Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 23, 2023, 9:17 a.m.	June 23, 2023, 9:19 a.m.

Size	314.0KB
Type	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
MD5	`6a956b7342f7fbf9f65a969462e85772`
SHA256	`2fd83ff86db615e87ef7f1e8a0d905aaf2d0bf4f3e2b9728004fbf94afe742dd`
CRC32	`373394FE`
ssdeep	`6144:rqYMp1whyZAJfpTGfltYyMpfmA3a8yqgf2bMUDH:rqYMp1HaJfpfJmA3rg+bHDH`
Yara	IsDLL - (no description) Malicious_Library_Zero - Malicious_Library IsPE64 - (no description) PE_Header_Zero - PE File Signature

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_generichash_blake2b_pick_best_implementation
2096
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_generichash_blake2b_pick_best_implementation
  2300
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_onetimeauth_poly1305_pick_best_implementation
2180
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_onetimeauth_poly1305_pick_best_implementation
  2500
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rBKDF2_SHA256
1208
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rBKDF2_SHA256
  2372
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_pwhash_argon2_pick_best_implementation
2332
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_pwhash_argon2_pick_best_implementation
  2624
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_scalarmult_curve25519_pick_best_implementation
2480
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_scalarmult_curve25519_pick_best_implementation
  2736
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_sign_ed25519_detached
2612
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_sign_ed25519_detached
  2796
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_sign_ed25519_ref10_hinit
2820
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_sign_ed25519_ref10_hinit
  2976
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_sign_ed25519_verify_detached
2944
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_sign_ed25519_verify_detached
  2164
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_stream_chacha20_pick_best_implementation
2080
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_stream_chacha20_pick_best_implementation
  2572
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_stream_salsa20_pick_best_implementation
2440
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rcrypto_stream_salsa20_pick_best_implementation
  2828
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rsodium_alloc_init
2816
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rsodium_alloc_init
  2084
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rsodium_crit_init
2860
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rsodium_crit_init
  2676
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rsodium_runtime_get_cpu_features
2216
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rsodium_runtime_get_cpu_features
  2880
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rlloc_region
2512
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rlloc_region
  3032
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2_ctx
2552
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2_ctx
  2980
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2_hash
2496
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2_hash
  2304
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2_pick_best_implementation
2152
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2_pick_best_implementation
  2184
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2_verify
2560
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2_verify
  2128
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2i_hash_encoded
2144
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2i_hash_encoded
  3164
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2i_hash_raw
3156
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2i_hash_raw
  3364
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2i_verify
3316
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2i_verify
  3504
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2id_hash_encoded
3452
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2id_hash_encoded
  3616
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2id_hash_raw
3640
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2id_hash_raw
  3800
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2id_verify
3752
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrgon2id_verify
  4012
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rlake2b_compress_avx2
3892
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rlake2b_compress_avx2
  2716
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rlake2b_compress_ref
4020
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rlake2b_compress_ref
  3196
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rlake2b_compress_sse41
3188
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rlake2b_compress_sse41
  3528
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rlake2b_compress_ssse3
3448
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rlake2b_compress_ssse3
  3696
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rlake2b_long
3544
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rlake2b_long
  4088
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_abytes
3976
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_abytes
  3276
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_beforenm
3216
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_beforenm
  3684
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_decrypt
3348
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_decrypt
  3200
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_decrypt_afternm
4072
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_decrypt_afternm
  3968
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_decrypt_detached
3356
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_decrypt_detached
  3660
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_decrypt_detached_afternm
3224
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_decrypt_detached_afternm
  3588
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_encrypt
3928
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_encrypt
  4224
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_encrypt_afternm
4100
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_encrypt_afternm
  4392
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_encrypt_detached
4256
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_encrypt_detached
  4480
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_encrypt_detached_afternm
4384
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_encrypt_detached_afternm
  4576
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_is_available
4636
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_is_available
  4968
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_keybytes
4784
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_keybytes
  5044
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_keygen
4920
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_keygen
  4192
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_messagebytes_max
4124
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_messagebytes_max
  4492
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_npubbytes
4360
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_npubbytes
  4740
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_nsecbytes
4528
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_nsecbytes
  5064
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_statebytes
5012
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_aes256gcm_statebytes
  4928
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_abytes
4188
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_abytes
  4476
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_decrypt
4408
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_decrypt
  4332
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_decrypt_detached
5080
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_decrypt_detached
  4152
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_encrypt
4888
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_encrypt
  4664
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_encrypt_detached
4728
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_encrypt_detached
  5040
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_abytes
4984
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_abytes
  5184
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_decrypt
5128
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_decrypt
  5300
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_decrypt_detached
5364
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_decrypt_detached
  5600
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_encrypt
5544
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_encrypt
  5844
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_encrypt_detached
5700
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_encrypt_detached
  5988
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_keybytes
5836
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_keybytes
  6096
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_keygen
5972
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_keygen
  5268
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_messagebytes_max
5168
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_messagebytes_max
  5668
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_npubbytes
5620
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_npubbytes
  4172
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_nsecbytes
5884
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_ietf_nsecbytes
  5320
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_keybytes
6044
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_keybytes
  5748
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_keygen
5632
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_keygen
  5612
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_messagebytes_max
5976
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_messagebytes_max
  5332
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_npubbytes
5928
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_npubbytes
  5932
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_nsecbytes
5920
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_chacha20poly1305_nsecbytes
  5820
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_xchacha20poly1305_ietf_abytes
6128
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_xchacha20poly1305_ietf_abytes
  5584
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt
4932
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt
  6192
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt_detached
6060
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt
5948
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\lim.php.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt_detached
6292

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (49 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0
IsDebuggerPresent June 23, 2023, 9:17 a.m.			0	0

One or more processes crashed (20 events)

Time & API	Arguments	Status
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rrypto_hash_sha256_statebytes+0x30 rrypto_hash_sha256_init-0xdb0 lim+0xf0d0 @ 0x7445f0d0 exception.instruction_r: 8b 0c 82 0f c9 41 89 0c 80 48 83 c0 01 48 83 f8 exception.instruction: mov ecx, dword ptr [rdx + rax*4] exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_sha256_statebytes+0x30 rrypto_hash_sha256_init-0xdb0 lim+0xf0d0 exception.address: 0x7445f0d0 registers.r14: 2685136 registers.r15: 4287168512 registers.rcx: 0 registers.rsi: 4287234400 registers.r10: 332650118 registers.rbx: 135136 registers.rsp: 2684696 registers.r11: 1109485856 registers.r8: 2684880 registers.r9: 2685136 registers.rdx: 135136 registers.r12: 2684880 registers.rbp: 2684832 registers.rdi: 2685664 registers.rax: 8 registers.r13: 4287168448	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rcrypto_scalarmult_curve25519_pick_best_implementation+0x19 rrypto_secretbox_keybytes-0x7 lim+0x16b29 @ 0x74466b29 rundll32+0x2f42 @ 0xff892f42 rundll32+0x3b7a @ 0xff893b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 88 08 48 8b 04 24 66 3b c9 74 3e 48 8b 4c 24 08 exception.instruction: mov byte ptr [rax], cl exception.exception_code: 0xc0000005 exception.symbol: rcrypto_scalarmult_curve25519_pick_best_implementation+0x19 rrypto_secretbox_keybytes-0x7 lim+0x16b29 exception.address: 0x74466b29 registers.r14: 0 registers.r15: 0 registers.rcx: 8796092846080 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 916464 registers.r11: 915552 registers.r8: 1688154 registers.r9: 10 registers.rdx: 4287168512 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 393256 registers.r13: 0	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rcrypto_sign_ed25519_detached+0x16b rrypto_sign_ed25519_detached-0xe5 lim+0x1877b @ 0x7446877b 0x20186 0x1cfae8 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 exception.instruction_r: 49 c7 07 40 00 00 00 48 8d 65 c8 31 c0 5b 5e 5f exception.instruction: mov qword ptr [r15], 0x40 exception.exception_code: 0xc0000005 exception.symbol: rcrypto_sign_ed25519_detached+0x16b rrypto_sign_ed25519_detached-0xe5 lim+0x1877b exception.address: 0x7446877b registers.r14: 10 registers.r15: 4287168512 registers.rcx: 0 registers.rsi: 1899136 registers.r10: 6 registers.rbx: 1899424 registers.rsp: 1899048 registers.r11: 9951064 registers.r8: 66886639 registers.r9: 7713947 registers.rdx: 64 registers.r12: 1899200 registers.rbp: 1899696 registers.rdi: 1899072 registers.rax: 0 registers.r13: 3785160	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x51f rrypto_aead_aes256gcm_decrypt_afternm-0x10d1 lim+0x2103f @ 0x7447103f 0x1ef958 exception.instruction_r: f3 0f 6f 6c 02 30 f3 0f 6f 64 02 20 f3 0f 6f 5c exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x51f rrypto_aead_aes256gcm_decrypt_afternm-0x10d1 lim+0x2103f exception.address: 0x7447103f registers.r14: 2029680 registers.r15: 2030474 registers.rcx: 197328 registers.rsi: 2030464 registers.r10: 82555849130117 registers.rbx: 2030464 registers.rsp: 2028864 registers.r11: 2030464 registers.r8: 10 registers.r9: 2030464 registers.rdx: 2030512 registers.r12: 10 registers.rbp: 2029456 registers.rdi: -1 registers.rax: 5184 registers.r13: 0	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x123 rrypto_aead_aes256gcm_decrypt_afternm-0x14cd lim+0x20c43 @ 0x74470c43 0x3dc1ae 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 0x40000601 exception.instruction_r: 66 41 0f 38 dc 46 10 66 41 0f 38 dc 46 20 66 41 exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x123 rrypto_aead_aes256gcm_decrypt_afternm-0x14cd lim+0x20c43 exception.address: 0x74470c43 registers.r14: 4047352 registers.r15: 2161722 registers.rcx: 197346 registers.rsi: 2161712 registers.r10: 82555849130117 registers.rbx: 2161712 registers.rsp: 2160912 registers.r11: 2161664 registers.r8: 10 registers.r9: 2161712 registers.rdx: 2161760 registers.r12: 10 registers.rbp: 2161504 registers.rdi: -1 registers.rax: -9160032466218516480 registers.r13: 0	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x510 rrypto_aead_aes256gcm_decrypt_afternm-0x10e0 lim+0x21030 @ 0x74471030 exception.instruction_r: f3 0f 6f 14 02 66 44 0f 6f d8 66 41 0f 6f f5 f3 exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x510 rrypto_aead_aes256gcm_decrypt_afternm-0x10e0 lim+0x21030 exception.address: 0x74471030 registers.r14: 1374416 registers.r15: 1375200 registers.rcx: 66312 registers.rsi: 1375184 registers.r10: 82555849130117 registers.rbx: 66312 registers.rsp: 1373704 registers.r11: 1375168 registers.r8: 2081274 registers.r9: 10 registers.rdx: 1375232 registers.r12: 10 registers.rbp: 1374304 registers.rdi: -1 registers.rax: 422912 registers.r13: 0	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x123 rrypto_aead_aes256gcm_decrypt_afternm-0x14cd lim+0x20c43 @ 0x74470c43 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 0x80000000 exception.instruction_r: 66 41 0f 38 dc 46 10 66 41 0f 38 dc 46 20 66 41 exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x123 rrypto_aead_aes256gcm_decrypt_afternm-0x14cd lim+0x20c43 exception.address: 0x74470c43 registers.r14: 3392026 registers.r15: 2030736 registers.rcx: 197420 registers.rsi: 2030720 registers.r10: 82555849130117 registers.rbx: 197420 registers.rsp: 2030024 registers.r11: 2030720 registers.r8: 3392026 registers.r9: 10 registers.rdx: 2030768 registers.r12: 10 registers.rbp: 2030624 registers.rdi: -1 registers.rax: 64447874062090240 registers.r13: 0	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x549 rrypto_aead_aes256gcm_encrypt_afternm-0x10f7 lim+0x1f9a9 @ 0x7446f9a9 exception.instruction_r: f3 41 0f 6f 5c 00 30 66 44 0f 6f e8 66 41 0f 6f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x549 rrypto_aead_aes256gcm_encrypt_afternm-0x10f7 lim+0x1f9a9 exception.address: 0x7446f9a9 registers.r14: 0 registers.r15: 1766656 registers.rcx: 66416 registers.rsi: 1766656 registers.r10: 1767488 registers.rbx: 82555849130117 registers.rsp: 1765928 registers.r11: 0 registers.r8: 1767472 registers.r9: 3719624 registers.rdx: 66426 registers.r12: 10 registers.rbp: 1766544 registers.rdi: 4287168512 registers.rax: 133056 registers.r13: 1767504	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x154 rrypto_aead_aes256gcm_encrypt_afternm-0x14ec lim+0x1f5b4 @ 0x7446f5b4 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf 0xa56858c9a5bf exception.instruction_r: 66 41 0f 38 dc 47 10 66 0f ef ca 66 44 0f 6f c3 exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x154 rrypto_aead_aes256gcm_encrypt_afternm-0x14ec lim+0x1f5b4 exception.address: 0x7446f5b4 registers.r14: 0 registers.r15: 2933240 registers.rcx: 66422 registers.rsi: 4287168512 registers.r10: 785216 registers.rbx: 82555849130117 registers.rsp: 784376 registers.r11: 0 registers.r8: 785216 registers.r9: 2933240 registers.rdx: 66432 registers.r12: 10 registers.rbp: 784992 registers.rdi: -1 registers.rax: 4144335688 registers.r13: 785248	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x549 rrypto_aead_aes256gcm_encrypt_afternm-0x10f7 lim+0x1f9a9 @ 0x7446f9a9 0x34c218 rundll32+0x1438 @ 0xff891438 exception.instruction_r: f3 41 0f 6f 5c 00 30 66 44 0f 6f e8 66 41 0f 6f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x549 rrypto_aead_aes256gcm_encrypt_afternm-0x10f7 lim+0x1f9a9 exception.address: 0x7446f9a9 registers.r14: 0 registers.r15: 1766720 registers.rcx: 131954 registers.rsi: 0 registers.r10: 1767488 registers.rbx: 28992399350038528 registers.rsp: 1766008 registers.r11: 1767424 registers.r8: 1767536 registers.r9: 10 registers.rdx: 4287168512 registers.r12: 10 registers.rbp: 1766608 registers.rdi: -1 registers.rax: 132992 registers.r13: 1767488	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x549 rrypto_aead_aes256gcm_encrypt_afternm-0x10f7 lim+0x1f9a9 @ 0x7446f9a9 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 0x80 exception.instruction_r: f3 41 0f 6f 5c 00 30 66 44 0f 6f e8 66 41 0f 6f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x549 rrypto_aead_aes256gcm_encrypt_afternm-0x10f7 lim+0x1f9a9 exception.address: 0x7446f9a9 registers.r14: 0 registers.r15: 2605408 registers.rcx: 66460 registers.rsi: 0 registers.r10: 1834048 registers.rbx: 32370056120500224 registers.rsp: 1833336 registers.r11: 1833984 registers.r8: 1834096 registers.r9: 10 registers.rdx: 4287168512 registers.r12: 10 registers.rbp: 1833952 registers.rdi: -1 registers.rax: 4992 registers.r13: 1834048	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: RtlCopyMemory+0x64 _local_unwind-0x2ec ntdll+0x4e734 @ 0x7770e734 SystemFunction036+0x34f SystemFunction040-0x631 cryptbase+0x1997 @ 0x7fefda11997 SystemFunction036+0x209 SystemFunction040-0x777 cryptbase+0x1851 @ 0x7fefda11851 SystemFunction036+0x5c SystemFunction040-0x924 cryptbase+0x16a4 @ 0x7fefda116a4 SystemFunction036+0x4a AllocateLocallyUniqueId-0x16 advapi32+0x108e @ 0x7fefe8d108e rrypto_stream_xchacha20_keygen+0x97 rrypto_aead_aes256gcm_beforenm-0x39 lim+0x1f0c7 @ 0x7446f0c7 0x40400 exception.instruction_r: 48 89 01 48 83 c1 08 49 ff c9 75 f0 49 83 e0 07 exception.symbol: RtlCopyMemory+0x64 _local_unwind-0x2ec ntdll+0x4e734 exception.instruction: mov qword ptr [rcx], rax exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 321332 exception.address: 0x7770e734 registers.r14: 0 registers.r15: 0 registers.rcx: 263168 registers.rsi: 0 registers.r10: 1177456 registers.rbx: 263168 registers.rsp: 1178144 registers.r11: 263168 registers.r8: 16 registers.r9: 2 registers.rdx: 914544 registers.r12: 10 registers.rbp: 2408752 registers.rdi: -1 registers.rax: 256562428409330464 registers.r13: 0	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 @ 0x74461970 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c 0x5d213b12c exception.instruction_r: 48 8b 0b 4c 8b 5b 08 48 c7 44 24 58 00 00 00 00 exception.instruction: mov rcx, qword ptr [rbx] exception.exception_code: 0xc0000005 exception.symbol: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 exception.address: 0x74461970 registers.r14: 1643584 registers.r15: 17592186044415 registers.rcx: 2726777984488 registers.rsi: 3223603896224 registers.r10: 2643155031370 registers.rbx: 790528 registers.rsp: 784696 registers.r11: 3237543090013 registers.r8: 9821427811225 registers.r9: 15507733967012 registers.rdx: 9821427811228 registers.r12: 9363221891593 registers.rbp: 784848 registers.rdi: 3548342 registers.rax: 13128227413778 registers.r13: -4884288305647528921	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 @ 0x74461970 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc 0x17564200dc exception.instruction_r: 48 8b 0b 4c 8b 5b 08 48 c7 44 24 58 00 00 00 00 exception.instruction: mov rcx, qword ptr [rbx] exception.exception_code: 0xc0000005 exception.symbol: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 exception.address: 0x74461970 registers.r14: 2099177 registers.r15: 17592186044415 registers.rcx: 14034224535578 registers.rsi: 1821886274868 registers.r10: 17483356218080 registers.rbx: 2584576 registers.rsp: 2161160 registers.r11: 5290008066668 registers.r8: 8253690715544 registers.r9: 12475808791274 registers.rdx: 8253690715555 registers.r12: 7318783165676 registers.rbp: 2161312 registers.rdi: 6240979 registers.rax: 37701299812354 registers.r13: -1575599893520406654	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 @ 0x74461970 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 0x4bfba68028 exception.instruction_r: 48 8b 0b 4c 8b 5b 08 48 c7 44 24 58 00 00 00 00 exception.instruction: mov rcx, qword ptr [rbx] exception.exception_code: 0xc0000005 exception.symbol: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 exception.address: 0x74461970 registers.r14: 1462658 registers.r15: 17592186044415 registers.rcx: 6685523603159 registers.rsi: 1100272034543 registers.r10: 1384891729146 registers.rbx: 1769472 registers.rsp: 1635304 registers.r11: 4992832613098 registers.r8: 7126332772258 registers.r9: 11074132985534 registers.rdx: 7126332772260 registers.r12: 5360183752619 registers.rbp: 1635456 registers.rdi: 3388909 registers.rax: 8974722669044 registers.r13: 7008570052117415034	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 @ 0x74461970 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c 0xf1a38d508c exception.instruction_r: 48 8b 0b 4c 8b 5b 08 48 c7 44 24 58 00 00 00 00 exception.instruction: mov rcx, qword ptr [rbx] exception.exception_code: 0xc0000005 exception.symbol: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 exception.address: 0x74461970 registers.r14: 3739301 registers.r15: 17592186044415 registers.rcx: 6002649841516 registers.rsi: 944112609063 registers.r10: 11214750974329 registers.rbx: 2228224 registers.rsp: 2094296 registers.r11: 5242349625754 registers.r8: 13536691739736 registers.r9: 15527760531664 registers.rdx: 13536691739746 registers.r12: 13039731225379 registers.rbp: 2094448 registers.rdi: 14187928 registers.rax: 36046974000299 registers.r13: -961039802815757573	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 @ 0x74461970 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c 0xd3b96812c exception.instruction_r: 48 8b 0b 4c 8b 5b 08 48 c7 44 24 58 00 00 00 00 exception.instruction: mov rcx, qword ptr [rbx] exception.exception_code: 0xc0000005 exception.symbol: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 exception.address: 0x74461970 registers.r14: 1122894 registers.r15: 17592186044415 registers.rcx: 3628205470569 registers.rsi: 4029891950656 registers.r10: 15814522268043 registers.rbx: 2883584 registers.rsp: 2749656 registers.r11: 1362427602609 registers.r8: 236299454111 registers.r9: 14817637853580 registers.rdx: 236299454114 registers.r12: 15187148395919 registers.rbp: 2749808 registers.rdi: 5909441 registers.rax: 10355934743757 registers.r13: 2374308020572302834	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 @ 0x74461970 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 0x78b6b20118 exception.instruction_r: 48 8b 0b 4c 8b 5b 08 48 c7 44 24 58 00 00 00 00 exception.instruction: mov rcx, qword ptr [rbx] exception.exception_code: 0xc0000005 exception.symbol: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 exception.address: 0x74461970 registers.r14: 3253934 registers.r15: 17592186044415 registers.rcx: 15438135161039 registers.rsi: 577730483990 registers.r10: 14960642577304 registers.rbx: 1966080 registers.rsp: 1831944 registers.r11: 4165510316812 registers.r8: 9845186332700 registers.r9: 7659285014027 registers.rdx: 9845186332717 registers.r12: 14311034256284 registers.rbp: 1832096 registers.rdi: 23059510 registers.rax: 58353161038359 registers.r13: 1851274583630652304	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 @ 0x74461970 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 0xacc03940f0 exception.instruction_r: 48 8b 0b 4c 8b 5b 08 48 c7 44 24 58 00 00 00 00 exception.instruction: mov rcx, qword ptr [rbx] exception.exception_code: 0xc0000005 exception.symbol: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 exception.address: 0x74461970 registers.r14: 127590 registers.r15: 17592186044415 registers.rcx: 1285292663422 registers.rsi: 1497185122902 registers.r10: 5390903583712 registers.rbx: 2818048 registers.rsp: 2684168 registers.r11: 1274078343458 registers.r8: 5231589504166 registers.r9: 14199083837781 registers.rdx: 5231589504167 registers.r12: 1374488359848 registers.rbp: 2684320 registers.rdi: 14439994 registers.rax: 5280073259697 registers.r13: -3359676061129078304	1
__exception__ June 23, 2023, 9:17 a.m.	stacktrace: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 @ 0x74461970 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c 0xd56385f08c exception.instruction_r: 48 8b 0b 4c 8b 5b 08 48 c7 44 24 58 00 00 00 00 exception.instruction: mov rcx, qword ptr [rbx] exception.exception_code: 0xc0000005 exception.symbol: rcrypto_onetimeauth_poly1305_pick_best_implementation+0xc0 rree_instance-0x790 lim+0x11970 exception.address: 0x74461970 registers.r14: 4536277 registers.r15: 17592186044415 registers.rcx: 4243369616988 registers.rsi: 2871780837541 registers.r10: 4939847958816 registers.rbx: 2424832 registers.rsp: 2292392 registers.r11: 5385547338611 registers.r8: 13974214189518 registers.r9: 16747267157666 registers.rdx: 13974214189523 registers.r12: 15410405189444 registers.rbp: 2292544 registers.rdi: 4592398 registers.rax: 19953669884186 registers.r13: 2624824568418368232	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0000a400', u'virtual_address': u'0x00039000', u'entropy': 7.002053932465696, u'name': u'.rdata', u'virtual_size': u'0x0000a2a0'}

entropy

7.00205393247

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00005000', u'virtual_address': u'0x00052000', u'entropy': 7.607727850907664, u'name': u'.reloc', u'virtual_size': u'0x0000493b'}

entropy

7.60772785091

description

A section with a high entropy has been found

lim.php

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All