Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	June 15, 2023, 9:25 a.m.	June 15, 2023, 9:26 a.m.

Size	313.0KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`a5d456bcb8127164d78c03dbc688b8a5`
SHA256	`55657b055737b3c8eb4171337d83a95feeb923087ccae16a7d3b777cbd620b24`
CRC32	`0E8AC8D5`
ssdeep	`6144:5xb8ZqekwkREHYuRP/4Th3gpjMl6x/Vlhg2U7V50DErMEhoI1+hRRw9ma:5xb8ZqekwkJPaThgyDChXohRRwn`
PDB Path	C:\tools\msys64\home\micro\src\libsodium\bin\x64\Release\v141\dynamic\libsodium.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_abytes
3012
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_abytes
  2244
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_beforenm
612
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_beforenm
  1020
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_decrypt
2292
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_decrypt
  2528
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_decrypt_afternm
2380
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_decrypt_afternm
  2544
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_decrypt_detached
1620
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_decrypt_detached
  2476
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_decrypt_detached_afternm
1392
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_decrypt_detached_afternm
  2844
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_encrypt
2960
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_encrypt
  1780
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_encrypt_afternm
1368
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_encrypt_afternm
  2500
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_encrypt_detached
260
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_encrypt_detached
  2524
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_encrypt_detached_afternm
1140
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_encrypt_detached_afternm
  2944
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_is_available
2980
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_is_available
  2396
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_keybytes
2220
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_keybytes
  2752
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_keygen
572
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_keygen
  3016
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_messagebytes_max
2780
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_messagebytes_max
  3076
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_npubbytes
3128
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_npubbytes
  3284
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_nsecbytes
3252
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_nsecbytes
  3484
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_statebytes
3464
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_aes256gcm_statebytes
  3664
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_abytes
3624
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_abytes
  3784
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_decrypt
3828
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_decrypt
  4004
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_decrypt_detached
3932
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_decrypt_detached
  4080
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_encrypt
4060
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_encrypt
  2424
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_encrypt_detached
1628
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_encrypt_detached
  3524
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_abytes
3508
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_abytes
  3900
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_decrypt
3796
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_decrypt
  4028
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_decrypt_detached
3956
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_decrypt_detached
  3192
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_encrypt
3184
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_encrypt
  3736
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_encrypt_detached
1104
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_encrypt_detached
  2740
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_keybytes
3916
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_keybytes
  3348
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_keygen
3712
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_keygen
  3724
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_messagebytes_max
3272
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_messagebytes_max
  3720
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_npubbytes
3840
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_npubbytes
  4160
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_nsecbytes
4180
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_ietf_nsecbytes
  4332
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_keybytes
4308
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_keybytes
  4628
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_keygen
4444
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_keygen
  4612
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_messagebytes_max
4536
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_messagebytes_max
  4684
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_npubbytes
4712
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_npubbytes
  5004
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_nsecbytes
4844
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_chacha20poly1305_nsecbytes
  4944
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_abytes
4968
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_abytes
  3960
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt_detached
4324
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt_detached
  4288
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt
4172
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt
  4588
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt
4428
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt
  4668
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt_detached
4624
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt_detached
  4632
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_keybytes
4940
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_keybytes
  4208
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_keygen
4540
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_keygen
  4300
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_messagebytes_max
4204
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_messagebytes_max
  4572
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_npubbytes
4728
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_npubbytes
  4688
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_nsecbytes
4212
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_aead_xchacha20poly1305_ietf_nsecbytes
  5108
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth
4520
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth
  4380
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_bytes
4716
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_bytes
  4964
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256
2444
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256
  4832
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_bytes
2436
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_bytes
  5180
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_final
5084
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_final
  5244
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_init
5348
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_init
  5492
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_keybytes
5464
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_keybytes
  5716
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_keygen
5612
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_keygen
  5804
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_statebytes
5748
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_statebytes
  6064
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_update
5912
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_update
  6072
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_verify
6020
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha256_verify
  5296
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512
5232
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512
  5512
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256
5460
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256
  5688
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_bytes
5796
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_bytes
  6016
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_final
5468
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_final
  5784
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_init
5320
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_init
  6116
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_keybytes
5596
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_keybytes
  5304
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_keygen
5884
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_keygen
  5600
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_statebytes
5308
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_statebytes
  5312
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_update
5000
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_update
  5856
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_verify
2924
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512256_verify
  5260
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512_bytes
5816
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512_bytes
  6152
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512_final
5964
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\34324543.dll,rrypto_auth_hmacsha512_init
6316

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (50 out of 69 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0
IsDebuggerPresent June 15, 2023, 9:18 a.m.			0	0

This executable has a PDB path (1 event)

pdb_path

C:\tools\msys64\home\micro\src\libsodium\bin\x64\Release\v141\dynamic\libsodium.pdb

One or more processes crashed (38 events)

Time & API	Arguments	Status
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x4d0 rrypto_aead_aes256gcm_encrypt-0xeb0 34324543+0x26d20 @ 0x7fef3426d20 rrypto_aead_aes256gcm_decrypt_afternm+0x7d rrypto_aead_aes256gcm_decrypt_detached-0x23 34324543+0x2676d @ 0x7fef342676d rrypto_aead_aes256gcm_decrypt+0x92 rrypto_aead_aes256gcm_decrypt_afternm-0x3e 34324543+0x266b2 @ 0x7fef34266b2 rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x4d0 rrypto_aead_aes256gcm_encrypt-0xeb0 34324543+0x26d20 exception.address: 0x7fef3426d20 registers.r14: 0 registers.r15: 0 registers.rcx: 12164 registers.rsi: 0 registers.r10: 784490 registers.rbx: 0 registers.rsp: 784944 registers.r11: 783640 registers.r8: 10 registers.r9: 784480 registers.rdx: 2867658 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 790512 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x103 rrypto_aead_aes256gcm_encrypt-0x127d 34324543+0x26953 @ 0x7fef3426953 rrypto_aead_aes256gcm_decrypt_afternm+0x7d rrypto_aead_aes256gcm_decrypt_detached-0x23 34324543+0x2676d @ 0x7fef342676d rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: 66 41 0f ef 4d 00 66 41 0f 6f c1 66 41 0f 38 dc exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x103 rrypto_aead_aes256gcm_encrypt-0x127d 34324543+0x26953 exception.address: 0x7fef3426953 registers.r14: 0 registers.r15: 0 registers.rcx: 65912 registers.rsi: 0 registers.r10: 2424106 registers.rbx: 0 registers.rsp: 2424560 registers.r11: 2423912 registers.r8: 10 registers.r9: 2424096 registers.rdx: 3850746 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 19392768 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x4d0 rrypto_aead_aes256gcm_encrypt-0xeb0 34324543+0x26d20 @ 0x7fef3426d20 rrypto_aead_aes256gcm_decrypt_detached+0x92 rrypto_aead_aes256gcm_decrypt_detached_afternm-0x2e 34324543+0x26822 @ 0x7fef3426822 rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x4d0 rrypto_aead_aes256gcm_encrypt-0xeb0 34324543+0x26d20 exception.address: 0x7fef3426d20 registers.r14: 0 registers.r15: 0 registers.rcx: 16286 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1047920 registers.r11: 1046712 registers.r8: 2081276 registers.r9: 10 registers.rdx: 4289462272 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1052656 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x103 rrypto_aead_aes256gcm_encrypt-0x127d 34324543+0x26953 @ 0x7fef3426953 rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: 66 41 0f ef 4d 00 66 41 0f 6f c1 66 41 0f 38 dc exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x103 rrypto_aead_aes256gcm_encrypt-0x127d 34324543+0x26953 exception.address: 0x7fef3426953 registers.r14: 0 registers.r15: 0 registers.rcx: 131438 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1964672 registers.r11: 1964120 registers.r8: 3588636 registers.r9: 10 registers.rdx: 4289462272 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 80 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 34324543+0x282e0 @ 0x7fef34282e0 rrypto_aead_aes256gcm_encrypt_afternm+0x61 rrypto_aead_aes256gcm_encrypt_detached-0x1f 34324543+0x27d01 @ 0x7fef3427d01 rrypto_aead_aes256gcm_encrypt+0x8f rrypto_aead_aes256gcm_encrypt_afternm-0x41 34324543+0x27c5f @ 0x7fef3427c5f rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 34324543+0x282e0 exception.address: 0x7fef34282e0 registers.r14: 0 registers.r15: 0 registers.rcx: 17302 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1113200 registers.r11: 1111880 registers.r8: 0 registers.r9: 1112080 registers.rdx: 1112768 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1118224 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 34324543+0x282e0 @ 0x7fef34282e0 rrypto_aead_aes256gcm_encrypt_detached+0x9c rrypto_aead_aes256gcm_encrypt_detached_afternm-0x24 34324543+0x27dbc @ 0x7fef3427dbc rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 34324543+0x282e0 exception.address: 0x7fef34282e0 registers.r14: 0 registers.r15: 0 registers.rcx: 15278 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 982896 registers.r11: 981672 registers.r8: 1884668 registers.r9: 981776 registers.rdx: 982400 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 987120 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x12e rrypto_aead_aes256gcm_is_available-0x1232 34324543+0x27f0e @ 0x7fef3427f0e rrypto_aead_aes256gcm_encrypt_afternm+0x61 rrypto_aead_aes256gcm_encrypt_detached-0x1f 34324543+0x27d01 @ 0x7fef3427d01 rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: 66 41 0f ef 4d 00 66 41 0f 38 dc 09 66 41 0f 38 exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x12e rrypto_aead_aes256gcm_is_available-0x1232 34324543+0x27f0e exception.address: 0x7fef3427f0e registers.r14: 0 registers.r15: 0 registers.rcx: 65926 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 851728 registers.r11: 851080 registers.r8: 0 registers.r9: 2867722 registers.rdx: 851264 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 6810496 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 34324543+0x282e0 @ 0x7fef34282e0 rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 34324543+0x282e0 exception.address: 0x7fef34282e0 registers.r14: 0 registers.r15: 0 registers.rcx: 37799 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2424464 registers.r11: 2423912 registers.r8: 3916316 registers.r9: 3916144 registers.rdx: 2424000 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2428944 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 131478 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 2619624 registers.r11: 2619360 registers.r8: 4833736 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 4833584 registers.rdi: 131478 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 197318 registers.r15: 10 registers.rcx: 1570128 registers.rsi: 1570458 registers.r10: 8791783518090 registers.rbx: 64 registers.rsp: 1569656 registers.r11: 10 registers.r8: 64 registers.r9: 0 registers.rdx: 0 registers.r12: 8791783518090 registers.rbp: 1570448 registers.rdi: 1570128 registers.rax: 19221 registers.r13: 3523064	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 131780 registers.r15: 3916314 registers.rcx: 1767216 registers.rsi: 1767456 registers.r10: 8791783518090 registers.rbx: 64 registers.rsp: 1766744 registers.r11: 1766992 registers.r8: 64 registers.r9: 0 registers.rdx: 0 registers.r12: 8791783518090 registers.rbp: 10 registers.rdi: 1767216 registers.rax: 19221 registers.r13: 3916314	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 3850744 registers.r15: 66282 registers.rcx: 2029456 registers.rsi: 3850744 registers.r10: 8791783518090 registers.rbx: 64 registers.rsp: 2029000 registers.r11: 2029344 registers.r8: 64 registers.r9: 0 registers.rdx: 0 registers.r12: 66292 registers.rbp: 8791783518090 registers.rdi: 2029456 registers.rax: 19221 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 10 registers.r15: 66348 registers.rcx: 2750512 registers.rsi: 1229152 registers.r10: 1229338 registers.rbx: 64 registers.rsp: 2750056 registers.r11: 2750304 registers.r8: 64 registers.r9: 0 registers.rdx: 0 registers.r12: 4289462272 registers.rbp: 1229338 registers.rdi: 2750512 registers.rax: 7536741 registers.r13: 1229338	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 131888 registers.r15: 10 registers.rcx: 2487888 registers.rsi: 2488218 registers.r10: 8791783518090 registers.rbx: 64 registers.rsp: 2487416 registers.r11: 10 registers.r8: 64 registers.r9: 3981842 registers.rdx: 0 registers.r12: 8791783518090 registers.rbp: 2488208 registers.rdi: 2487888 registers.rax: 4144335688 registers.r13: 3981842	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 66356 registers.r15: 3064388 registers.rcx: 1832736 registers.rsi: 1832976 registers.r10: 8791783518090 registers.rbx: 64 registers.rsp: 1832264 registers.r11: 1832512 registers.r8: 64 registers.r9: 3064388 registers.rdx: 0 registers.r12: 8791783518090 registers.rbp: 10 registers.rdi: 1832736 registers.rax: 4144335688 registers.r13: 3064388	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 4375058 registers.r15: 66360 registers.rcx: 2226208 registers.rsi: 8791783518090 registers.r10: 8791783518090 registers.rbx: 64 registers.rsp: 2225752 registers.r11: 2226096 registers.r8: 64 registers.r9: 4375058 registers.rdx: 0 registers.r12: 66370 registers.rbp: 4375058 registers.rdi: 2226208 registers.rax: 4144335688 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 10 registers.r15: 66460 registers.rcx: 2161920 registers.rsi: 3523140 registers.r10: 3523140 registers.rbx: 64 registers.rsp: 2161464 registers.r11: 2161712 registers.r8: 64 registers.r9: 3522944 registers.rdx: 0 registers.r12: 4289462272 registers.rbp: 3522944 registers.rdi: 2161920 registers.rax: 268447233 registers.r13: 3523140	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 197536 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 1374552 registers.r11: 1374288 registers.r8: 2998800 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 2998624 registers.rdi: 197536 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 197574 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 1244008 registers.r11: 1243744 registers.r8: 2408950 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 2408784 registers.rdi: 197574 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 2146836 registers.r15: 328644 registers.rcx: 717872 registers.rsi: 718112 registers.r10: 718112 registers.rbx: 64 registers.rsp: 717416 registers.r11: 168669866 registers.r8: 64 registers.r9: 718128 registers.rdx: 0 registers.r12: 328654 registers.rbp: 328654 registers.rdi: 717872 registers.rax: 611617608 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 393248 registers.r15: 10 registers.rcx: 1833424 registers.rsi: 1833962 registers.r10: 1833648 registers.rbx: 64 registers.rsp: 1832952 registers.r11: 3813117092 registers.r8: 64 registers.r9: 1833664 registers.rdx: 0 registers.r12: 1833648 registers.rbp: 1833952 registers.rdi: 1833424 registers.rax: 611617608 registers.r13: 1833664	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 327724 registers.r15: 1819206 registers.rcx: 1504848 registers.rsi: 1505296 registers.r10: 1505072 registers.rbx: 64 registers.rsp: 1504376 registers.r11: 2046756877 registers.r8: 64 registers.r9: 1505088 registers.rdx: 0 registers.r12: 1505072 registers.rbp: 10 registers.rdi: 1504848 registers.rax: 611617608 registers.r13: 1505088	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 10 registers.r15: 132074 registers.rcx: 1963744 registers.rsi: 1963984 registers.r10: 1963984 registers.rbx: 64 registers.rsp: 1963288 registers.r11: 2014234181 registers.r8: 64 registers.r9: 1964000 registers.rdx: 0 registers.r12: 4289462272 registers.rbp: 4289462272 registers.rdi: 1963744 registers.rax: 0 registers.r13: 2998854	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 66580 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 1506600 registers.r11: 1506336 registers.r8: 2277906 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 2277728 registers.rdi: 66580 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 1963584 registers.r15: 0 registers.rcx: 1963296 registers.rsi: 10 registers.r10: 0 registers.rbx: 4289462272 registers.rsp: 1963256 registers.r11: 1963680 registers.r8: 128 registers.r9: 10 registers.rdx: 54 registers.r12: 10 registers.rbp: 1963449 registers.rdi: 32 registers.rax: 0 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_auth_hmacsha256_init+0x15a rrypto_auth_hmacsha256_update-0x186 34324543+0x1688a @ 0x7fef341688a rrypto_auth_hmacsha256+0x39 rrypto_auth_hmacsha256_final-0x47 34324543+0x16669 @ 0x7fef3416669 rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: 41 0f b6 04 08 30 01 48 3b d7 72 ea 41 b8 40 00 exception.instruction: movzx eax, byte ptr [r8 + rcx] exception.exception_code: 0xc0000005 exception.symbol: rrypto_auth_hmacsha256_init+0x15a rrypto_auth_hmacsha256_update-0x186 34324543+0x1688a exception.address: 0x7fef341688a registers.r14: 0 registers.r15: 0 registers.rcx: 2685424 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2686416 registers.r11: 2685504 registers.r8: -2685414 registers.r9: 10 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2685424 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_hash_sha256_statebytes+0xdd4 rrypto_hash_sha256-0x2c 34324543+0x25994 @ 0x7fef3425994 rrypto_hash_sha256_final+0x40 rrypto_hash_sha256_init-0x40 34324543+0x25a70 @ 0x7fef3425a70 rrypto_auth_hmacsha256_final+0x49 rrypto_auth_hmacsha256_init-0x37 34324543+0x166f9 @ 0x7fef34166f9 rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: 88 48 01 48 8d 40 04 c1 e9 08 88 48 fc c1 e9 08 exception.instruction: mov byte ptr [rax + 1], cl exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_sha256_statebytes+0xdd4 rrypto_hash_sha256-0x2c 34324543+0x25994 exception.address: 0x7fef3425994 registers.r14: 0 registers.r15: 0 registers.rcx: 4065714752 registers.rsi: 0 registers.r10: 980592 registers.rbx: 0 registers.rsp: 981360 registers.r11: 1566576330 registers.r8: 8 registers.r9: 980628 registers.rdx: -4289395448 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4289462274 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_hash_sha256_statebytes+0xd90 rrypto_hash_sha256-0x70 34324543+0x25950 @ 0x7fef3425950 rrypto_hash_sha256_statebytes+0x185 rrypto_hash_sha256-0xc7b 34324543+0x24d45 @ 0x7fef3424d45 rrypto_hash_sha256_update+0x118 rrypto_aead_xchacha20poly1305_ietf_decrypt-0x3e8 34324543+0x25be8 @ 0x7fef3425be8 rrypto_auth_hmacsha256_init+0x43 rrypto_auth_hmacsha256_update-0x29d 34324543+0x16773 @ 0x7fef3416773 rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: 0f b6 48 ff 0f b6 50 fe 48 8d 40 04 c1 e2 08 0b exception.instruction: movzx ecx, byte ptr [rax + 0xffffffffffffffff] exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_sha256_statebytes+0xd90 rrypto_hash_sha256-0x70 34324543+0x25950 exception.address: 0x7fef3425950 registers.r14: 0 registers.r15: 0 registers.rcx: -4288347168 registers.rsi: 0 registers.r10: 66814 registers.rbx: 0 registers.rsp: 1177632 registers.r11: 2686599009 registers.r8: 16 registers.r9: -4288347170 registers.rdx: 4289523712 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4289523714 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 66854 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 1636088 registers.r11: 1635824 registers.r8: 2867658 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 2867504 registers.rdi: 66854 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_hash_sha256_statebytes+0xd90 rrypto_hash_sha256-0x70 34324543+0x25950 @ 0x7fef3425950 rrypto_hash_sha256_statebytes+0x185 rrypto_hash_sha256-0xc7b 34324543+0x24d45 @ 0x7fef3424d45 rrypto_hash_sha256_update+0x118 rrypto_aead_xchacha20poly1305_ietf_decrypt-0x3e8 34324543+0x25be8 @ 0x7fef3425be8 rrypto_auth_hmacsha256_update+0x9 rrypto_auth_hmacsha256_verify-0x7 34324543+0x16a19 @ 0x7fef3416a19 rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: 0f b6 48 ff 0f b6 50 fe 48 8d 40 04 c1 e2 08 0b exception.instruction: movzx ecx, byte ptr [rax + 0xffffffffffffffff] exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_sha256_statebytes+0xd90 rrypto_hash_sha256-0x70 34324543+0x25950 exception.address: 0x7fef3425950 registers.r14: 0 registers.r15: 0 registers.rcx: -4288215200 registers.rsi: 0 registers.r10: 66890 registers.rbx: 0 registers.rsp: 1309456 registers.r11: 2255905367 registers.r8: 16 registers.r9: -4288215202 registers.rdx: 4289523712 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4289523714 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_auth_hmacsha256_init+0x15a rrypto_auth_hmacsha256_update-0x186 34324543+0x1688a @ 0x7fef341688a rrypto_auth_hmacsha256+0x39 rrypto_auth_hmacsha256_final-0x47 34324543+0x16669 @ 0x7fef3416669 rrypto_auth_hmacsha256_verify+0x23 rrypto_kdf_derive_from_key-0x4d 34324543+0x16a43 @ 0x7fef3416a43 rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: 41 0f b6 04 08 30 01 48 3b d7 72 ea 41 b8 40 00 exception.instruction: movzx eax, byte ptr [r8 + rcx] exception.exception_code: 0xc0000005 exception.symbol: rrypto_auth_hmacsha256_init+0x15a rrypto_auth_hmacsha256_update-0x186 34324543+0x1688a exception.address: 0x7fef341688a registers.r14: 0 registers.r15: 0 registers.rcx: 2094400 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2095504 registers.r11: 2094592 registers.r8: -2094390 registers.r9: 10 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2094400 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 2751040 registers.r15: 0 registers.rcx: 2750752 registers.rsi: 10 registers.r10: 0 registers.rbx: 4289462272 registers.rsp: 2750712 registers.r11: 2751136 registers.r8: 128 registers.r9: 10 registers.rdx: 54 registers.r12: 10 registers.rbp: 2750905 registers.rdi: 32 registers.rax: 0 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 1505472 registers.r15: 0 registers.rcx: 1505184 registers.rsi: 10 registers.r10: 0 registers.rbx: 4289462272 registers.rsp: 1505144 registers.r11: 1505568 registers.r8: 128 registers.r9: 10 registers.rdx: 54 registers.r12: 10 registers.rbp: 1505337 registers.rdi: 32 registers.rax: 0 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_auth_hmacsha512256_final+0x2e rrypto_auth_hmacsha512256_init-0x22 34324543+0x1657e @ 0x7fef341657e rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: 0f 11 03 0f 11 4b 10 48 8b 4c 24 60 48 33 cc e8 exception.exception_code: 0xc0000005 exception.symbol: rrypto_auth_hmacsha512256_final+0x2e rrypto_auth_hmacsha512256_init-0x22 34324543+0x1657e exception.address: 0x7fef341657e registers.r14: 0 registers.r15: 0 registers.rcx: 3141592653589774336 registers.rsi: 0 registers.r10: 2685456 registers.rbx: 0 registers.rsp: 2686480 registers.r11: -3535061307268065689 registers.r8: 0 registers.r9: 2685456 registers.rdx: 64 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 132500 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 2096184 registers.r11: 2095920 registers.r8: 4309488 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 4309328 registers.rdi: 132500 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_hash_sha512_init+0x2 rrypto_hash_sha512_update-0x3e 34324543+0x249e2 @ 0x7fef34249e2 rrypto_auth_hmacsha512_init+0x38 rrypto_auth_hmacsha512256_statebytes-0x288 34324543+0x161b8 @ 0x7fef34161b8 rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: 48 89 41 48 48 89 41 40 0f 28 05 ff 2d 01 00 0f exception.instruction: mov qword ptr [rcx + 0x48], rax exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_sha512_init+0x2 rrypto_hash_sha512_update-0x3e 34324543+0x249e2 exception.address: 0x7fef34249e2 registers.r14: 0 registers.r15: 0 registers.rcx: 198034 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2095376 registers.r11: 2094464 registers.r8: 3981772 registers.r9: 10 registers.rdx: 4289462272 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: rrypto_hash_sha512_update+0x56 rrypto_hash_sha256_statebytes-0x14a 34324543+0x24a76 @ 0x7fef3424a76 rrypto_auth_hmacsha512_update+0x9 rrypto_auth_hmacsha512_verify-0x7 34324543+0x16459 @ 0x7fef3416459 rundll32+0x2f42 @ 0xffac2f42 rundll32+0x3b7a @ 0xffac3b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7718652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x772bc521 exception.instruction_r: 48 89 45 48 48 3b c1 73 03 48 ff c2 49 8d 04 10 exception.instruction: mov qword ptr [rbp + 0x48], rax exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_sha512_update+0x56 rrypto_hash_sha256_statebytes-0x14a 34324543+0x24a76 exception.address: 0x7fef3424a76 registers.r14: 0 registers.r15: 0 registers.rcx: 13504384 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 916192 registers.r11: 915280 registers.r8: 0 registers.r9: 10 registers.rdx: -9162573441885274112 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 77687095867346821 registers.r13: 0	1
__exception__ June 15, 2023, 9:18 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 2750400 registers.r15: 0 registers.rcx: 2750112 registers.rsi: 10 registers.r10: 0 registers.rbx: 4289462272 registers.rsp: 2750072 registers.r11: 2750608 registers.r8: 128 registers.r9: 10 registers.rdx: 54 registers.r12: 10 registers.rbp: 2750265 registers.rdi: 32 registers.rax: 0 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 69 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 2244 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 2528 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 1020 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 2544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 2476 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 1780 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 2524 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 2500 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 2944 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 2396 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 2752 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3016 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3076 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3284 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3484 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3664 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3784 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 2424 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3524 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3900 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3736 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 2740 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3348 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3724 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3720 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4160 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4332 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4612 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4628 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4944 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 5004 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 3960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4668 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4588 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4208 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4688 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 5108 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4380 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory June 15, 2023, 9:18 a.m.	process_identifier: 4832 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa1b7000 process_handle: 0xffffffffffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00005000', u'virtual_address': u'0x0004d000', u'entropy': 7.571007571754842, u'name': u'.reloc', u'virtual_size': u'0x000048d0'}

entropy

7.57100757175

description

A section with a high entropy has been found

34324543.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All