popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

rockas.exe

Emotet RedLine stealer Amadey .NET framework(MSIL) Malicious Library MPRESS UPX Malicious Packer ScreenShot PWS AntiDebug PE64 PE File OS Processor Check PE32 .NET EXE AntiVM
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Sept. 2, 2023, 6:30 p.m. Sept. 2, 2023, 6:50 p.m.
Size 918.5KB
Type PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
MD5 98628dba1be12d83b13f1b2bd25d85b6
SHA256 82ecd2b864229b43116466944478c474ac7ff2e8a0dd4f24df59d325953c2b30
CRC32 43DB2F69
ssdeep 24576:TdO/YtNyqi2tAlwYZAVBHPXvkUNF3PEjVwaxG:gkNA2aW8ADP/1fiVwaxG
Yara
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)

Name Response Post-Analysis Lookup
z.nnnaajjjgc.com
A 156.236.72.121
156.236.72.121
happy1sept.tuktuk.ug
A 85.209.3.9
85.209.3.9
IP Address Status Action
156.236.72.121 Active Moloch
164.124.101.2 Active Moloch
5.42.65.80 Active Moloch
85.209.3.9 Active Moloch
95.214.27.254 Active Moloch

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49171 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49168 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49183 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49195 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49184 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49201 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49187 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49181 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49203 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49204 -> 95.214.27.254:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.101:49179 -> 5.42.65.80:80 2027700 ET MALWARE Amadey CnC Check-In Malware Command and Control Activity Detected
TCP 192.168.56.101:49179 -> 5.42.65.80:80 2044695 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M1 A Network Trojan was detected
TCP 192.168.56.101:49179 -> 5.42.65.80:80 2045751 ET MALWARE Win32/Amadey Bot Activity (POST) M2 A Network Trojan was detected
TCP 192.168.56.101:49210 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49178 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49216 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49185 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49179 -> 5.42.65.80:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49189 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 5.42.65.80:80 -> 192.168.56.101:49179 2014819 ET INFO Packed Executable Download Misc activity
TCP 192.168.56.101:49180 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49213 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49207 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 5.42.65.80:80 -> 192.168.56.101:49179 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 5.42.65.80:80 -> 192.168.56.101:49179 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 5.42.65.80:80 -> 192.168.56.101:49179 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.101:49192 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49196 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49198 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49173 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49215 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49188 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49217 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49191 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49219 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49193 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49220 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49202 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49228 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49206 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49211 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49232 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49221 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49229 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49233 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49234 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.101:49223 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49224 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49225 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49236 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49240 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49208 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49241 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49242 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 95.214.27.254:80 -> 192.168.56.101:49204 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 95.214.27.254:80 -> 192.168.56.101:49204 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 95.214.27.254:80 -> 192.168.56.101:49204 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.101:49244 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49245 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49246 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49249 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49252 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49257 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49262 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49266 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49254 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49256 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49258 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49264 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49248 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49250 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49269 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49260 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49261 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49270 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49273 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49267 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49271 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49274 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49275 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49277 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49278 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49279 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49282 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49281 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49283 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49227 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49285 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49204 -> 95.214.27.254:80 2017679 ET HUNTING SUSPICIOUS winlog.exe in URI Probable Process Dump/Trojan Download A Network Trojan was detected
TCP 192.168.56.101:49204 -> 95.214.27.254:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.101:49237 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49286 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49287 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49238 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49289 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49290 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49291 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49293 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49294 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49298 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49303 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49307 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49308 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.101:49310 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2017598 ET MALWARE Possible Kelihos.F EXE Download Common Structure A Network Trojan was detected
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 5.42.65.80:80 -> 192.168.56.101:49200 2014819 ET INFO Packed Executable Download Misc activity
TCP 192.168.56.101:49311 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49312 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 5.42.65.80:80 -> 192.168.56.101:49200 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 5.42.65.80:80 -> 192.168.56.101:49200 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 5.42.65.80:80 -> 192.168.56.101:49200 2021076 ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response Potentially Bad Traffic
TCP 192.168.56.101:49253 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49314 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49315 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49316 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49318 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49320 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49322 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49204 -> 95.214.27.254:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.101:49323 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49326 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49327 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49332 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49333 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49334 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49336 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49338 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49340 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49341 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49344 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49346 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49351 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49352 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49356 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49360 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49362 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49365 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49366 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49371 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49367 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49369 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49380 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49378 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49392 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49383 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49387 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49389 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49385 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49388 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49393 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49398 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49404 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49391 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49405 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49395 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49410 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49414 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49413 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49425 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49421 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49419 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49417 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49430 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49427 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49422 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49423 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49437 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49433 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49426 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49431 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49442 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49439 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49434 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49438 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49449 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49443 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49446 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49450 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49447 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49445 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49458 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49496 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49451 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49459 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49485 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49461 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49493 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49466 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49467 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49474 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49502 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49483 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49489 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49492 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49494 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49501 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49505 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49515 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49517 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49532 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49500 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49513 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49523 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49525 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49529 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49533 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49536 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49540 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49328 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49551 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49556 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49559 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49564 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49567 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49570 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49572 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49573 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49576 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49577 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49580 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49582 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49463 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49470 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49475 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49477 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.101:49479 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49584 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.101:49507 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49585 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043233 ET INFO Microsoft net.tcp Connection Initialization Activity Potentially Bad Traffic
TCP 192.168.56.101:49510 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2046045 ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) A Network Trojan was detected
TCP 192.168.56.101:49512 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49353 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043233 ET INFO Microsoft net.tcp Connection Initialization Activity Potentially Bad Traffic
TCP 85.209.3.9:11290 -> 192.168.56.101:49350 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2046045 ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) A Network Trojan was detected
TCP 85.209.3.9:11290 -> 192.168.56.101:49511 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 192.168.56.101:49519 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49355 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49520 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49537 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49358 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49539 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49588 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.101:49543 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2016141 ET INFO Executable Download from dotted-quad Host Potentially Bad Traffic
TCP 192.168.56.101:49589 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49548 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49590 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49555 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49592 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49561 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49565 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49593 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49568 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49594 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49596 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49597 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49361 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49578 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49370 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.101:49373 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.101:49379 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49382 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49598 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.101:49200 -> 5.42.65.80:80 2044696 ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2 A Network Trojan was detected
TCP 192.168.56.101:49600 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49397 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49400 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49401 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49411 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49415 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49435 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49441 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49455 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49469 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49473 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49480 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49606 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49497 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49609 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49611 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49613 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49295 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49297 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49601 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49602 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49299 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49301 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49302 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49305 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49319 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49324 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49337 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49342 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49347 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49374 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49376 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49508 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49604 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49605 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49623 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49621 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49625 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49626 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49630 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49516 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49633 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49635 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49528 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49643 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49647 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49652 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49655 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49535 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49659 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49618 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49541 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49402 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49406 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49409 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49418 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49429 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49453 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49454 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49457 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49462 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49465 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49471 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49484 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043233 ET INFO Microsoft net.tcp Connection Initialization Activity Potentially Bad Traffic
TCP 192.168.56.101:49488 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49629 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2046045 ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) A Network Trojan was detected
TCP 85.209.3.9:11290 -> 192.168.56.101:49486 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49490 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49498 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49521 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49524 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49527 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49531 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49638 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49549 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49552 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49631 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49634 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49637 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49651 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49656 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49544 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49545 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49547 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49650 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49557 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49560 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49563 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49660 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49671 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49662 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49663 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49669 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49574 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49553 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49672 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49676 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49708 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49715 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49716 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49581 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49719 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49732 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49740 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49745 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49748 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49764 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49781 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49792 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49687 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49693 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49697 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49707 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49725 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49728 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49729 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49736 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49737 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49741 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49767 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49775 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49783 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49679 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49680 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49614 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49681 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49688 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49685 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49615 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49695 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49711 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49720 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49723 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49727 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49617 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49739 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49751 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49752 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49755 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49768 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49772 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49779 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49619 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49780 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49784 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49793 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49622 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49704 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49731 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49743 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49757 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49511 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49763 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49765 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49639 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49771 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49586 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49773 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49641 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49776 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49642 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49787 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49350 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49789 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49654 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49795 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49658 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49796 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49664 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49800 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49675 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49677 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49683 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49684 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49691 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49692 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49699 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49703 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49709 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49724 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49735 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49747 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49749 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49753 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49756 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49760 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49769 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49785 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49788 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49791 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49610 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49627 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49645 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49646 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49666 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49668 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49673 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49689 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49696 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49700 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49701 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49705 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49712 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49713 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49717 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49721 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 156.236.72.121:443 -> 192.168.56.101:49733 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49744 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49486 -> 85.209.3.9:11290 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49759 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49761 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49777 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 156.236.72.121:443 -> 192.168.56.101:49797 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic
TCP 192.168.56.101:49799 -> 156.236.72.121:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 156.236.72.121:443 -> 192.168.56.101:49801 2029340 ET INFO TLS Handshake Failure Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: SUCCESS: The scheduled task "oneetx.exe" has successfully been created.
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: A
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: y
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: u
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: u
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Y
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: N
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: p
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: c
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: d
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: f
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: i
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: l
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: p
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: c
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: d
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: f
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: i
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: l
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: A
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: y
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: u
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: u
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb2d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb2d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bb450
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bbd10
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bbd10
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x002bbbd0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb2d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb2d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cb450
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cbdd0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cbdd0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x004cba10
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab2d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab2d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab1d0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab250
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008ab450
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008abdd0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x008abdd0
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
file C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file C:\Program Files\Mozilla Firefox\firefox.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0xe57e41
0xe57d5a
0xe57c90
0xe57c10
0xe57b53
0xe57af7
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f
CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x727c9efd
CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x727c9fa2
DllGetClassObjectInternal+0x8bed4 CorDllMainForThunk-0x627 clr+0x150f4d @ 0x728f0f4d
DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x727bbcd5
DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x727a2ae9
0xe577bb
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f
CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x727c9efd
CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x727c9fa2
DllGetClassObjectInternal+0x8bed4 CorDllMainForThunk-0x627 clr+0x150f4d @ 0x728f0f4d
DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x727bbcd5
DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x727a2ae9
0xe57767
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f
CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8
CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f
CoUninitializeEE+0xa6b9 CreateAssemblyNameObject-0x359c clr+0x29efd @ 0x727c9efd
CoUninitializeEE+0xa75e CreateAssemblyNameObject-0x34f7 clr+0x29fa2 @ 0x727c9fa2
LogHelp_TerminateOnAssert+0x16b0b GetPrivateContextsPerfCounters-0x2937 clr+0x8564b @ 0x7282564b
CreateAssemblyNameObject+0x2e9ca GetMetaDataInternalInterface-0x9aa5 clr+0x5be63 @ 0x727fbe63
CreateAssemblyNameObject+0x2e4ff GetMetaDataInternalInterface-0x9f70 clr+0x5b998 @ 0x727fb998
CreateAssemblyNameObject+0x2e28d GetMetaDataInternalInterface-0xa1e2 clr+0x5b726 @ 0x727fb726
CreateAssemblyNameObject+0x2eacf GetMetaDataInternalInterface-0x99a0 clr+0x5bf68 @ 0x727fbf68
CreateAssemblyNameObject+0x2e84b GetMetaDataInternalInterface-0x9c24 clr+0x5bce4 @ 0x727fbce4
DllRegisterServerInternal+0xa898 CoUninitializeEE-0x2ba0 clr+0x1cca4 @ 0x727bcca4
DllRegisterServerInternal+0xa92b CoUninitializeEE-0x2b0d clr+0x1cd37 @ 0x727bcd37
DllGetClassObjectInternal+0x437c8 CorDllMainForThunk-0x48d33 clr+0x108841 @ 0x728a8841
LogHelp_TerminateOnAssert+0x129a9 GetPrivateContextsPerfCounters-0x6a99 clr+0x814e9 @ 0x728214e9
mscorlib+0x2d36ad @ 0x719d36ad
mscorlib+0x308f2d @ 0x71a08f2d
0xe576a9
0xe56d83
0xe56d56
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95
CoUninitializeEE+0x789b CreateAssemblyNameObject-0x63ba clr+0x270df @ 0x727c70df
LogHelp_TerminateOnAssert+0x55ee GetPrivateContextsPerfCounters-0x13e54 clr+0x7412e @ 0x7281412e
mscorlib+0x2f1c22 @ 0x719f1c22
mscorlib+0x2f1b99 @ 0x719f1b99
mscorlib+0x2f0814 @ 0x719f0814
mscorlib+0x307407 @ 0x71a07407
0x7aedc4
0x7aed2a
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67

exception.instruction_r: 83 78 04 00 0f 85 4b 2b 00 00 c7 85 dc fd ff ff
exception.instruction: cmp dword ptr [eax + 4], 0
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0xe59054
registers.esp: 2672884
registers.edi: 2674324
registers.eax: 0
registers.ebp: 2674336
registers.edx: 0
registers.ebx: 2674720
registers.esi: 3372
registers.ecx: 13464944
1 0 0

__exception__

 stacktrace: 
RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895 @ 0x76d80895
stacktrace+0x84 memdup-0x1af @ 0x73980470
hook_in_monitor+0x45 lde-0x133 @ 0x739742ea
New_ntdll_NtProtectVirtualMemory+0x34 New_ntdll_NtQueryAttributesFile-0x151 @ 0x73993603
VirtualProtectEx+0x33 MapViewOfFile-0x2d kernelbase+0x13243 @ 0x7fefd503243
VirtualProtect+0x1b VirtualProtectEx-0x15 kernelbase+0x131fb @ 0x7fefd5031fb
winlog+0x1fcb05 @ 0x3bcb05
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
winlog+0x6d1fff @ 0x891fff
GetProcessAffinityMask+0x80 SetThreadContext-0x20 kernel32+0x2ef0 @ 0x76c12ef0
winlog+0x893000 @ 0xa53000
winlog+0x1000 @ 0x1c1000
winlog+0x6d17d9 @ 0x8917d9
0x7fffffd9000
winlog+0x894085 @ 0xa54085
0x7fffffd9000

exception.instruction_r: 0f ae 81 00 01 00 00 0f 29 81 a0 01 00 00 0f 29
exception.symbol: RtlCaptureContext+0x85 RtlRestoreContext-0xaa ntdll+0x50895
exception.address: 0x76d80895
exception.module: ntdll.dll
exception.exception_code: 0xc0000005
exception.offset: 329877
registers.r14: 0
registers.r15: 0
registers.rcx: 14284136
registers.rsi: 10825728
registers.r10: 0
registers.rbx: 1992371952
registers.rsp: 14286456
registers.r11: 514
registers.r8: 64
registers.r9: 4
registers.rdx: 14285480
registers.r12: 0
registers.rbp: 0
registers.rdi: 1835375
registers.rax: 14283816
registers.r13: 0
1 0 0

__exception__

 stacktrace: 
RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd4fa49d
msedge+0xad696f @ 0x14022696f
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x4001000a
exception.offset: 42141
exception.address: 0x7fefd4fa49d
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0

__exception__

 stacktrace: 
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a
0x4001000a

exception.symbol:
exception.exception_code: 0xc0000005
exception.address: 0x4001000a
registers.r14: 1992412944
registers.r15: 0
registers.rcx: 4256272
registers.rsi: 0
registers.r10: 5370964486
registers.rbx: 0
registers.rsp: 4258040
registers.r11: 4257888
registers.r8: 0
registers.r9: 0
registers.rdx: 224
registers.r12: 5370887585
registers.rbp: 4258112
registers.rdi: 5370963936
registers.rax: 1990661908
registers.r13: 765184
1 0 0
suspicious_features POST method with no referer header, POST method with no useragent header, Connection to IP address suspicious_request POST http://5.42.65.80/8bmeVwqx/index.php
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://5.42.65.80/softtool.exe
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://95.214.27.254/getfile/taskhost.exe
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://95.214.27.254/getfile/winlog.exe
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://95.214.27.254/getfile/msedge.exe
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://5.42.65.80/alldata.exe
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://5.42.65.80/4t.exe
request POST http://5.42.65.80/8bmeVwqx/index.php
request GET http://5.42.65.80/softtool.exe
request GET http://95.214.27.254/getfile/taskhost.exe
request GET http://95.214.27.254/getfile/winlog.exe
request GET http://95.214.27.254/getfile/msedge.exe
request GET http://5.42.65.80/alldata.exe
request GET http://5.42.65.80/4t.exe
request POST http://5.42.65.80/8bmeVwqx/index.php
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2632
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73452000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2632
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x004c0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2672
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000ff0ea000
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1452
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00000000046f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffffffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 917504
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005f0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00690000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2524
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x727a1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2524
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x727a2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x005f0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00600000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00422000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0053c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0055b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00557000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00555000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0042a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 49152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007a1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007ad000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00546000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0054a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00547000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007ae000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0053a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00bb0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2524
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73304000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007af000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00e50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 20480
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00e51000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00e56000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00e40000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00e57000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0053d000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 24576
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00e58000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00e5e000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x053a0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 49152
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x053a1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x053ad000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x053ae000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04920000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2524
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73304000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e70000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 20480
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e71000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 8192
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e76000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e78000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0493f000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04930000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e79000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e7a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2524
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x04e7b000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Temp\1000434001\softtool.exe
file C:\Users\test22\AppData\Local\Temp\1000435001\alldata.exe
file C:\Users\test22\AppData\Local\Temp\1000436001\4t.exe
file C:\Users\test22\AppData\Local\Temp\ss41.exe
file C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
file C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
file C:\Users\test22\AppData\Local\Temp\oldplayer.exe
file C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
cmdline "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
cmdline C:\Windows\system32\cmd.exe /S /D /c" echo Y"
cmdline SCHTASKS /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
cmdline "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "oneetx.exe" /P "test22:N"&&CACLS "oneetx.exe" /P "test22:R" /E&&echo Y|CACLS "..\207aa4515d" /P "test22:N"&&CACLS "..\207aa4515d" /P "test22:R" /E&&Exit
file C:\Users\test22\AppData\Local\Temp\oldplayer.exe
file C:\Users\test22\AppData\Local\Temp\ss41.exe
file C:\Users\test22\AppData\Local\Temp\1000434001\softtool.exe
file C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
file C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
file C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
file C:\Users\test22\AppData\Local\Temp\1000435001\alldata.exe
file C:\Users\test22\AppData\Local\Temp\1000436001\4t.exe
file C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
file C:\Users\test22\AppData\Local\Temp\oldplayer.exe
file C:\Users\test22\AppData\Local\Temp\1000435001\alldata.exe
file C:\Users\test22\AppData\Local\Temp\1000434001\softtool.exe
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: SCHTASKS
parameters: /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
filepath: SCHTASKS
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: cmd
parameters: /k echo Y|CACLS "oneetx.exe" /P "test22:N"&&CACLS "oneetx.exe" /P "test22:R" /E&&echo Y|CACLS "..\207aa4515d" /P "test22:N"&&CACLS "..\207aa4515d" /P "test22:R" /E&&Exit
filepath: cmd
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000434001\softtool.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000434001\softtool.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000435001\alldata.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000435001\alldata.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000436001\4t.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000436001\4t.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
1 1 0
Time & API Arguments Status Return Repeated

InternetReadFile

 buffer: MZÿÿ¸@躴 Í!¸LÍ!This program cannot be run in DOS mode. $;v¥tötötöa&öktöa&œöKtöa&›ö töX²cöttötötöa&’ö~töa&Œö~töa&‰ö~töRichtöPEL‘7µcà  Æžà@…<LÉxШvPè0È8@Ð.text4ÄÆ `.dataäþàÊ@À.rsrc¨vÐxè@@.relocü¥P¦`@BbÏ,ÏFÏöË ÌÌ4ÌHÌfÌž̨̺ÌÊÌÞÌüÌÍ,Í>ÍPÍhÍx͖ͨÍæËÈÍÚÍêÍÎÎ&Î2ÎFÎ`ÎvΊΤθÎ&ÔÔÔÔ˦˴˸͔ËðӞϴÏÌÏâÏøÏÐÐ4ÐLÐdÐtЀДаÐÎÐâÐôÐÑÑÑ.Ñ>ÑPÑ\ÑjÑxцњѨѴÑÂÑÌÑâÑðÑüÑ Ò"Ò<ÒTÒnÒ€ÒŽÒ¨Ò¸ÒÎÒèÒúÒÓÓ"Ó8ÓJÓ`ÓpÓ˜Ó¨Ó¸ÓÊÓÞÓÏüÎðÎÞ΀Ïg»B}»B“»B[»B7ˆ@п@öApGAks@é@úmAÀ@ÍÓÐdG(9(-bad allocationÿÿÿÿP@@-B@Šw@´;@G@„9@·n@*C˜<@ŽC@†C@H<@ÓC@†C@Ð9@p@†C@string too longinvalid string position :@Ýw@Šw@Unknown exception4:@þw@Šw@€:@&@csmà “LC_TIMELC_NUMERICLC_MONETARYLC_CTYPELC_COLLATELC_ALL\@ç‘@P@XçB.AD@XçB3‚@8@XçBhA,@XçBA$@XçBRA  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~_.,._;==; ((((( H„„„„„„„„„„‚‚‚‚‚‚ h(((( H„„„„„„„„„„‚‚‚‚‚‚ H€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ  !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELr+šúà B¾$ @@ À`…p$K`=   H.textÄ  `.sdataè@ @À.rsrc=`> @@.reloc  J@B $Hɪ֙¾Ÿ®„(Ã*(Ã*l**"¥D**"¥D******0**0*0*0***********(Ã*******"¥D******0*0*0*0*’(Ã(3(5  (0(6€**********l**"¥D**"¥D******0*0*0*0*0l********"¥D*l***(Ã****0****(Ã*0*0*0*¡°O*0* ¯O0*œ«O0*ÄÓO0*¤³O0*Œ›O******"¥D*********"¥D******(Ã********0*****(Ã**********(Ã*Z+ (€bš&-ù(f******(Ã*0***0***j(Ã(§~(®€*****"¥D*****0*0**0*********(Ã*(Ã*0**0**0*0*0**0*0*!&\G6!0*0*0*”£)\”Ì9!0**********************(Ã*0*0*0**0**0**0**0**0*0*0**0*ÀG(\ÀG/8!0*¾Í)\¾ö9!0*Þ. \Þ.!0*0*0*.#Q'\.#x7!0*0*0*0*0*0*ò:,&\ò:R6!0*0*0*0*0*0*0*0*0*0
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@躴 Í!¸LÍ!This program cannot be run in DOS mode. $;v¥tötötöa&öktöa&œöKtöa&›ö töX²cöttötötöa&’ö~töa&Œö~töa&‰ö~töRichtöPELéÂÜcà  ú@žA@0CG2Eœý@x@¨v:D€ €Bè0È8@Ð.text„ø@ú@ `.dataäþAþ@@À.rsrc¨v@xA@@.relocü¥€B¦”C@B²A|A–AFA\AlA„A˜A¶AÊAÜAøA AA.ALAbA|AŽA A¸AÈAæAøA6AA*A:AVAjAvA‚A–A°AÆAÚAôAAvAfAPA$Aöÿ@AAäÿ@@AîAAA2AHAPAlA„AœA´AÄAÐAäAAA2ADAVAbAnA~AŽA A¬AºAÈAÖAêAøAAAA2A@ALA\ArAŒA¤A¾AÐAÞAøAAA8AJAVA`ArAˆAšA°AÀAèAøAAA.AbALA@A.AÐA·ï€Íï€ãï€7ˆ@п@öApGAks@é@úmAÀ@«ûîdC(9(-bad allocationÿÿÿÿT@@-B@Šw@¸;@G@ˆ9@·n@*Cœ<@ŽC@†C@L<@ÓC@†C@Ô9@p@†C@string too longinvalid string position$:@Ýw@Šw@Unknown exception8:@þw@Šw@„:@&@csmà “LC_TIMELC_NUMERICLC_MONETARYLC_CTYPELC_COLLATELC_ALL\@ç‘@P@X.AD@X3‚@8@XhA,@XA$@XRA  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~_.,._;==; ((((( H„„„„„„„„„„‚‚‚‚‚‚ h(((( H„„„„„„„„„„‚‚‚‚‚‚ H€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ  !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~€‚ƒ„…†‡ˆ‰Š‹ŒŽ‘’“”•–—˜™š›œžŸ ¡¢£¤¥¦§¨©ª«¬­®¯
request_handle: 0x00cc000c
1 1 0

InternetReadFile

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEd†§Æɼð" 0'Ì @  `… \ ì H.text'Ì Î `.rsrc\ Ð@@HXr¶û^$½i)nÆÕgI¡Ë~‚Œ$sÃÁ{®Ô+Þxz:åîðê*„äڃfèµJ™~†“¼+»Ne‘„p¢§Çkdðjó—êŽðš&˜Ýt0;¸˜#o _0&§8%¤VÔ^Ð)û_úZ Áï…ág ìGäà㚞0º{—d((7eAž‰üY¯ö>r:U륞s f„³˜sEn"*õJ"‹óÒ0>n¹½&ŸÅ³&ÇØAÓêu^T5>\£æ@›W&ü?d»•´ÓR"9rK˜"¡§q”XßüºV»Ž¾dÇá&»Za&ÁÈ਍ִ°Ï î`Š{á<XZí7¥y{'Úd‘Wákôû*eôï "þÕ&òkåîðê*„äڃfèµJ™~åîðê*„äڃfèµJ™~åîðê*„äڃfèµJ™~åîðê*„äڃfèµJ™~åîðê*„äڃfèµJ™~æ!”:!¹ºBf›A–Ð » ŸLó¶Ùkƒ‡RFÖJðí S­Htq`-øÛ©¶Âv[ _B÷ϖEY•[ÑYÒfJ’;þkm“38®WYßÑÏ·7˜å¿ Á¥JœHс0;l“¬2ýu]ÿåîðê*„äڃfèµJ™~åîðê*„äڃfèµJ™~ë’=Gw¹ÍÍÇÂYÐýðq§@fÈçÕ´Ã>Q5åîðê*„äڃfèµJ™~åîðê*„äڃfèµJ™~˜L~sþu{¯–*ßcÀD}ñZáí´ð5ÁØbmuÅYÛx—MY1S¸ÎWóp²ãá~üð‘Ý4>=ÑrmЫU@UÚf8ܪe}»§ã+2•5@…jJ=Ñhê+W2c?¶DZÇMÎЪnÐ=äè4ÚÙ@óÏÒ?]C¹—ÝÎæ²y…»dzÄghñ¥úùûbAP¶ófÿïj¡ãÅò²9 Ìd¸[j‰ ”ûu¢jÝ Ê¿Ž•ŠP×:à3ã»Ï=îьØê‹1/iòñ«n¥/þ|ÚS xA2 tф1aÄ'm?ê”4°K›†NzA ÆÛ§æxBbY°µ€´êÇå@fP×-¤mÎʑ á¯-0q”ÿ`ßaŠ•CëËSfäth¯MÇÓ$ËDÁMÜ¿¼Åi3‹JíXÏç°2W\ÐúV6?ð2Óãèf’Ô# b~n·dWúþùËËfhÎ1øö½ÌžUùñ¹çÑD™ý7…±@¡½¿æVãÏ8ÊmÑ/à:áO´àx%ù¾Ó‹NáJôoh‹ùìUósDíHN_±ÎºþFFÚ² ÜÈç>v‘v_öÍQDØÔú ƒç™òŠ _vÌ^úSW½¬¾—<KAê™ll³¤·îäöݞ#ˆ³9ÀƒAµÎ%»xؐž¼âÚkgœa姯‹óáÙaÎj M- (Ä« @å  Gfæ}mÇ (þ›eŠÅ¯ašDãþiûW9¬¾Fgƒ1ÜW¿½ÀFlCu‹f-w,Œª~A^Ž…W—­ùRT,eÝhv/ö³ÛIÎJ2ÂÊzY·ÊÔ¥:túyû3õ·tP©Ð³ Ü­„ì®=¾lAÆýø؝"uŸTcÂî1ÁH„€ê q/öµÑÇFï…Z½  6>̜ç\ÂA­_FcŽªlüȜv6K×Ìø3¨{ˆ,qwÁ›ì,·™ ›GYG Ï ¾6hez£§¦1¸Ë°ÛÔ]L¿v,&BÐÄùÐÎçÓôv¿wR7Ã?ýˌÒÌÎåƛâ>ˆ"7ÍZüÞªäGrð)‚˜—ă˜Ldu$2sÔ֖õm]c"«½½Ë«;/T))܅:ðNKÛ{„Rè“M<åSR˜õk À5üµí°OT6ÉÞ7*#ÏåÞJKæÁb ã.@SeîLš~go_^†SÝ÷þЀ_ŒBßõØ¢Rô¨\LfÈDVÂ}¥ß*ý ?–NdºaŠjq¯jã.¸#™BSw¦$[6# ¯c•Û²±P%†5¿Mn•ãÛ[Öà¸ÛúãðüÚÌI}.r3PÖ+ÕôØþb{ËÈñ lά(!Ҙ¸ž˜›$lbæ×/ÚȔd9]TtŔ5GîǘK-܇ë|wË4·¶ý šáym àŒ¶ <¼cÁò&ÁÓ^þæÝIˆ7?—‘PÕfª²ÛÜƔ•$¬i<q_Ô,·½À_¤zóh0äs…U¾KIÓ 7\Á ü Ÿò꧕$ò^‹=^/2/¸¼Ï!¿Û*Veµ À÷¶µö$CdÚ¼ïÀ…Ê aú÷]Z¢×…Ÿb í´yûÀü“ÿföŠVˆéö±´9«JÂþê°mŸéÍS²›Žj°jxÍ©mÐwÔiî£ó^lBf‰ò67¥¶z =žCa†ðh(y 'ɬ6¯A´Zª_CÞ-uh[?Y+m=–ýð‡UŽïœyö-!â”/E,¤K,q?P‘ËÏ7CR½ƒÅ˜Ëñ¦¸!¦:dYËïYàQ͵ųL Ɯ¨ŒT†Ümò•y‘v:ŸE¯¨€oƒø›!@Ÿ÷!‹{ò©1ÿ²3œ³\Ô /¾ØõŒ~Àñ,,à"`\üŸ.©³¶&WÚl“0Þ>Ñ -ß߯BÐ,ІœVàš²B[œìUCËiHÊýémŸÏÄ>·ÁDsm´órâ§i'ú~ñé‡ëk ë-‡@•*I5ôl$T&û}#ìÙyJ¨íÔw›–›á¯„˜¥iµ¥ýwkÄõ,(­—¹œA½6¦¾ŽŒ %ó©¹b¯ËÔȑrä±çt;®J¿1Þ}oŠ4iB'º s±~ñvμ®½I‰€•Å>­|ñHÉʨDNÚò«M(ÿu›þkê.[HºÚ>Vz²:Àë &ë n?ù˜ˆGå'ˆwçw™ý¿6~Toê4n_d9“ªØ;Ó£Ié¡>b[*§ïÇ#šÏ ƒmÉ>üÂÎÓóÑH° ·™U{Ž‘ÊAò„ñ‚ÀóäÜë¹Ömfè»È2Ûô=pݑ;áÆÓƌõW\MYVBð•ßw+ÍY0ŠqžZY[ÉÕ~ËÀö%NÈ „D“DÜî îwiì{¢ÝÃ˯¶¯*䨫ØCÃÙ#”²¸dwŽ>EßυD(ŽgFäé I›½¸0\õ7¢7æ9°úœÔÎvþŒõ[3Š¨ш¶5OGRó+¤X«h* Ž¿ì2¿d]ËÔ÷Ty™5ô7(̤ˆªuáŸ:h·»ül™ìƒ[ V~ò2Ö9ØÕXŒË÷@Zɍ^@è ¿›w§u½§³ÆL[Òzþ½+È ?De{,OӂOÅO Æg=àx/œ%ÍVyæêX´Àè! !„%Ÿ ʾՁ‚t¥c¯ö» ×Ó@Àԋê<ŧF†ÈüB½ 4ª]æˆÅ8â§ÜÂav)ô^‡aØ×õa ²ƒ Ûfê?U.&¬X¾£\RÙ ¾/æÓo"6ôëC ™Æh:ó+rTÛ ÷­gÝàN µ_› µ«¨¯l¾G¥5p]¹›Ê¥:(ˆj©…*՘ÃDü(æx Ô—kÆî­`nOð–ªûq»ÂF¢c¾ù2O ¢± }ˆ_8&0†¤e‡ô lfŠÔ„nGLBþ¤Rµ”V!÷—Áû²o\°mŒt M2ƒ´ÛZ)ÂxNj«‹V¡2ÓQ‰·4¨ $¿/¢^ÞÍ ¶p³ÔÚJ†07>|6f7 1î]ˆ²ŠW°¤?’œÉTüÐÄ©êšMo®yû ø'›4x3EkHŠf ×aDxé^WkHQ­Ã3cLH5Hu›¦Íú´%·p ½Ý˜E¤¶ÇyÞägÖ¬¦C$Çú6j>DGa¾ÅõI·„³¡wà©\µÏ>ë½y_ 6¯Tì֞†¯+æJ¡'pƒÑ‡%vË0{kÑòÅæ$úô-~Ô¹˜÷ø ¹º²w¨X­Òô=!}m/|fcÇ広)‡g(„é·}ƒ˜„°¸,Q¹L µ|ß°sõ8Õ*¡ ¶†Ó ΐèº$ѱ5¢Œ1Dz[‘-©)X•fw‡¤ŒÇü®Oó½>ÔQ֕û—“€½ÅòžÉq£‘ˆÆb­¥ÚU  ‹ØHM49‚\O<L ¸vçVÑ`z<ûѹÎlªG}*§AÉaˆ°—¿å“ ÂÀ‰£2ýἓ øÜ¿ïeç[ù…‡sSx0"Ww|â°Ô a,íúÒÞcc¾sÓ(Р¯è;"y9ø¬H…$'|‰7¼s'ñV˪–ä.]¢¢ŒØ LXÑ; µË{£ŽÊ¿±}ÑÙÊ#w!N¢ºñÄ'¦«oX`勸Û[õäáFwðÆÉïD´´m@¯-es–Ôcºë5ÖÅø“Cj\åoæܪæ\?äMr./ôiÜ>þ«ÜŒ¢)+¡€àhp ǕŒD RÜ3]¸—•FƸëR¬Ì^âük‘Úí*`ë'SãŽ°“îӑÊÖrk´øE¤k9 'ÖsDž½:ŸåX¯e }Ó·2¦
request_handle: 0x00cc000c
1 1 0
section {u'size_of_data': u'0x000e4a00', u'virtual_address': u'0x00002000', u'entropy': 7.642547553080983, u'name': u'.rdata', u'virtual_size': u'0x000e4873'} entropy 7.64254755308 description A section with a high entropy has been found
entropy 0.996730245232 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
description PWS Memory rule Generic_PWS_Memory_Zero
description RedLine stealer rule RedLine_Stealer_m_Zero
description Take ScreenShot rule ScreenShot
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description PWS Memory rule Generic_PWS_Memory_Zero
description RedLine stealer rule RedLine_Stealer_m_Zero
description Take ScreenShot rule ScreenShot
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description PWS Memory rule Generic_PWS_Memory_Zero
description RedLine stealer rule RedLine_Stealer_m_Zero
description Take ScreenShot rule ScreenShot
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
Time & API Arguments Status Return Repeated

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x0000036c
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExW

 regkey_r: AddressBook
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

 regkey_r: Connection Manager
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

 regkey_r: DirectDrawEx
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

 regkey_r: EditPlus
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

 regkey_r: ENTERPRISE
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
1 0 0

RegOpenKeyExW

 regkey_r: Fontcore
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

 regkey_r: Google Chrome
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: Haansoft HWord 80 Korean
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

 regkey_r: IE40
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

 regkey_r: IE4Data
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExW

 regkey_r: IE5BAKEX
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExW

 regkey_r: IEData
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExW

 regkey_r: MobileOptionPack
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExW

 regkey_r: SchedulingAgent
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExW

 regkey_r: WIC
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExW

 regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExW

 regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExW

 regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0015-0412-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0016-0412-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0018-0412-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0019-0412-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-001A-0412-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-001B-0412-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-001F-0409-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-001F-0412-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0028-0412-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-002C-0412-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0030-0000-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0044-0412-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-006E-0409-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-006E-0412-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-00A1-0412-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-00BA-0409-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0114-0412-0000-0000000FF1CE}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
1 0 0

RegOpenKeyExW

 regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
1 0 0

RegOpenKeyExW

 regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d}
base_handle: 0x0000036c
key_handle: 0x00000370
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x000001c4
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExW

 regkey_r: AddressBook
base_handle: 0x000001c4
key_handle: 0x000001c0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

 regkey_r: Connection Manager
base_handle: 0x000001c4
key_handle: 0x000001c0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

 regkey_r: DirectDrawEx
base_handle: 0x000001c4
key_handle: 0x000001c0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

 regkey_r: EditPlus
base_handle: 0x000001c4
key_handle: 0x000001c0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

 regkey_r: ENTERPRISE
base_handle: 0x000001c4
key_handle: 0x000001c0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
1 0 0

RegOpenKeyExW

 regkey_r: Fontcore
base_handle: 0x000001c4
key_handle: 0x000001c0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

 regkey_r: Google Chrome
base_handle: 0x000001c4
key_handle: 0x000001c0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: Haansoft HWord 80 Korean
base_handle: 0x000001c4
key_handle: 0x000001c0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

 regkey_r: IE40
base_handle: 0x000001c4
key_handle: 0x000001c0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

 regkey_r: IE4Data
base_handle: 0x000001c4
key_handle: 0x000001c0
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0
cmdline "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
cmdline SCHTASKS /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
buffer Buffer with sha1: ea121214f0c1e113d5c5195cc03bc9940bb30337
buffer Buffer with sha1: 9d635ca806f91250917caa8f2e064fcf9a76c222
host 5.42.65.80
host 95.214.27.254
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2084
region_size: 196608
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x0000026c
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2308
region_size: 196608
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x0000026c
1 0 0

NtAllocateVirtualMemory

 process_identifier: 1168
region_size: 196608
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x00000270
1 0 0
file C:\ProgramData\AVAST Software
file C:\ProgramData\Avira
file C:\ProgramData\Kaspersky Lab
file C:\ProgramData\Panda Security
file C:\ProgramData\Bitdefender
file C:\ProgramData\AVG
file C:\ProgramData\Doctor Web
cmdline "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
cmdline SCHTASKS /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
file C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
file C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL— E»à 0žn7 @@ @…7S@V›à  H.textt  `.rsrcV›@œ@@.reloc à¶@B
base_address: 0x00400000
process_identifier: 2084
process_handle: 0x0000026c
1 1 0

WriteProcessMemory

 buffer: 0 p7
base_address: 0x0042e000
process_identifier: 2084
process_handle: 0x0000026c
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 2084
process_handle: 0x0000026c
1 1 0

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL— E»à 0žn7 @@ @…7S@V›à  H.textt  `.rsrcV›@œ@@.reloc à¶@B
base_address: 0x00400000
process_identifier: 2308
process_handle: 0x0000026c
1 1 0

WriteProcessMemory

 buffer: 0 p7
base_address: 0x0042e000
process_identifier: 2308
process_handle: 0x0000026c
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 2308
process_handle: 0x0000026c
1 1 0

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL— E»à 0žn7 @@ @…7S@V›à  H.textt  `.rsrcV›@œ@@.reloc à¶@B
base_address: 0x00400000
process_identifier: 1168
process_handle: 0x00000270
1 1 0

WriteProcessMemory

 buffer: 0 p7
base_address: 0x0042e000
process_identifier: 1168
process_handle: 0x00000270
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 1168
process_handle: 0x00000270
1 1 0
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL— E»à 0žn7 @@ @…7S@V›à  H.textt  `.rsrcV›@œ@@.reloc à¶@B
base_address: 0x00400000
process_identifier: 2084
process_handle: 0x0000026c
1 1 0

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL— E»à 0žn7 @@ @…7S@V›à  H.textt  `.rsrcV›@œ@@.reloc à¶@B
base_address: 0x00400000
process_identifier: 2308
process_handle: 0x0000026c
1 1 0

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL— E»à 0žn7 @@ @…7S@V›à  H.textt  `.rsrcV›@œ@@.reloc à¶@B
base_address: 0x00400000
process_identifier: 1168
process_handle: 0x00000270
1 1 0
Time & API Arguments Status Return Repeated

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Access MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Excel MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office PowerPoint MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Publisher MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Outlook MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Word MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office IME (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office InfoPath MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OneNote MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 ActiveX
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 NPAPI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000370
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Access MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Excel MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office PowerPoint MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Publisher MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Outlook MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Word MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office IME (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office InfoPath MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OneNote MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x000001c0
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName
1 0 0
process ss41.exe useragent HTTPREAD
process oneetx.exe useragent
Process injection Process 2524 called NtSetContextThread to modify thread in remote process 2084
Process injection Process 2236 called NtSetContextThread to modify thread in remote process 2308
Process injection Process 1796 called NtSetContextThread to modify thread in remote process 1168
Time & API Arguments Status Return Repeated

NtSetContextThread

 registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4339566
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x00000268
process_identifier: 2084
1 0 0

NtSetContextThread

 registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4339566
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x00000268
process_identifier: 2308
1 0 0

NtSetContextThread

 registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4339566
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x0000026c
process_identifier: 1168
1 0 0
Process injection Process 2524 resumed a thread in remote process 2084
Process injection Process 2236 resumed a thread in remote process 2308
Process injection Process 1796 resumed a thread in remote process 1168
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x00000268
suspend_count: 1
process_identifier: 2084
1 0 0

NtResumeThread

 thread_handle: 0x00000268
suspend_count: 1
process_identifier: 2308
1 0 0

NtResumeThread

 thread_handle: 0x0000026c
suspend_count: 1
process_identifier: 1168
1 0 0
cmdline CACLS "oneetx.exe" /P "test22:N"
cmdline CACLS "oneetx.exe" /P "test22:R" /E
cmdline "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "oneetx.exe" /P "test22:N"&&CACLS "oneetx.exe" /P "test22:R" /E&&echo Y|CACLS "..\207aa4515d" /P "test22:N"&&CACLS "..\207aa4515d" /P "test22:R" /E&&Exit
cmdline CACLS "..\207aa4515d" /P "test22:R" /E
cmdline CACLS "..\207aa4515d" /P "test22:N"
cmdline cmd /k echo Y|CACLS "oneetx.exe" /P "test22:N"&&CACLS "oneetx.exe" /P "test22:R" /E&&echo Y|CACLS "..\207aa4515d" /P "test22:N"&&CACLS "..\207aa4515d" /P "test22:R" /E&&Exit
Time & API Arguments Status Return Repeated

__anomaly__

 tid: 3028
message: Encountered 65537 exceptions, quitting.
subcategory: exception
function_name:
1 0 0
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2636
thread_handle: 0x00000270
process_identifier: 2632
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\oldplayer.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\oldplayer.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\oldplayer.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x00000278
1 1 0

CreateProcessInternalW

 thread_identifier: 2676
thread_handle: 0x00000274
process_identifier: 2672
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\ss41.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\ss41.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\ss41.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x0000027c
1 1 0

CreateProcessInternalW

 thread_identifier: 2780
thread_handle: 0x000002f0
process_identifier: 2776
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000002f4
1 1 0

NtResumeThread

 thread_handle: 0x00000214
suspend_count: 1
process_identifier: 2776
1 0 0

CreateProcessInternalW

 thread_identifier: 2892
thread_handle: 0x00000250
process_identifier: 2888
current_directory: C:\Users\test22\AppData\Local\Temp
filepath: C:\Windows\System32\schtasks.exe
track: 1
command_line: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN oneetx.exe /TR "C:\Users\test22\AppData\Local\Temp\207aa4515d\oneetx.exe" /F
filepath_r: C:\Windows\System32\schtasks.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x00000258
1 1 0

CreateProcessInternalW

 thread_identifier: 2940
thread_handle: 0x000001d8
process_identifier: 2936
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Windows\System32\cmd.exe
track: 1
command_line: "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "oneetx.exe" /P "test22:N"&&CACLS "oneetx.exe" /P "test22:R" /E&&echo Y|CACLS "..\207aa4515d" /P "test22:N"&&CACLS "..\207aa4515d" /P "test22:R" /E&&Exit
filepath_r: C:\Windows\System32\cmd.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x00000240
1 1 0

CreateProcessInternalW

 thread_identifier: 2472
thread_handle: 0x0000039c
process_identifier: 2480
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Users\test22\AppData\Local\Temp\1000434001\softtool.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\1000434001\softtool.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\1000434001\softtool.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000003c4
1 1 0

CreateProcessInternalW

 thread_identifier: 2608
thread_handle: 0x000003ac
process_identifier: 2524
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000003d0
1 1 0

CreateProcessInternalW

 thread_identifier: 2792
thread_handle: 0x00000344
process_identifier: 2788
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000003cc
1 1 0

CreateProcessInternalW

 thread_identifier: 3028
thread_handle: 0x00000338
process_identifier: 2988
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000003d4
1 1 0

CreateProcessInternalW

 thread_identifier: 152
thread_handle: 0x000003c8
process_identifier: 196
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Users\test22\AppData\Local\Temp\1000435001\alldata.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\1000435001\alldata.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\1000435001\alldata.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000003d8
1 1 0

CreateProcessInternalW

 thread_identifier: 2252
thread_handle: 0x000003fc
process_identifier: 2236
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000003dc
1 1 0

CreateProcessInternalW

 thread_identifier: 2940
thread_handle: 0x000003ac
process_identifier: 3012
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x00000338
1 1 0

CreateProcessInternalW

 thread_identifier: 2584
thread_handle: 0x00000344
process_identifier: 2548
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000003d0
1 1 0

CreateProcessInternalW

 thread_identifier: 1504
thread_handle: 0x000003fc
process_identifier: 544
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Users\test22\AppData\Local\Temp\1000436001\4t.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\1000436001\4t.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\1000436001\4t.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x000003d0
1 1 0

CreateProcessInternalW

 thread_identifier: 1064
thread_handle: 0x00000414
process_identifier: 1796
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x00000344
1 1 0

CreateProcessInternalW

 thread_identifier: 2740
thread_handle: 0x000003f0
process_identifier: 2628
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\1000398001\winlog.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x0000041c
1 1 0

CreateProcessInternalW

 thread_identifier: 2292
thread_handle: 0x00000344
process_identifier: 2288
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
track: 1
command_line: "C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe"
filepath_r: C:\Users\test22\AppData\Local\Temp\1000399001\msedge.exe
stack_pivoted: 0
creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 0
process_handle: 0x00000408
1 1 0

CreateProcessInternalW

 thread_identifier: 3060
thread_handle: 0x0000008c
process_identifier: 3056
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Windows\System32\cmd.exe
track: 1
command_line: C:\Windows\system32\cmd.exe /S /D /c" echo Y"
filepath_r: C:\Windows\system32\cmd.exe
stack_pivoted: 0
creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 1
process_handle: 0x00000094
1 1 0

CreateProcessInternalW

 thread_identifier: 1152
thread_handle: 0x00000088
process_identifier: 2056
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Windows\System32\cacls.exe
track: 1
command_line: CACLS "oneetx.exe" /P "test22:N"
filepath_r: C:\Windows\system32\cacls.exe
stack_pivoted: 0
creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 1
process_handle: 0x0000008c
1 1 0

CreateProcessInternalW

 thread_identifier: 2120
thread_handle: 0x0000008c
process_identifier: 1728
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Windows\System32\cacls.exe
track: 1
command_line: CACLS "oneetx.exe" /P "test22:R" /E
filepath_r: C:\Windows\system32\cacls.exe
stack_pivoted: 0
creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 1
process_handle: 0x00000094
1 1 0

CreateProcessInternalW

 thread_identifier: 2068
thread_handle: 0x0000008c
process_identifier: 2064
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Windows\System32\cmd.exe
track: 1
command_line: C:\Windows\system32\cmd.exe /S /D /c" echo Y"
filepath_r: C:\Windows\system32\cmd.exe
stack_pivoted: 0
creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 1
process_handle: 0x00000090
1 1 0

CreateProcessInternalW

 thread_identifier: 2184
thread_handle: 0x00000094
process_identifier: 2176
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Windows\System32\cacls.exe
track: 1
command_line: CACLS "..\207aa4515d" /P "test22:N"
filepath_r: C:\Windows\system32\cacls.exe
stack_pivoted: 0
creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 1
process_handle: 0x0000008c
1 1 0

CreateProcessInternalW

 thread_identifier: 2212
thread_handle: 0x0000008c
process_identifier: 2224
current_directory: C:\Users\test22\AppData\Local\Temp\207aa4515d
filepath: C:\Windows\System32\cacls.exe
track: 1
command_line: CACLS "..\207aa4515d" /P "test22:R" /E
filepath_r: C:\Windows\system32\cacls.exe
stack_pivoted: 0
creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT)
inherit_handles: 1
process_handle: 0x00000090
1 1 0

NtResumeThread

 thread_handle: 0x000000a0
suspend_count: 1
process_identifier: 2056
1 0 0

NtResumeThread

 thread_handle: 0x0000009c
suspend_count: 1
process_identifier: 1728
1 0 0

NtResumeThread

 thread_handle: 0x000000a0
suspend_count: 1
process_identifier: 2176
1 0 0

NtResumeThread

 thread_handle: 0x00000098
suspend_count: 1
process_identifier: 2224
1 0 0

NtResumeThread

 thread_handle: 0x000000dc
suspend_count: 1
process_identifier: 2524
1 0 0

NtResumeThread

 thread_handle: 0x0000014c
suspend_count: 1
process_identifier: 2524
1 0 0

NtResumeThread

 thread_handle: 0x000001bc
suspend_count: 1
process_identifier: 2524
1 0 0

CreateProcessInternalW

 thread_identifier: 2980
thread_handle: 0x00000268
process_identifier: 2084
current_directory:
filepath: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
track: 1
command_line:
filepath_r: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x0000026c
1 1 0

NtGetContextThread

 thread_handle: 0x00000268
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2084
region_size: 196608
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x0000026c
1 0 0

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL— E»à 0žn7 @@ @…7S@V›à  H.textt  `.rsrcV›@œ@@.reloc à¶@B
base_address: 0x00400000
process_identifier: 2084
process_handle: 0x0000026c
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00402000
process_identifier: 2084
process_handle: 0x0000026c
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00424000
process_identifier: 2084
process_handle: 0x0000026c
1 1 0

WriteProcessMemory

 buffer: 0 p7
base_address: 0x0042e000
process_identifier: 2084
process_handle: 0x0000026c
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0x7efde008
process_identifier: 2084
process_handle: 0x0000026c
1 1 0

NtSetContextThread

 registers.eip: 0
registers.esp: 0
registers.edi: 0
registers.eax: 4339566
registers.ebp: 0
registers.edx: 0
registers.ebx: 2130567168
registers.esi: 0
registers.ecx: 0
thread_handle: 0x00000268
process_identifier: 2084
1 0 0

NtResumeThread

 thread_handle: 0x00000268
suspend_count: 1
process_identifier: 2084
1 0 0

NtResumeThread

 thread_handle: 0x000000dc
suspend_count: 1
process_identifier: 2084
1 0 0

NtResumeThread

 thread_handle: 0x0000014c
suspend_count: 1
process_identifier: 2084
1 0 0

NtResumeThread

 thread_handle: 0x00000188
suspend_count: 1
process_identifier: 2084
1 0 0

NtResumeThread

 thread_handle: 0x000001dc
suspend_count: 1
process_identifier: 2084
1 0 0

NtResumeThread

 thread_handle: 0x00000384
suspend_count: 1
process_identifier: 2084
1 0 0

NtResumeThread

 thread_handle: 0x000000dc
suspend_count: 1
process_identifier: 2236
1 0 0

NtResumeThread

 thread_handle: 0x0000014c
suspend_count: 1
process_identifier: 2236
1 0 0

NtResumeThread

 thread_handle: 0x000001d0
suspend_count: 1
process_identifier: 2236
1 0 0

CreateProcessInternalW

 thread_identifier: 2248
thread_handle: 0x00000268
process_identifier: 2308
current_directory:
filepath: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
track: 1
command_line:
filepath_r: C:\Users\test22\AppData\Local\Temp\1000397001\taskhost.exe
stack_pivoted: 0
creation_flags: 134217732 (CREATE_NO_WINDOW|CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x0000026c
1 1 0
Bkav W32.AIDetectMalware
Lionic Trojan.Win32.Stealer.12!c
MicroWorld-eScan Gen:Variant.FakeAlert.2
FireEye Generic.mg.98628dba1be12d83
CAT-QuickHeal TjnDroppr.Dapato.S28495190
ALYac Gen:Variant.FakeAlert.2
Malwarebytes Trojan.Injector
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 005a7a3c1 )
K7GW Trojan ( 005a7a3c1 )
CrowdStrike win/malicious_confidence_100% (W)
Arcabit Trojan.FakeAlert.2
BitDefenderTheta Gen:NN.ZexaF.36662.5qW@a4qWNDii
Cyren W32/Lazy.U.gen!Eldorado
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/TrojanDropper.Agent.SRP
APEX Malicious
Cynet Malicious (score: 100)
Kaspersky HEUR:Trojan-Spy.Win32.Stealer.gen
BitDefender Gen:Variant.FakeAlert.2
Avast Win32:Evo-gen [Trj]
Tencent Win32.Trojan-Spy.Stealer.Gajl
Sophos Mal/Generic-S
F-Secure Trojan.TR/Dropper.Gen
VIPRE Gen:Variant.FakeAlert.2
McAfee-GW-Edition BehavesLike.Win32.Generic.dc
Trapmine malicious.high.ml.score
Emsisoft Gen:Variant.FakeAlert.2 (B)
SentinelOne Static AI - Suspicious PE
Avira TR/Dropper.Gen
Gridinsoft Trojan.Win32.Amadey.bot
Microsoft Trojan:Win32/Amadey.AMY!MTB
ZoneAlarm HEUR:Trojan-Spy.Win32.Stealer.gen
GData Win32.Trojan.PSE.102OIFV
Google Detected
AhnLab-V3 Trojan/Win.Generic.R497632
VBA32 BScope.Trojan.Nitol
MAX malware (ai score=88)
Panda Trj/Genetic.gen
TrendMicro-HouseCall Trojan.Win32.AMADEY.YXDIBZ
Rising Backdoor.DcRat!8.129D9 (TFE:1:BNER4NzZWDL)
Ikarus Trojan.Win32.Tnega
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Tiny.NFR!tr
AVG Win32:Evo-gen [Trj]
Cybereason malicious.31e4f6
DeepInstinct MALICIOUS