rax + 0xffffffffffffffff] exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_primitive+0xf60 rrypto_hash_sha512-0xd0 berr+0x24820 exception.address: 0x7fef3eb4820 registers.r14: 0 registers.r15: 0 registers.rcx: -4287495200 registers.rsi: 0 registers.r10: 132500 registers.rbx: 0 registers.rsp: 1177888 registers.r11: 3202381891706502012 registers.r8: 16 registers.r9: -4287495202 registers.rdx: 4288671744 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4288671746 registers.r13: 0	1
__exception__ June 14, 2023, 7:38 p.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 1898496 registers.r15: 0 registers.rcx: 1898208 registers.rsi: 10 registers.r10: 0 registers.rbx: 4288610304 registers.rsp: 1898168 registers.r11: 1898704 registers.r8: 128 registers.r9: 10 registers.rdx: 54 registers.r12: 10 registers.rbp: 1898361 registers.rdi: 32 registers.rax: 0 registers.r13: 0	1

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00005000', u'virtual_address': u'0x0004d000', u'entropy': 7.57129319580482, u'name': u'.reloc', u'virtual_size': u'0x000048d0'}

entropy

7.5712931958

description

A section with a high entropy has been found

berr.php

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All