Summary | ZeroBOX

MNKLOP873.exe

RedLine Infostealer UltraVNC Malicious Library UPX AntiDebug PE File OS Processor Check PE32 AntiVM
Category Machine Started Completed
FILE s1_win7_x6401 July 20, 2023, 7:41 a.m. July 20, 2023, 7:48 a.m.
Size 951.5KB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 a79a555d8074362ce42e03465fc6655d
SHA256 8904fe72b770215a4e3bc82f6e1fda9756a147fb86bdac2fec7ebac577866764
CRC32 C3074DCE
ssdeep 24576:Hk70TrczzmYJqlHIJYhO2VVP1ru6DGt1blxIj:HkQTAzztJcoKhOgVP1rjD417Ij
PDB Path
Yara
  • UPX_Zero - UPX packed file
  • OS_Processor_Check_Zero - OS Processor Check
  • MALWARE_Win_VT_RedLine - Detects RedLine infostealer
  • Malicious_Library_Zero - Malicious_Library
  • PE_Header_Zero - PE File Signature
  • UltraVNC_Zero - UltraVNC
  • IsPE32 - (no description)

Suricata Alerts

Flow SID Signature Category
UDP 192.168.56.101:54883 -> 164.124.101.2:53 2027867 ET INFO Observed DNS Query to .life TLD Potentially Bad Traffic
TCP 192.168.56.101:49176 -> 162.0.214.109:80 2027876 ET INFO HTTP Request to Suspicious *.life Domain Potentially Bad Traffic
TCP 192.168.56.101:49177 -> 162.0.214.109:80 2027876 ET INFO HTTP Request to Suspicious *.life Domain Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

IsDebuggerPresent

0 0

IsDebuggerPresent

0 0
Time & API Arguments Status Return Repeated

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x006313c8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00631840
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00638498
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00638498
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

buffer: <INVALID POINTER>
crypto_handle: 0x00638498
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
pdb_path
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

1 1 0
Time & API Arguments Status Return Repeated

__exception__

stacktrace:
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: f3 aa 8b 45 f0 8b 4d 08 8b 55 10 03 c8 2b d0 52
exception.symbol: mnklop873+0xf088
exception.instruction: stosb byte ptr es:[edi], al
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61576
exception.address: 0x40f088
registers.esp: 1636996
registers.edi: 4350244
registers.eax: 0
registers.ebp: 1637012
registers.edx: 0
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 12
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4353968
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6479
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4358064
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6447
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4362160
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6415
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4366256
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6383
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4370352
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6351
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4374448
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6319
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4378544
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6287
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4382640
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6255
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4386736
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6223
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4390832
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6191
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4394928
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6159
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4399024
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6127
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4403120
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6095
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4407216
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6063
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4411312
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 6031
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4415408
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5999
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4419504
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5967
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4423600
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5935
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4427696
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5903
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4431792
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5871
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4435888
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5839
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4439984
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5807
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4444080
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5775
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4448176
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5743
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4452272
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5711
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4456368
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5679
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4460464
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5647
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4464560
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5615
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4468656
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5583
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4472752
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5551
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4476848
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5519
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4480944
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5487
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4485040
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5455
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4489136
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5423
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4493232
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5391
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4497328
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5359
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4501424
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5327
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4505520
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5295
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4509616
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5263
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4513712
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5231
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4517808
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5199
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4521904
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5167
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4526000
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5135
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4530096
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5103
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4534192
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5071
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4538288
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5039
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4542384
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 5007
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4546480
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 4975
1 0 0

__exception__

stacktrace:
mnklop873+0xf054 @ 0x40f054
mnklop873+0xf0a0 @ 0x40f0a0
mnklop873+0x1fa2 @ 0x401fa2

exception.instruction_r: 66 0f 7f 47 50 66 0f 7f 47 60 66 0f 7f 47 70 8d
exception.symbol: mnklop873+0xefff
exception.address: 0x40efff
exception.module: MNKLOP873.exe
exception.exception_code: 0xc0000005
exception.offset: 61439
registers.esp: 1636940
registers.edi: 4550576
registers.eax: 4350256
registers.ebp: 1636944
registers.edx: 51
registers.ebx: 0
registers.esi: 31457312
registers.ecx: 4943
1 0 0
request POST http://www.claycountycompass.com/im0n/
request GET http://www.claycountycompass.com/im0n/?hejeEiw=6nVoOeydDdvEQoPzwGPbqVgi08ClPM7fMf2WAdo25FxHApFMgRyGDr8Xy0pHB84PirmLfNDueGK1IwqBROdGhKr6EMwVGq4Q7vg2wcU=&D6hm=jOua5v
request GET http://www.sqlite.org/2018/sqlite-dll-win32-x86-3240000.zip
request POST http://www.bvgroupcos.com/im0n/
request GET http://www.bvgroupcos.com/im0n/?hejeEiw=QLS70cqyyFTrHSP3+ZSMntARCP/tzE0lBA81dKJoiiN3wUIvdjfDKnc+qw6jKIOsjlxuk6bGrWGgdTY/PCm+3BJZYOiYOewPkXwe+Jk=&D6hm=jOua5v
request POST http://www.rcosewe.com/im0n/
request GET http://www.rcosewe.com/im0n/?hejeEiw=KI+kJwpdsPvzoihrct6O+87Xk4PyfxIetYGKXAtKf4ZOaMK/E93JTX1mxFDgsPS99iov27I97GFTzVC2xNSHMx/bXfjZncuWa1wyyIs=&D6hm=jOua5v
request POST http://www.alannamershon.lol/im0n/
request GET http://www.alannamershon.lol/im0n/?hejeEiw=BtWsWYH8mR03jhsXlFBDofLGiJ0nWsYBlzTiwVSDx/H0EYvrQ8F2562MoCXeDPwHUyeNtzpJcr0VJBs2NlhuiMvceUnMecZSMshjYM4=&D6hm=jOua5v
request POST http://www.adkoplan.net/im0n/
request GET http://www.adkoplan.net/im0n/?hejeEiw=YDOXNTfxU0JD7txBac3A8smkukDsBR698QaZNoqaXIkGbzmD1XDmW+uDLr4tiPyK8a/F+aWo0zvpbVdCKu9S34oWienqtQquCK2q9as=&D6hm=jOua5v
request POST http://www.globourd.life/im0n/
request GET http://www.globourd.life/im0n/?hejeEiw=5tf/8dj/eN2+ceR3RgQ57gpqpXD7ZLeehNhmvk6YF2YhpYsb1jOJ09L0EvHjptkOpa7fFYEzay1EV6NPRS2gwPg5iNQOwT0+BeKgpWA=&D6hm=jOua5v
request POST http://www.aquatic-organisms.info/im0n/
request GET http://www.aquatic-organisms.info/im0n/?hejeEiw=TrW6pHqt1MKD12fzlTIVY/zAdF+2OR7UWbm4lQzyVasMFf6YImOjdlT2uIyIHS8WT1QpyWZSRhwQrnxPMdhDKMi9esOBqOXPb2vniSE=&D6hm=jOua5v
request POST http://www.claycountycompass.com/im0n/
request POST http://www.bvgroupcos.com/im0n/
request POST http://www.rcosewe.com/im0n/
request POST http://www.alannamershon.lol/im0n/
request POST http://www.adkoplan.net/im0n/
request POST http://www.globourd.life/im0n/
request POST http://www.aquatic-organisms.info/im0n/
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 1245184
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x020f0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x021e0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 1179648
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x022c0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x727a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

process_identifier: 2560
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x727a2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 589824
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02220000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02270000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02162000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023a1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023a2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0216a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0216c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023a3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0217c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x023a4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0219b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02197000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ac0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02195000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ac1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ac3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 20480
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ac4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04ac9000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04aca000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02186000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0218a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x02187000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04acc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04acd000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2560
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04acf000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

process_identifier: 2660
region_size: 3158016
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00c20000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0xffffffff
1 0 0
section {u'size_of_data': u'0x000cbe00', u'virtual_address': u'0x00026000', u'entropy': 7.999677674480641, u'name': u'.rsrc', u'virtual_size': u'0x000cbc8c'} entropy 7.99967767448 description A section with a high entropy has been found
entropy 0.857969489742 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

system_name:
privilege_name: SeDebugPrivilege
1 1 0
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Bypass DEP rule disable_dep
host 162.55.60.2
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

process_identifier: 2660
region_size: 217088
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x00000228
1 0 0
Time & API Arguments Status Return Repeated

WriteProcessMemory

buffer: MZERèXƒè ‹ÈƒÀ<‹ÁƒÀ(ÿᐸº´ Í!¸LÍ!This program cannot be run in DOS mode. $y  =`gó=`gó=`gó¦¨ó:`gó¦ªó<`gó¦«ó<`góRich=`góPELYIñOà  2àP@P@.textÄ12 `
base_address: 0x00400000
process_identifier: 2660
process_handle: 0x00000228
1 1 0

WriteProcessMemory

buffer: @
base_address: 0x7efde008
process_identifier: 2660
process_handle: 0x00000228
1 1 0
Time & API Arguments Status Return Repeated

WriteProcessMemory

buffer: MZERèXƒè ‹ÈƒÀ<‹ÁƒÀ(ÿᐸº´ Í!¸LÍ!This program cannot be run in DOS mode. $y  =`gó=`gó=`gó¦¨ó:`gó¦ªó<`gó¦«ó<`góRich=`góPELYIñOà  2àP@P@.textÄ12 `
base_address: 0x00400000
process_identifier: 2660
process_handle: 0x00000228
1 1 0
Process injection Process 2560 called NtSetContextThread to modify thread in remote process 2660
Time & API Arguments Status Return Repeated

NtSetContextThread

registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4199648
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x00000224
process_identifier: 2660
1 0 0
Process injection Process 2560 resumed a thread in remote process 2660
Time & API Arguments Status Return Repeated

NtResumeThread

thread_handle: 0x00000224
suspend_count: 1
process_identifier: 2660
1 0 0
dead_host 185.83.214.222:80
Time & API Arguments Status Return Repeated

NtResumeThread

thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2560
1 0 0

NtResumeThread

thread_handle: 0x00000188
suspend_count: 1
process_identifier: 2560
1 0 0

NtResumeThread

thread_handle: 0x000001c4
suspend_count: 1
process_identifier: 2560
1 0 0

NtResumeThread

thread_handle: 0x00000214
suspend_count: 1
process_identifier: 2560
1 0 0

NtGetContextThread

thread_handle: 0x0000011c
1 0 0

NtGetContextThread

thread_handle: 0x0000011c
1 0 0

NtResumeThread

thread_handle: 0x0000011c
suspend_count: 1
process_identifier: 2560
1 0 0

NtGetContextThread

thread_handle: 0x0000011c
1 0 0

NtGetContextThread

thread_handle: 0x0000011c
1 0 0

NtResumeThread

thread_handle: 0x0000011c
suspend_count: 1
process_identifier: 2560
1 0 0

CreateProcessInternalW

thread_identifier: 2664
thread_handle: 0x00000224
process_identifier: 2660
current_directory:
filepath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
track: 1
command_line: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
filepath_r: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x00000228
1 1 0

NtGetContextThread

thread_handle: 0x00000224
1 0 0

NtAllocateVirtualMemory

process_identifier: 2660
region_size: 217088
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x00000228
1 0 0

WriteProcessMemory

buffer: MZERèXƒè ‹ÈƒÀ<‹ÁƒÀ(ÿᐸº´ Í!¸LÍ!This program cannot be run in DOS mode. $y  =`gó=`gó=`gó¦¨ó:`gó¦ªó<`gó¦«ó<`góRich=`góPELYIñOà  2àP@P@.textÄ12 `
base_address: 0x00400000
process_identifier: 2660
process_handle: 0x00000228
1 1 0

WriteProcessMemory

buffer:
base_address: 0x00401000
process_identifier: 2660
process_handle: 0x00000228
1 1 0

WriteProcessMemory

buffer: @
base_address: 0x7efde008
process_identifier: 2660
process_handle: 0x00000228
1 1 0

NtSetContextThread

registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4199648
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x00000224
process_identifier: 2660
1 0 0

NtResumeThread

thread_handle: 0x00000224
suspend_count: 1
process_identifier: 2660
1 0 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Generic.mCKO
tehtris Generic.Malware
MicroWorld-eScan Gen:Variant.Lazy.362667
FireEye Generic.mg.a79a555d8074362c
McAfee Artemis!A79A555D8074
Cylance unsafe
VIPRE Gen:Variant.Lazy.362667
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0059c7971 )
Alibaba Trojan:MSIL/Kryptik.2ec2ccf5
K7GW Trojan ( 0059c7971 )
Cybereason malicious.dbb9d8
BitDefenderTheta Gen:NN.ZexaF.36318.7q0@aSS8RMm
Cyren W32/Kryptik.KEF.gen!Eldorado
Symantec Trojan Horse
Elastic malicious (high confidence)
ESET-NOD32 a variant of MSIL/Kryptik.AHLP
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Gen:Variant.Lazy.362667
NANO-Antivirus Trojan.Win32.Inject4.jxijhp
Avast Win32:RATX-gen [Trj]
Tencent Msil.Trojan.Dropper.Najl
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dropper.MSIL.Gen
DrWeb Trojan.Inject4.59123
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Emsisoft Gen:Variant.Lazy.362667 (B)
Ikarus Trojan-Spy.AgentTesla
Webroot W32.Infostealer.Gen
Avira TR/Dropper.MSIL.Gen
Antiy-AVL Trojan/MSIL.Kryptik
Microsoft Trojan:Win32/Casdet!rfn
Arcabit Trojan.Lazy.D588AB
ZoneAlarm UDS:DangerousObject.Multi.Generic
GData Gen:Variant.Lazy.362667
Google Detected
AhnLab-V3 Trojan/Win.Generic.C5456834
ALYac Gen:Variant.Lazy.362667
MAX malware (ai score=84)
Malwarebytes MachineLearning/Anomalous.96%
Panda Trj/Chgt.AD
TrendMicro-HouseCall TROJ_GEN.R002H09GH23
Rising Trojan.Generic@AI.100 (RDML:5AJY8YSh1XctWxiSUm36ug)
Yandex Trojan.Kryptik!6fOiYJ5LTYg
SentinelOne Static AI - Suspicious PE
Fortinet MSIL/Kryptik.AHLP!tr
AVG Win32:RATX-gen [Trj]