Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 2, 2023, 10:27 a.m.	Nov. 2, 2023, 10:29 a.m.

Size	28.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`22df9b6c3a71b8dbbdef5d5bd09e445f`
SHA256	`024cce95a63124cd3cbfe3f21fbacf8437fd288717fce379006064aa2a97641e`
CRC32	`0C4E0A01`
ssdeep	`384:IB+Sbj6NKDRW16lVAH9BYVizqDyevPUQOvDKNrCeJE3WNgDnPr0ob7TyXUq7ZQrm:2pD06lVw9tc8QE45NknIgTyEql4Kj`
Yara	UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature IsPE32 - (no description) Is_DotNET_EXE - (no description)

Limebase.txt.exe "C:\Users\test22\AppData\Local\Temp\Limebase.txt.exe"
2532

Name	Response	Post-Analysis Lookup
pastebin.com	A 172.67.34.170 A 104.20.67.143 A 104.20.68.143	104.20.68.143

IP Address	Status	Action
164.124.101.2	Active	Moloch
172.67.34.170	Active	Moloch
91.92.247.146	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49163 -> 172.67.34.170:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49163 172.67.34.170:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	c7:af:cc:81:4d:27:d1:4c:7c:f4:bf:5d:55:9d:80:50:3b:6f:6c:cd

Queries for the computername (40 events)

Time & API	Arguments	Status	Return
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 2, 2023, 10:27 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 2, 2023, 10:27 a.m.			0	0
IsDebuggerPresent Nov. 2, 2023, 10:27 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (3 events)

Time & API	Arguments	Status	Return
CryptExportKey Nov. 2, 2023, 10:27 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005bbd78 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 2, 2023, 10:27 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005bb838 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 2, 2023, 10:27 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005bb838 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 2, 2023, 10:27 a.m.		1	1	0

One or more processes crashed (22 events)

Time & API	Arguments	Status
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d0567 0x9d0308 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d06a9 registers.esp: 2355348 registers.edi: 37833608 registers.eax: 0 registers.ebp: 2355388 registers.edx: 195 registers.ebx: 2355684 registers.esi: 37838296 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 48 04 39 09 e8 f4 3c 5e 70 85 c0 0f 8e 73 ff exception.instruction: mov ecx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d41b2 registers.esp: 93713804 registers.edi: 93713916 registers.eax: 0 registers.ebp: 93713840 registers.edx: 6357136 registers.ebx: 37833484 registers.esi: 37833464 registers.ecx: 1922370905	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d0567 0x9d3e49 0x9d3aaf mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d06a9 registers.esp: 95679476 registers.edi: 37833608 registers.eax: 0 registers.ebp: 95679516 registers.edx: 195 registers.ebx: 37945332 registers.esi: 37952652 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d44d8 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 e8 b7 4f 5e 70 eb 11 8b c8 e8 1e ee a7 72 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d4802 registers.esp: 93713756 registers.edi: 93713780 registers.eax: 0 registers.ebp: 93713796 registers.edx: 6357136 registers.ebx: 37833484 registers.esi: 37833464 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d44d8 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 50 1c eb 11 8b c8 e8 fd ed a7 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d4822 registers.esp: 93713756 registers.edi: 93713780 registers.eax: 93713756 registers.ebp: 93713796 registers.edx: 10307612 registers.ebx: 37833484 registers.esi: 37833464 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d44d8 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 30 ff 50 10 eb 11 8b c8 e8 dc ed a7 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d4843 registers.esp: 93713756 registers.edi: 93713780 registers.eax: 93713756 registers.ebp: 93713796 registers.edx: 10307645 registers.ebx: 37833484 registers.esi: 37833464 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d0567 0x9d3e49 0x9d4f88 0x9d3bb4 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d06a9 registers.esp: 98364960 registers.edi: 37833608 registers.eax: 0 registers.ebp: 98365000 registers.edx: 195 registers.ebx: 37953544 registers.esi: 37960164 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d0567 0x9d501d 0x9d4fa9 0x9d3bb4 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d06a9 registers.esp: 98364956 registers.edi: 37833608 registers.eax: 0 registers.ebp: 98364996 registers.edx: 195 registers.ebx: 37953712 registers.esi: 38478756 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d0567 0x9d3e49 0x9d50bb 0x9d3bc4 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d06a9 registers.esp: 98364960 registers.edi: 37833608 registers.eax: 0 registers.ebp: 98365000 registers.edx: 195 registers.ebx: 37953600 registers.esi: 38522236 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d0567 0x9d501d 0x9d50db 0x9d3bc4 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d06a9 registers.esp: 98364956 registers.edi: 37833608 registers.eax: 0 registers.ebp: 98364996 registers.edx: 195 registers.ebx: 38515808 registers.esi: 38557156 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d0567 0x9d3e49 0x9d50e6 0x9d3bc4 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d06a9 registers.esp: 98364960 registers.edi: 37833608 registers.eax: 0 registers.ebp: 98365000 registers.edx: 195 registers.ebx: 37953600 registers.esi: 38592112 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d0567 0x9d3e49 0x9d5168 0x9d3bdd mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d06a9 registers.esp: 98364960 registers.edi: 37833608 registers.eax: 0 registers.ebp: 98365000 registers.edx: 195 registers.ebx: 37953660 registers.esi: 38635340 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d0567 0x9d501d 0x9d5188 0x9d3bdd mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d06a9 registers.esp: 98364956 registers.edi: 37833608 registers.eax: 0 registers.ebp: 98364996 registers.edx: 195 registers.ebx: 37970572 registers.esi: 38670260 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d0567 0x9d3e49 0x9d5193 0x9d3bdd mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 dc eb 1f 8b c8 e8 54 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d06a9 registers.esp: 98364960 registers.edi: 37833608 registers.eax: 0 registers.ebp: 98365000 registers.edx: 195 registers.ebx: 37953660 registers.esi: 38713444 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d44d8 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 50 1c eb 11 8b c8 e8 fd ed a7 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d4822 registers.esp: 93713756 registers.edi: 93713780 registers.eax: 0 registers.ebp: 93713796 registers.edx: 1093 registers.ebx: 37833484 registers.esi: 37833464 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:27 a.m.	stacktrace: 0x9d44d8 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 30 ff 50 10 eb 11 8b c8 e8 dc ed a7 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d4843 registers.esp: 93713756 registers.edi: 93713780 registers.eax: 93713756 registers.ebp: 93713796 registers.edx: 10307645 registers.ebx: 37833484 registers.esi: 37833464 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:28 a.m.	stacktrace: 0x9d44d8 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 50 1c eb 11 8b c8 e8 fd ed a7 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d4822 registers.esp: 93713756 registers.edi: 93713780 registers.eax: 0 registers.ebp: 93713796 registers.edx: 1093 registers.ebx: 37833484 registers.esi: 37833464 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:28 a.m.	stacktrace: 0x9d44d8 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 30 ff 50 10 eb 11 8b c8 e8 dc ed a7 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d4843 registers.esp: 93713756 registers.edi: 93713780 registers.eax: 93713756 registers.ebp: 93713796 registers.edx: 10307645 registers.ebx: 37833484 registers.esi: 37833464 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:28 a.m.	stacktrace: 0x9d44d8 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 50 1c eb 11 8b c8 e8 fd ed a7 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d4822 registers.esp: 93713756 registers.edi: 93713780 registers.eax: 0 registers.ebp: 93713796 registers.edx: 1093 registers.ebx: 37833484 registers.esi: 37833464 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:28 a.m.	stacktrace: 0x9d44d8 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 30 ff 50 10 eb 11 8b c8 e8 dc ed a7 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d4843 registers.esp: 93713756 registers.edi: 93713780 registers.eax: 93713756 registers.ebp: 93713796 registers.edx: 10307645 registers.ebx: 37833484 registers.esi: 37833464 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:29 a.m.	stacktrace: 0x9d44d8 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 50 1c eb 11 8b c8 e8 fd ed a7 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d4822 registers.esp: 93713756 registers.edi: 93713780 registers.eax: 0 registers.ebp: 93713796 registers.edx: 1093 registers.ebx: 37833484 registers.esi: 37833464 registers.ecx: 0	1
__exception__ Nov. 2, 2023, 10:29 a.m.	stacktrace: 0x9d44d8 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 30 ff 50 10 eb 11 8b c8 e8 dc ed a7 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x9d4843 registers.esp: 93713756 registers.edi: 93713780 registers.eax: 93713756 registers.ebp: 93713796 registers.edx: 10307645 registers.ebx: 37833484 registers.esi: 37833464 registers.ecx: 0	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

GET method with no useragent header

suspicious_request

GET https://pastebin.com/raw/LJe9sUk5

Performs some HTTP requests (1 event)

request

GET https://pastebin.com/raw/LJe9sUk5

Allocates read-write-execute memory (usually to unpack itself) (31 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 458752 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00430000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00460000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 1900544 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00b70000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00442000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004bb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004b7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0044a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004a6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef58000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004aa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004a7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009d1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009d2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009d3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009d4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6f6f2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0044c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004ab000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 2, 2023, 10:27 a.m.	process_identifier: 2532 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009d5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

A process attempted to delay the analysis task. (1 event)

description

Limebase.txt.exe tried to sleep 385 seconds, actually delayed analysis time by 385 seconds

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Nov. 2, 2023, 10:27 a.m.	flags: 15 family: 0		111	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 events)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Nov. 2, 2023, 10:27 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0
LookupPrivilegeValueW Nov. 2, 2023, 10:27 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Communicates with host for which no DNS query was performed (1 event)

host

91.92.247.146

Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 event)

dead_host

91.92.247.146:14982

File has been identified by 54 AntiVirus engines on VirusTotal as malicious (50 out of 54 events)

Lionic	Trojan.Win32.Generic.mein
Elastic	Windows.Trojan.Limerat
MicroWorld-eScan	Generic.MSIL.LimeRAT.D9DD650D
ClamAV	Win.Malware.Barys-6836745-0
FireEye	Generic.mg.22df9b6c3a71b8db
CAT-QuickHeal	Backdoor.LimeratFC.S20328328
ALYac	Generic.MSIL.LimeRAT.D9DD650D
Cylance	unsafe
VIPRE	Generic.MSIL.LimeRAT.D9DD650D
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Trojan ( 005684c61 )
BitDefender	Generic.MSIL.LimeRAT.D9DD650D
K7GW	Trojan ( 005684c61 )
Arcabit	Generic.MSIL.LimeRAT.D9DD650D
BitDefenderTheta	Gen:NN.ZemsilF.36662.biW@ayTRBmj
VirIT	Trojan.Win32.MSIL_Heur.A
Cyren	W32/Tasker.A.gen!Eldorado
Symantec	Trojan.LimeRat
ESET-NOD32	a variant of MSIL/Agent.BPK
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.MSIL.Tasker.gen
Alibaba	Backdoor:MSIL/LimeRAT.5c9fa0ea
NANO-Antivirus	Trojan.Win32.Tasker.jyhcao
Rising	Trojan.AntiVM!1.CF63 (CLASSIC)
Emsisoft	Generic.MSIL.LimeRAT.D9DD650D (B)
F-Secure	Trojan.TR/Spy.Gen8
DrWeb	Trojan.DownLoader29.2373
TrendMicro	Coinminer.MSIL.LIMERAT.SMA
McAfee-GW-Edition	BehavesLike.Win32.Generic.mm
Trapmine	malicious.high.ml.score
Sophos	Mal/LimeRAT-A
Ikarus	Trojan.MSIL.Agent
Webroot	W32.Trojan.MSIL.Tasker
Avira	TR/Spy.Gen8
MAX	malware (ai score=87)
Antiy-AVL	Trojan/MSIL.Tasker
Gridinsoft	Trojan.Win32.Agent.cl
Microsoft	Backdoor:MSIL/LimeRAT.A!MTB
ZoneAlarm	HEUR:Trojan.MSIL.Tasker.gen
GData	MSIL.Backdoor.LimeRat.B
Google	Detected
AhnLab-V3	Win-Trojan/LimeRAT.Exp
VBA32	Backdoor.MSIL.Lime.Heur
DeepInstinct	MALICIOUS
Malwarebytes	Generic.Malware.AI.DDS
Panda	Trj/CI.A
TrendMicro-HouseCall	Coinminer.MSIL.LIMERAT.SMA
Tencent	Trojan.Msil.Tasker.za
SentinelOne	Static AI - Malicious PE

Limebase.txt.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All