Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	June 28, 2023, 9:21 a.m.	June 28, 2023, 9:21 a.m.

Size	313.0KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`dbf161014034d9a8154eb91e81c6c88d`
SHA256	`e2480e9cdd3b475bf276573c6e9b2e04491911bb21d761d159546446d6fd9fb6`
CRC32	`CCF29A37`
ssdeep	`6144:5xb8ZqekwkREHYuRP/4Th3gpjMl6x/Vlhg2U7V50DErMEhoI1+hRRw9m:5xb8ZqekwkJPaThgyDChXohRRw`
PDB Path	C:\tools\msys64\home\micro\src\libsodium\bin\x64\Release\v141\dynamic\libsodium.pdb
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_abytes
1508
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_abytes
  2332
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_decrypt
2160
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_decrypt
  2384
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_beforenm
2072
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_beforenm
  2456
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_decrypt_afternm
2260
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_decrypt_afternm
  2576
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_decrypt_detached
2416
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_decrypt_detached
  2772
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_decrypt_detached_afternm
2596
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_decrypt_detached_afternm
  2748
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_encrypt
2720
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_encrypt
  2928
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_encrypt_afternm
2896
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_encrypt_afternm
  2256
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_encrypt_detached
2156
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_encrypt_detached
  2532
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_encrypt_detached_afternm
2452
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_encrypt_detached_afternm
  2908
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_is_available
2768
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_is_available
  2608
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_keybytes
2148
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_keybytes
  3000
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_keygen
2884
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_keygen
  2572
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_messagebytes_max
2968
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_messagebytes_max
  2972
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_npubbytes
2964
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_npubbytes
  3220
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_nsecbytes
3080
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_nsecbytes
  3308
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_statebytes
3196
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_aes256gcm_statebytes
  3464
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_abytes
3372
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_abytes
  3636
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_decrypt
3496
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_decrypt
  3748
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_decrypt_detached
3604
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_decrypt_detached
  3924
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_encrypt
3740
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_encrypt
  3972
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_encrypt_detached
3876
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_encrypt_detached
  2312
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_abytes
4060
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_abytes
  3412
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_decrypt
3296
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_decrypt
  3620
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_decrypt_detached
3528
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_decrypt_detached
  3468
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_encrypt
3788
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_encrypt
  3136
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_encrypt_detached
3948
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_encrypt_detached
  1836
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_keybytes
3152
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_keybytes
  3900
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_keygen
3772
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_keygen
  3844
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_messagebytes_max
4016
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_messagebytes_max
  3284
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_npubbytes
3676
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_npubbytes
  3736
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_nsecbytes
3916
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_ietf_nsecbytes
  4140
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_keybytes
4160
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_keybytes
  4632
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_keygen
4280
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_keygen
  4520
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_messagebytes_max
4372
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_messagebytes_max
  4708
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_npubbytes
4468
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_npubbytes
  4740
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_nsecbytes
4604
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_chacha20poly1305_nsecbytes
  4900
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_abytes
4816
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_abytes
  5004
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt
4984
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt
  4228
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt_detached
4108
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_decrypt_detached
  4452
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt
4312
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt
  4616
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt_detached
4512
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_encrypt_detached
  5012
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_keybytes
4764
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_keybytes
  5092
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_keygen
5024
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_keygen
  4500
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_messagebytes_max
4292
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_messagebytes_max
  4712
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_npubbytes
4480
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_npubbytes
  4388
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_nsecbytes
4920
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_aead_xchacha20poly1305_ietf_nsecbytes
  4664
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth
3516
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth
  4428
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_bytes
5096
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_bytes
  4472
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256
4788
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256
  4400
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_bytes
4848
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_bytes
  5268
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_final
5124
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_final
  5372
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_init
5228
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_init
  5500
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_keybytes
5364
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_keybytes
  5524
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_keygen
5540
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_keygen
  5924
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_statebytes
5688
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_statebytes
  6076
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_update
5784
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_update
  6100
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_verify
5876
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha256_verify
  5244
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512
6004
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512
  5180
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256
5136
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256
  5472
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_bytes
5432
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_bytes
  5736
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_final
5716
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_final
  6028
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_init
5904
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_init
  5208
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_keybytes
5216
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_keybytes
  6104
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_keygen
5484
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_keygen
  6140
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_statebytes
5800
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_statebytes
  5880
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_update
6124
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_update
  5552
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_verify
6080
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512256_verify
  5856
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512_bytes
5212
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512_bytes
  5408
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512_final
5440
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\0loader_p1_dll_64_n1_x64_inf.dll,rrypto_auth_hmacsha512_final
  6172

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (50 out of 67 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0
IsDebuggerPresent June 28, 2023, 9:21 a.m.			0	0

This executable has a PDB path (1 event)

pdb_path

C:\tools\msys64\home\micro\src\libsodium\bin\x64\Release\v141\dynamic\libsodium.pdb

One or more processes crashed (38 events)

Time & API	Arguments	Status
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x4d0 rrypto_aead_aes256gcm_encrypt-0xeb0 0loader_p1_dll_64_n1_x64_inf+0x26d20 @ 0x7fef3ec6d20 rrypto_aead_aes256gcm_decrypt_afternm+0x7d rrypto_aead_aes256gcm_decrypt_detached-0x23 0loader_p1_dll_64_n1_x64_inf+0x2676d @ 0x7fef3ec676d rrypto_aead_aes256gcm_decrypt+0x92 rrypto_aead_aes256gcm_decrypt_afternm-0x3e 0loader_p1_dll_64_n1_x64_inf+0x266b2 @ 0x7fef3ec66b2 rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x4d0 rrypto_aead_aes256gcm_encrypt-0xeb0 0loader_p1_dll_64_n1_x64_inf+0x26d20 exception.address: 0x7fef3ec6d20 registers.r14: 0 registers.r15: 0 registers.rcx: 34242 registers.rsi: 0 registers.r10: 2226218 registers.rbx: 0 registers.rsp: 2226672 registers.r11: 2225368 registers.r8: 10 registers.r9: 2226208 registers.rdx: 3981890 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2260976 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_aead_xchacha20poly1305_ietf_encrypt_detached+0xfb rrypto_aead_aes256gcm_beforenm-0x265 0loader_p1_dll_64_n1_x64_inf+0x2631b @ 0x7fef3ec631b rrypto_aead_aes256gcm_beforenm+0x12 rrypto_aead_aes256gcm_decrypt-0x8e 0loader_p1_dll_64_n1_x64_inf+0x26592 @ 0x7fef3ec6592 rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: f3 0f 7f 02 66 0f 6f d5 f3 0f 6f 59 10 66 0f ef exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_xchacha20poly1305_ietf_encrypt_detached+0xfb rrypto_aead_aes256gcm_beforenm-0x265 0loader_p1_dll_64_n1_x64_inf+0x2631b exception.address: 0x7fef3ec631b registers.r14: 0 registers.r15: 0 registers.rcx: 4289921024 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 785936 registers.r11: 785024 registers.r8: 2671172 registers.r9: 10 registers.rdx: 262184 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4289921024 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x103 rrypto_aead_aes256gcm_encrypt-0x127d 0loader_p1_dll_64_n1_x64_inf+0x26953 @ 0x7fef3ec6953 rrypto_aead_aes256gcm_decrypt_afternm+0x7d rrypto_aead_aes256gcm_decrypt_detached-0x23 0loader_p1_dll_64_n1_x64_inf+0x2676d @ 0x7fef3ec676d rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 66 41 0f ef 4d 00 66 41 0f 6f c1 66 41 0f 38 dc exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x103 rrypto_aead_aes256gcm_encrypt-0x127d 0loader_p1_dll_64_n1_x64_inf+0x26953 exception.address: 0x7fef3ec6953 registers.r14: 0 registers.r15: 0 registers.rcx: 65894 registers.rsi: 0 registers.r10: 2096378 registers.rbx: 0 registers.rsp: 2096832 registers.r11: 2096184 registers.r8: 10 registers.r9: 2096368 registers.rdx: 2867810 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 16770944 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x4d0 rrypto_aead_aes256gcm_encrypt-0xeb0 0loader_p1_dll_64_n1_x64_inf+0x26d20 @ 0x7fef3ec6d20 rrypto_aead_aes256gcm_decrypt_detached+0x92 rrypto_aead_aes256gcm_decrypt_detached_afternm-0x2e 0loader_p1_dll_64_n1_x64_inf+0x26822 @ 0x7fef3ec6822 rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x4d0 rrypto_aead_aes256gcm_encrypt-0xeb0 0loader_p1_dll_64_n1_x64_inf+0x26d20 exception.address: 0x7fef3ec6d20 registers.r14: 0 registers.r15: 0 registers.rcx: 12799 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1243536 registers.r11: 1242328 registers.r8: 3195492 registers.r9: 10 registers.rdx: 4289921024 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1667088 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x103 rrypto_aead_aes256gcm_encrypt-0x127d 0loader_p1_dll_64_n1_x64_inf+0x26953 @ 0x7fef3ec6953 rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 66 41 0f ef 4d 00 66 41 0f 6f c1 66 41 0f 38 dc exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_decrypt_detached_afternm+0x103 rrypto_aead_aes256gcm_encrypt-0x127d 0loader_p1_dll_64_n1_x64_inf+0x26953 exception.address: 0x7fef3ec6953 registers.r14: 0 registers.r15: 0 registers.rcx: 65902 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 982992 registers.r11: 982440 registers.r8: 2278020 registers.r9: 10 registers.rdx: 4289921024 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 80 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 0loader_p1_dll_64_n1_x64_inf+0x282e0 @ 0x7fef3ec82e0 rrypto_aead_aes256gcm_encrypt_afternm+0x61 rrypto_aead_aes256gcm_encrypt_detached-0x1f 0loader_p1_dll_64_n1_x64_inf+0x27d01 @ 0x7fef3ec7d01 rrypto_aead_aes256gcm_encrypt+0x8f rrypto_aead_aes256gcm_encrypt_afternm-0x41 0loader_p1_dll_64_n1_x64_inf+0x27c5f @ 0x7fef3ec7c5f rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 0loader_p1_dll_64_n1_x64_inf+0x282e0 exception.address: 0x7fef3ec82e0 registers.r14: 0 registers.r15: 0 registers.rcx: 16943 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1507216 registers.r11: 1505896 registers.r8: 0 registers.r9: 1506096 registers.rdx: 1506752 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1929200 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x12e rrypto_aead_aes256gcm_is_available-0x1232 0loader_p1_dll_64_n1_x64_inf+0x27f0e @ 0x7fef3ec7f0e rrypto_aead_aes256gcm_encrypt_afternm+0x61 rrypto_aead_aes256gcm_encrypt_detached-0x1f 0loader_p1_dll_64_n1_x64_inf+0x27d01 @ 0x7fef3ec7d01 rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 66 41 0f ef 4d 00 66 41 0f 38 dc 09 66 41 0f 38 exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x12e rrypto_aead_aes256gcm_is_available-0x1232 0loader_p1_dll_64_n1_x64_inf+0x27f0e exception.address: 0x7fef3ec7f0e registers.r14: 0 registers.r15: 0 registers.rcx: 65936 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2423776 registers.r11: 2423128 registers.r8: 0 registers.r9: 967282 registers.rdx: 2423360 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 19386880 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 0loader_p1_dll_64_n1_x64_inf+0x282e0 @ 0x7fef3ec82e0 rrypto_aead_aes256gcm_encrypt_detached+0x9c rrypto_aead_aes256gcm_encrypt_detached_afternm-0x24 0loader_p1_dll_64_n1_x64_inf+0x27dbc @ 0x7fef3ec7dbc rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 0loader_p1_dll_64_n1_x64_inf+0x282e0 exception.address: 0x7fef3ec82e0 registers.r14: 0 registers.r15: 0 registers.rcx: 28521 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1834720 registers.r11: 1833496 registers.r8: 2736740 registers.r9: 1833600 registers.rdx: 1834240 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1843232 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 0loader_p1_dll_64_n1_x64_inf+0x282e0 @ 0x7fef3ec82e0 rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: f3 0f 6f 50 10 f3 0f 6f 20 f3 0f 6f 68 f0 f3 0f exception.exception_code: 0xc0000005 exception.symbol: rrypto_aead_aes256gcm_encrypt_detached_afternm+0x500 rrypto_aead_aes256gcm_is_available-0xe60 0loader_p1_dll_64_n1_x64_inf+0x282e0 exception.address: 0x7fef3ec82e0 registers.r14: 0 registers.r15: 0 registers.rcx: 30678 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2096256 registers.r11: 2095704 registers.r8: 3981956 registers.r9: 3981744 registers.rdx: 2095744 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2228224 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 197314 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 1701912 registers.r11: 1701648 registers.r8: 3588672 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 3588480 registers.rdi: 197314 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 328422 registers.r15: 10 registers.rcx: 980256 registers.rsi: 980586 registers.r10: 8791771393930 registers.rbx: 64 registers.rsp: 979784 registers.r11: 10 registers.r8: 64 registers.r9: 0 registers.rdx: 0 registers.r12: 8791771393930 registers.rbp: 980576 registers.rdi: 980256 registers.rax: 19221 registers.r13: 2277984	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 131818 registers.r15: 3064450 registers.rcx: 1832336 registers.rsi: 1832576 registers.r10: 8791771393930 registers.rbx: 64 registers.rsp: 1831864 registers.r11: 1832112 registers.r8: 64 registers.r9: 0 registers.rdx: 0 registers.r12: 8791771393930 registers.rbp: 10 registers.rdi: 1832336 registers.rax: 19221 registers.r13: 3064450	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 2998880 registers.r15: 66350 registers.rcx: 1112576 registers.rsi: 2998880 registers.r10: 8791771393930 registers.rbx: 64 registers.rsp: 1112120 registers.r11: 1112464 registers.r8: 64 registers.r9: 0 registers.rdx: 0 registers.r12: 66360 registers.rbp: 8791771393930 registers.rdi: 1112576 registers.rax: 19221 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 10 registers.r15: 66354 registers.rcx: 1113376 registers.rsi: 2998688 registers.r10: 2998914 registers.rbx: 64 registers.rsp: 1112920 registers.r11: 1113168 registers.r8: 64 registers.r9: 0 registers.rdx: 0 registers.r12: 4289921024 registers.rbp: 2998914 registers.rdi: 1113376 registers.rax: 3976527939 registers.r13: 2998914	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 131958 registers.r15: 10 registers.rcx: 1373760 registers.rsi: 1374090 registers.r10: 8791771393930 registers.rbx: 64 registers.rsp: 1373288 registers.r11: 10 registers.r8: 64 registers.r9: 1557098 registers.rdx: 0 registers.r12: 8791771393930 registers.rbp: 1374080 registers.rdi: 1373760 registers.rax: 4144335688 registers.r13: 1557098	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 66426 registers.r15: 2605724 registers.rcx: 1374272 registers.rsi: 1374512 registers.r10: 8791771393930 registers.rbx: 64 registers.rsp: 1373800 registers.r11: 1374048 registers.r8: 64 registers.r9: 2605724 registers.rdx: 0 registers.r12: 8791771393930 registers.rbp: 10 registers.rdi: 1374272 registers.rax: 4144335688 registers.r13: 2605724	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 2343530 registers.r15: 66494 registers.rcx: 1047040 registers.rsi: 8791771393930 registers.r10: 8791771393930 registers.rbx: 64 registers.rsp: 1046584 registers.r11: 1046928 registers.r8: 64 registers.r9: 2343530 registers.rdx: 0 registers.r12: 66504 registers.rbp: 2343530 registers.rdi: 1047040 registers.rax: 4144335688 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 10 registers.r15: 66500 registers.rcx: 2095344 registers.rsi: 3195548 registers.r10: 3195548 registers.rbx: 64 registers.rsp: 2094888 registers.r11: 2095136 registers.r8: 64 registers.r9: 3195312 registers.rdx: 0 registers.r12: 4289921024 registers.rbp: 3195312 registers.rdi: 2095344 registers.rax: 6881350 registers.r13: 3195548	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 197582 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 1505736 registers.r11: 1505472 registers.r8: 3654248 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 3654032 registers.rdi: 197582 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 197652 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 1308360 registers.r11: 1308096 registers.r8: 2540126 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 2539920 registers.rdi: 197652 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 197620 registers.r15: 10 registers.rcx: 1307952 registers.rsi: 1308490 registers.r10: 1308176 registers.rbx: 64 registers.rsp: 1307480 registers.r11: 2213458141 registers.r8: 64 registers.r9: 1308192 registers.rdx: 0 registers.r12: 1308176 registers.rbp: 1308480 registers.rdi: 1307952 registers.rax: 611617608 registers.r13: 1308192	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 132154 registers.r15: 4375198 registers.rcx: 2161328 registers.rsi: 2161776 registers.r10: 2161552 registers.rbx: 64 registers.rsp: 2160856 registers.r11: 163152284 registers.r8: 64 registers.r9: 2161568 registers.rdx: 0 registers.r12: 2161552 registers.rbp: 10 registers.rdi: 2161328 registers.rax: 611617608 registers.r13: 2161568	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 2802284 registers.r15: 66622 registers.rcx: 1506048 registers.rsi: 1506288 registers.r10: 1506288 registers.rbx: 64 registers.rsp: 1505592 registers.r11: 1689251030 registers.r8: 64 registers.r9: 1506304 registers.rdx: 0 registers.r12: 66632 registers.rbp: 66632 registers.rdi: 1506048 registers.rax: 611617608 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 10 registers.r15: 66686 registers.rcx: 1178464 registers.rsi: 1178704 registers.r10: 1178704 registers.rbx: 64 registers.rsp: 1178008 registers.r11: 154166118 registers.r8: 64 registers.r9: 1178720 registers.rdx: 0 registers.r12: 4289921024 registers.rbp: 4289921024 registers.rdi: 1178464 registers.rax: 26445 registers.r13: 3130014	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 66722 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 1374120 registers.r11: 1373856 registers.r8: 2867818 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 2867600 registers.rdi: 66722 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 1242320 registers.r15: 0 registers.rcx: 1242032 registers.rsi: 10 registers.r10: 0 registers.rbx: 4289921024 registers.rsp: 1241992 registers.r11: 1242416 registers.r8: 128 registers.r9: 10 registers.rdx: 54 registers.r12: 10 registers.rbp: 1242185 registers.rdi: 32 registers.rax: 0 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_auth_hmacsha256_init+0x15a rrypto_auth_hmacsha256_update-0x186 0loader_p1_dll_64_n1_x64_inf+0x1688a @ 0x7fef3eb688a rrypto_auth_hmacsha256+0x39 rrypto_auth_hmacsha256_final-0x47 0loader_p1_dll_64_n1_x64_inf+0x16669 @ 0x7fef3eb6669 rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 41 0f b6 04 08 30 01 48 3b d7 72 ea 41 b8 40 00 exception.instruction: movzx eax, byte ptr [r8 + rcx] exception.exception_code: 0xc0000005 exception.symbol: rrypto_auth_hmacsha256_init+0x15a rrypto_auth_hmacsha256_update-0x186 0loader_p1_dll_64_n1_x64_inf+0x1688a exception.address: 0x7fef3eb688a registers.r14: 0 registers.r15: 0 registers.rcx: 1177984 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1178976 registers.r11: 1178064 registers.r8: -1177974 registers.r9: 10 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1177984 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_hash_sha256_statebytes+0x6a rrypto_hash_sha256-0xd96 0loader_p1_dll_64_n1_x64_inf+0x24c2a @ 0x7fef3ec4c2a rrypto_hash_sha256_final+0x2f rrypto_hash_sha256_init-0x51 0loader_p1_dll_64_n1_x64_inf+0x25a5f @ 0x7fef3ec5a5f rrypto_auth_hmacsha256_final+0x29 rrypto_auth_hmacsha256_init-0x57 0loader_p1_dll_64_n1_x64_inf+0x166d9 @ 0x7fef3eb66d9 rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 88 44 19 28 4d 8d 40 01 41 3b d2 72 e9 48 8d b5 exception.instruction: mov byte ptr [rcx + rbx + 0x28], al exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_sha256_statebytes+0x6a rrypto_hash_sha256-0xd96 0loader_p1_dll_64_n1_x64_inf+0x24c2a exception.address: 0x7fef3ec4c2a registers.r14: 0 registers.r15: 0 registers.rcx: 6 registers.rsi: 0 registers.r10: 50 registers.rbx: 0 registers.rsp: 1374864 registers.r11: 1373952 registers.r8: 8791595514960 registers.r9: 6 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 128 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_hash_sha256_statebytes+0xd90 rrypto_hash_sha256-0x70 0loader_p1_dll_64_n1_x64_inf+0x25950 @ 0x7fef3ec5950 rrypto_hash_sha256_statebytes+0x185 rrypto_hash_sha256-0xc7b 0loader_p1_dll_64_n1_x64_inf+0x24d45 @ 0x7fef3ec4d45 rrypto_hash_sha256_update+0x118 rrypto_aead_xchacha20poly1305_ietf_decrypt-0x3e8 0loader_p1_dll_64_n1_x64_inf+0x25be8 @ 0x7fef3ec5be8 rrypto_auth_hmacsha256_init+0x43 rrypto_auth_hmacsha256_update-0x29d 0loader_p1_dll_64_n1_x64_inf+0x16773 @ 0x7fef3eb6773 rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 0f b6 48 ff 0f b6 50 fe 48 8d 40 04 c1 e2 08 0b exception.instruction: movzx ecx, byte ptr [rax + 0xffffffffffffffff] exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_sha256_statebytes+0xd90 rrypto_hash_sha256-0x70 0loader_p1_dll_64_n1_x64_inf+0x25950 exception.address: 0x7fef3ec5950 registers.r14: 0 registers.r15: 0 registers.rcx: -4288215872 registers.rsi: 0 registers.r10: 328906 registers.rbx: 0 registers.rsp: 1767680 registers.r11: 1765340707 registers.r8: 16 registers.r9: -4288215874 registers.rdx: 4289982464 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4289982466 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 263372 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 1768136 registers.r11: 1767872 registers.r8: 1950274 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 1950080 registers.rdi: 263372 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_hash_sha256_update+0x33 rrypto_aead_xchacha20poly1305_ietf_decrypt-0x4cd 0loader_p1_dll_64_n1_x64_inf+0x25b03 @ 0x7fef3ec5b03 rrypto_auth_hmacsha256_update+0x9 rrypto_auth_hmacsha256_verify-0x7 0loader_p1_dll_64_n1_x64_inf+0x16a19 @ 0x7fef3eb6a19 rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 48 8b 41 20 41 bf 40 00 00 00 48 8b e8 41 8b d7 exception.instruction: mov rax, qword ptr [rcx + 0x20] exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_sha256_update+0x33 rrypto_aead_xchacha20poly1305_ietf_decrypt-0x4cd 0loader_p1_dll_64_n1_x64_inf+0x25b03 exception.address: 0x7fef3ec5b03 registers.r14: 0 registers.r15: 0 registers.rcx: 263376 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 718912 registers.r11: 718000 registers.r8: 1622594 registers.r9: 10 registers.rdx: 4289921024 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 47936898946626 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_auth_hmacsha256_init+0x15a rrypto_auth_hmacsha256_update-0x186 0loader_p1_dll_64_n1_x64_inf+0x1688a @ 0x7fef3eb688a rrypto_auth_hmacsha256+0x39 rrypto_auth_hmacsha256_final-0x47 0loader_p1_dll_64_n1_x64_inf+0x16669 @ 0x7fef3eb6669 rrypto_auth_hmacsha256_verify+0x23 rrypto_kdf_derive_from_key-0x4d 0loader_p1_dll_64_n1_x64_inf+0x16a43 @ 0x7fef3eb6a43 rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 41 0f b6 04 08 30 01 48 3b d7 72 ea 41 b8 40 00 exception.instruction: movzx eax, byte ptr [r8 + rcx] exception.exception_code: 0xc0000005 exception.symbol: rrypto_auth_hmacsha256_init+0x15a rrypto_auth_hmacsha256_update-0x186 0loader_p1_dll_64_n1_x64_inf+0x1688a exception.address: 0x7fef3eb688a registers.r14: 0 registers.r15: 0 registers.rcx: 2619712 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2620816 registers.r11: 2619904 registers.r8: -2619702 registers.r9: 10 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 2619712 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 718784 registers.r15: 0 registers.rcx: 718496 registers.rsi: 10 registers.r10: 0 registers.rbx: 4289921024 registers.rsp: 718456 registers.r11: 718880 registers.r8: 128 registers.r9: 10 registers.rdx: 54 registers.r12: 10 registers.rbp: 718649 registers.rdi: 32 registers.rax: 0 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 0x48792 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48792 registers.r14: 2553600 registers.r15: 0 registers.rcx: 2553312 registers.rsi: 10 registers.r10: 0 registers.rbx: 4289921024 registers.rsp: 2553272 registers.r11: 2553696 registers.r8: 128 registers.r9: 10 registers.rdx: 54 registers.r12: 10 registers.rbp: 2553465 registers.rdi: 32 registers.rax: 0 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_auth_hmacsha512256_final+0x2e rrypto_auth_hmacsha512256_init-0x22 0loader_p1_dll_64_n1_x64_inf+0x1657e @ 0x7fef3eb657e rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 0f 11 03 0f 11 4b 10 48 8b 4c 24 60 48 33 cc e8 exception.exception_code: 0xc0000005 exception.symbol: rrypto_auth_hmacsha512256_final+0x2e rrypto_auth_hmacsha512256_init-0x22 0loader_p1_dll_64_n1_x64_inf+0x1657e exception.address: 0x7fef3eb657e registers.r14: 0 registers.r15: 0 registers.rcx: 3141592653589774336 registers.rsi: 0 registers.r10: 2291872 registers.rbx: 0 registers.rsp: 2292896 registers.r11: -3535061307268065689 registers.r8: 0 registers.r9: 2291872 registers.rdx: 64 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_hash_primitive+0xf60 rrypto_hash_sha512-0xd0 0loader_p1_dll_64_n1_x64_inf+0x24820 @ 0x7fef3ec4820 rrypto_hash_primitive+0x155 rrypto_hash_sha512-0xedb 0loader_p1_dll_64_n1_x64_inf+0x23a15 @ 0x7fef3ec3a15 rrypto_hash_sha512_update+0x138 rrypto_hash_sha256_statebytes-0x68 0loader_p1_dll_64_n1_x64_inf+0x24b58 @ 0x7fef3ec4b58 rrypto_auth_hmacsha512_init+0x46 rrypto_auth_hmacsha512256_statebytes-0x27a 0loader_p1_dll_64_n1_x64_inf+0x161c6 @ 0x7fef3eb61c6 rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 0f b6 48 ff 0f b6 50 fe 48 8d 40 08 48 c1 e2 08 exception.instruction: movzx ecx, byte ptr [rax + 0xffffffffffffffff] exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_primitive+0xf60 rrypto_hash_sha512-0xd0 0loader_p1_dll_64_n1_x64_inf+0x24820 exception.address: 0x7fef3ec4820 registers.r14: 0 registers.r15: 0 registers.rcx: -4288281392 registers.rsi: 0 registers.r10: 66906 registers.rbx: 0 registers.rsp: 1702656 registers.r11: -6982193198004395656 registers.r8: 16 registers.r9: -4288281394 registers.rdx: 4289982464 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4289982466 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 0x48540 exception.symbol: exception.exception_code: 0xc0000005 exception.address: 0x48540 registers.r14: 0 registers.r15: 0 registers.rcx: 197978 registers.rsi: 0 registers.r10: 0 registers.rbx: 32 registers.rsp: 850072 registers.r11: 849808 registers.r8: 2015816 registers.r9: 10 registers.rdx: 32 registers.r12: 10 registers.rbp: 2015616 registers.rdi: 197978 registers.rax: 4294967295 registers.r13: 0	1
__exception__ June 28, 2023, 9:21 a.m.	stacktrace: rrypto_hash_primitive+0xf60 rrypto_hash_sha512-0xd0 0loader_p1_dll_64_n1_x64_inf+0x24820 @ 0x7fef3ec4820 rrypto_hash_primitive+0x155 rrypto_hash_sha512-0xedb 0loader_p1_dll_64_n1_x64_inf+0x23a15 @ 0x7fef3ec3a15 rrypto_hash_sha512_update+0x138 rrypto_hash_sha256_statebytes-0x68 0loader_p1_dll_64_n1_x64_inf+0x24b58 @ 0x7fef3ec4b58 rrypto_auth_hmacsha512_update+0x9 rrypto_auth_hmacsha512_verify-0x7 0loader_p1_dll_64_n1_x64_inf+0x16459 @ 0x7fef3eb6459 rundll32+0x2f42 @ 0xffb32f42 rundll32+0x3b7a @ 0xffb33b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76fd652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x776ec521 exception.instruction_r: 0f b6 48 ff 0f b6 50 fe 48 8d 40 08 48 c1 e2 08 exception.instruction: movzx ecx, byte ptr [rax + 0xffffffffffffffff] exception.exception_code: 0xc0000005 exception.symbol: rrypto_hash_primitive+0xf60 rrypto_hash_sha512-0xd0 0loader_p1_dll_64_n1_x64_inf+0x24820 exception.address: 0x7fef3ec4820 registers.r14: 0 registers.r15: 0 registers.rcx: -4288083792 registers.rsi: 0 registers.r10: 132478 registers.rbx: 0 registers.rsp: 1900016 registers.r11: -2476444544455851327 registers.r8: 16 registers.r9: -4288083794 registers.rdx: 4289982464 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4289982466 registers.r13: 0	1

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00005000', u'virtual_address': u'0x0004d000', u'entropy': 7.57129319580482, u'name': u'.reloc', u'virtual_size': u'0x000048d0'}

entropy

7.5712931958

description

A section with a high entropy has been found

File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 events)

Lionic	Trojan.Win32.Ulise.4!c
DrWeb	Trojan.Siggen20.63345
Malwarebytes	Malware.AI.4261148537
K7AntiVirus	Riskware ( 00584baa1 )
K7GW	Riskware ( 00584baa1 )
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	Win64/Patched.AC
Avast	Win64:Malware-gen
TrendMicro	TrojanSpy.Win64.ICEDID.YXDFOZ
McAfee-GW-Edition	Artemis
Sophos	Troj/IcedID-ID
Google	Detected
AhnLab-V3	Malware/Win.Malware-gen.C5441610
McAfee	Artemis!DBF161014034
Cylance	unsafe
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TrojanSpy.Win64.ICEDID.YXDFOZ
Rising	Trojan.IcedID!8.102AF (C64:YzY0OiryJlJm7GFd)
Ikarus	Trojan-Banker.IcedID
MaxSecure	Trojan.Malware.209887580.susgen
Fortinet	W32/PossibleThreat
AVG	Win64:Malware-gen
DeepInstinct	MALICIOUS

0loader_p1_dll_64_n1_x64_inf.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All