Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Jan. 24, 2024, 1:26 p.m.	Jan. 24, 2024, 1:27 p.m.

Size	1.7MB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`edca71eda8650a2c591c37c780b6a0c5`
SHA256	`db846642c1c1872c6713a4194c4dcc8a8d272ff1bf0bcacc1ca1bdc3da6bc42b`
CRC32	`F8152871`
ssdeep	`24576:/wo5kB53GllG88KMRKuKtsx+G1piDKpPjKUfgm175S97FdPECJHgwa:WBBGlzgKtchXi3Ufgm9ElLdgwa`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0?$CLockableFlexArray@VCStaticCritSec@@@@QEAA@$$QEAV0@@Z
2548
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0?$CLockableFlexArray@VCStaticCritSec@@@@QEAA@$$QEAV0@@Z
  2960
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0?$CLockableFlexArray@VCStaticCritSec@@@@QEAA@AEAV0@@Z
2632
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0?$CLockableFlexArray@VCStaticCritSec@@@@QEAA@AEAV0@@Z
  2952
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0?$CLockableFlexArray@VCStaticCritSec@@@@QEAA@XZ
2724
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0?$CLockableFlexArray@VCStaticCritSec@@@@QEAA@XZ
  812
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0?$SZLess@PEBG@@QEAA@AEBU0@@Z
2812
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0?$SZLess@PEBG@@QEAA@AEBU0@@Z
  192
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0?$SZLess@PEBG@@QEAA@XZ
2908
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0?$SZLess@PEBG@@QEAA@XZ
  2256
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0C9XAce@@QEAA@AEBV0@@Z
1216
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0C9XAce@@QEAA@AEBV0@@Z
  2268
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0C9XAce@@QEAA@KKKPEAG@Z
2188
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0C9XAce@@QEAA@KKKPEAG@Z
  2684
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0C9XAce@@QEAA@XZ
2628
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0C9XAce@@QEAA@XZ
  2868
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CAbstractQl1Parser@@QEAA@AEBV0@@Z
2988
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CAbstractQl1Parser@@QEAA@AEBV0@@Z
  2588
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CAbstractQl1Parser@@QEAA@PEAVCGenLexSource@@@Z
1400
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CAbstractQl1Parser@@QEAA@PEAVCGenLexSource@@@Z
  2856
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CArena@@QEAA@$$QEAV0@@Z
2452
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CArena@@QEAA@$$QEAV0@@Z
  2112
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CArena@@QEAA@AEBV0@@Z
2772
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CArena@@QEAA@AEBV0@@Z
  2652
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CArena@@QEAA@XZ
908
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CArena@@QEAA@XZ
  3068
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBaseAce@@QEAA@AEBV0@@Z
2660
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBaseAce@@QEAA@AEBV0@@Z
  2896
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBaseAce@@QEAA@XZ
2776
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBaseAce@@QEAA@XZ
  3200
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBasicUnloadInstruction@@IEAA@XZ
3180
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBasicUnloadInstruction@@IEAA@XZ
  3324
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBasicUnloadInstruction@@QEAA@AEBV0@@Z
3356
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBasicUnloadInstruction@@QEAA@AEBV0@@Z
  3552
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBasicUnloadInstruction@@QEAA@VCWbemInterval@@@Z
3528
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBasicUnloadInstruction@@QEAA@VCWbemInterval@@@Z
  3708
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBuffer@@QEAA@AEBV0@@Z
3656
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBuffer@@QEAA@AEBV0@@Z
  3860
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBuffer@@QEAA@PEAEKH@Z
3788
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CBuffer@@QEAA@PEAEKH@Z
  3972
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CCheckedInCritSec@@QEAA@PEAVCCritSec@@@Z
3920
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CCheckedInCritSec@@QEAA@PEAVCCritSec@@@Z
  3112
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CCircularQueue@@QEAA@XZ
4060
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CCircularQueue@@QEAA@XZ
  3228
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CClientOpsNode@@QEAA@XZ
3352
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CClientOpsNode@@QEAA@XZ
  3496
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CContainerControl@@QEAA@$$QEAV0@@Z
2384
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CContainerControl@@QEAA@$$QEAV0@@Z
  3984
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CContainerControl@@QEAA@AEBV0@@Z
3832
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CContainerControl@@QEAA@AEBV0@@Z
  4088
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CContainerControl@@QEAA@PEAUIUnknown@@@Z
2992
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CContainerControl@@QEAA@PEAUIUnknown@@@Z
  3828
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CCritSec@@QEAA@XZ
3304
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CCritSec@@QEAA@XZ
  3960
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CDMTFParser@@QEAA@PEBG@Z
3184
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CDMTFParser@@QEAA@PEBG@Z
  2104
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CDatePart@@QEAA@XZ
3348
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CDatePart@@QEAA@XZ
  2064
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CDateTimeParser@@IEAA@XZ
3124
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CDateTimeParser@@IEAA@XZ
  4080
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CDateTimeParser@@QEAA@PEBG@Z
3580
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CDateTimeParser@@QEAA@PEBG@Z
  3784
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CEnterWbemCriticalSection@@QEAA@PEAVCWbemCriticalSection@@K@Z
3472
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CEnterWbemCriticalSection@@QEAA@PEAVCWbemCriticalSection@@K@Z
  4184
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CEventLog@@QEAA@AEBV0@@Z
4256
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CEventLog@@QEAA@AEBV0@@Z
  4368
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CEventLog@@QEAA@PEBGAEBU_GUID@@K@Z
4360
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CEventLog@@QEAA@PEBGAEBU_GUID@@K@Z
  4604
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CEventLogRecord@@QEAA@AEAV0@@Z
4540
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CEventLogRecord@@QEAA@AEAV0@@Z
  4712
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CEventLogRecord@@QEAA@GAEBU_EVENT_DESCRIPTOR@@VCInsertionString@@111111111@Z
4680
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CEventLogRecord@@QEAA@GAEBU_EVENT_DESCRIPTOR@@VCInsertionString@@111111111@Z
  4956
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CExecQueue@@QEAA@AEAV0@@Z
4836
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CExecQueue@@QEAA@AEAV0@@Z
  4252
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CExecQueue@@QEAA@XZ
4932
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CExecQueue@@QEAA@XZ
  4100
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CExecRequest@@QEAA@AEBV0@@Z
5068
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CExecRequest@@QEAA@AEBV0@@Z
  3292
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CExecRequest@@QEAA@XZ
3460
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CExecRequest@@QEAA@XZ
  4640
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CFlexArray@@QEAA@AEAV0@@Z
4520
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CFlexArray@@QEAA@AEAV0@@Z
  4756
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CFlexArray@@QEAA@HH@Z
4600
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CFlexArray@@QEAA@HH@Z
  3516
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CFlexQueue@@QEAA@H@Z
4984
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CFlexQueue@@QEAA@H@Z
  4236
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CHaltable@@QEAA@AEBV0@@Z
3308
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CHaltable@@QEAA@AEBV0@@Z
  3232
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CHaltable@@QEAA@XZ
4656
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CHaltable@@QEAA@XZ
  5008
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CHex@@QEAA@J@Z
4112
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CHex@@QEAA@J@Z
  232
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CIdentitySecurity@@QEAA@AEBV0@@Z
4440
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CIdentitySecurity@@QEAA@AEBV0@@Z
  4988
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CIdentitySecurity@@QEAA@_N@Z
4920
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CIdentitySecurity@@QEAA@_N@Z
  5072
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CIdentityTest@@QEAA@AEBV0@@Z
4864
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CIdentityTest@@QEAA@AEBV0@@Z
  4372
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CIdentityTest@@QEAA@PEAVCTimerInstruction@@@Z
4108
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CIdentityTest@@QEAA@PEAVCTimerInstruction@@@Z
  536
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInCritSec@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
1792
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInCritSec@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z
  4992
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@$$QEAV0@@Z
3912
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@$$QEAV0@@Z
  4884
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@AEBV0@@Z
1560
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@AEBV0@@Z
  5124
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@J@Z
5184
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@J@Z
  5376
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@PEBD@Z
5368
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@PEBD@Z
  5572
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@PEBG@Z
5560
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@PEBG@Z
  5760
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@VCHex@@@Z
5696
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@VCHex@@@Z
  5904
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@XZ
5816
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInsertionString@@QEAA@XZ
  6028
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInstructionQueue@@QEAA@XZ
5944
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInstructionQueue@@QEAA@XZ
  6100
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInstructionTest@@QEAA@$$QEAV0@@Z
5140
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInstructionTest@@QEAA@$$QEAV0@@Z
  5412
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInstructionTest@@QEAA@AEBV0@@Z
5408
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInstructionTest@@QEAA@AEBV0@@Z
  5688
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInstructionTest@@QEAA@XZ
5656
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CInstructionTest@@QEAA@XZ
  5792
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CLifeControl@@QEAA@$$QEAV0@@Z
5860
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CLifeControl@@QEAA@$$QEAV0@@Z
  5492
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CLifeControl@@QEAA@AEBV0@@Z
5996
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CLifeControl@@QEAA@AEBV0@@Z
  5424
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CLifeControl@@QEAA@XZ
6076
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CLifeControl@@QEAA@XZ
  5724
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CLike@@QEAA@AEBV0@@Z
1780
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CLike@@QEAA@AEBV0@@Z
  6080
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CLike@@QEAA@PEBGG@Z
6052
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CLike@@QEAA@PEBGG@Z
  5188
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CLike@@QEAA@XZ
5600
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CLike@@QEAA@XZ
  6092
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CLimitControl@@QEAA@AEBV0@@Z
5552
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\edca71eda8650a2c591c37c780b6a0c5.exe.dll,??0CMRCICompression@@QEAA@XZ
5232

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (50 out of 59 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0
IsDebuggerPresent Jan. 24, 2024, 1:19 p.m.			0	0

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Jan. 24, 2024, 1:19 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	_RDATA
section	.text0

One or more processes crashed (30 events)

Time & API	Arguments	Status
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: _mbscpy+0x18f strcmp-0xb1 msvcrt+0x15a0f @ 0x7fefdb05a0f ??4CFlexArray@@QEAAAEAV0@AEAV0@@Z+0xe1 ?Sort@CFlexArray@@QEAAXXZ-0x3f wbemcomn+0x28a21 @ 0x7fef9448a21 ??0CFlexArray@@QEAA@AEAV0@@Z+0x20 ??4CFlexArray@@QEAAAEAV0@AEAV0@@Z-0x1c wbemcomn+0x28924 @ 0x7fef9448924 ??0?$CLockableFlexArray@VCStaticCritSec@@@@QEAA@AEAV0@@Z+0x23 ??4?$CLockableFlexArray@VCStaticCritSec@@@@QEAAAEAV0@AEAV0@@Z-0x29 wbemcomn+0x293fb @ 0x7fef94493fb rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 4c 8b 4c 0a f8 4c 8b 54 0a f0 4c 0f c3 49 f8 4c exception.symbol: _mbscpy+0x18f strcmp-0xb1 msvcrt+0x15a0f exception.instruction: mov r9, qword ptr [rdx + rcx + 0xfffffffffffffff8] exception.module: msvcrt.dll exception.exception_code: 0xc0000005 exception.offset: 88591 exception.address: 0x7fefdb05a0f registers.r14: 0 registers.r15: 0 registers.rcx: 76207096 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2096016 registers.r11: 524688 registers.r8: 75682408 registers.r9: 2365075 registers.rdx: -524504 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 64 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0C9XAce@@QEAA@AEBV0@@Z+0x18 ??4C9XAce@@QEAAAEAV0@AEBV0@@Z-0x38 wbemcomn+0x210a8 @ 0x7fef94410a8 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 89 01 48 8d 05 7e d7 02 00 48 89 01 48 8b 42 exception.instruction: mov qword ptr [rcx], rax exception.exception_code: 0xc0000005 exception.symbol: ??0C9XAce@@QEAA@AEBV0@@Z+0x18 ??4C9XAce@@QEAAAEAV0@AEBV0@@Z-0x38 wbemcomn+0x210a8 exception.address: 0x7fef94410a8 registers.r14: 0 registers.r15: 0 registers.rcx: 262434 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1834912 registers.r11: 1834000 registers.r8: 2670984 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 8791685261200 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0?$SZLess@PEBG@@QEAA@AEBU0@@Z+0x7 ??0Registry@@QEAA@PEAUHKEY__@@KKPEBG@Z-0x7d wbemcomn+0x2e967 @ 0x7fef944e967 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 89 01 48 8b c1 c3 90 90 90 90 90 90 48 89 5c exception.instruction: mov qword ptr [rcx], rax exception.exception_code: 0xc0000005 exception.symbol: ??0?$SZLess@PEBG@@QEAA@AEBU0@@Z+0x7 ??0Registry@@QEAA@PEAUHKEY__@@KKPEBG@Z-0x7d wbemcomn+0x2e967 exception.address: 0x7fef944e967 registers.r14: 0 registers.r15: 0 registers.rcx: 262472 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1767648 registers.r11: 1766736 registers.r8: 3326346 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 8791685326696 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0C9XAce@@QEAA@XZ+0x18 ?ElementSize@CSafeArray@@QEAAHXZ-0x20 wbemcomn+0x21054 @ 0x7fef9441054 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 89 01 48 8d 05 d2 d7 02 00 48 89 01 48 83 61 exception.instruction: mov qword ptr [rcx], rax exception.exception_code: 0xc0000005 exception.symbol: ??0C9XAce@@QEAA@XZ+0x18 ?ElementSize@CSafeArray@@QEAAHXZ-0x20 wbemcomn+0x21054 exception.address: 0x7fef9441054 registers.r14: 0 registers.r15: 0 registers.rcx: 262438 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2162384 registers.r11: 2161472 registers.r8: 2539868 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 8791685261200 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CAbstractQl1Parser@@QEAA@AEBV0@@Z+0x25 ??4CAbstractQl1Parser@@QEAAAEAV0@AEBV0@@Z-0x9f wbemcomn+0x2d245 @ 0x7fef944d245 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 89 01 48 8b 42 08 48 89 41 08 48 8b 42 10 48 exception.instruction: mov qword ptr [rcx], rax exception.exception_code: 0xc0000005 exception.symbol: ??0CAbstractQl1Parser@@QEAA@AEBV0@@Z+0x25 ??4CAbstractQl1Parser@@QEAAAEAV0@AEBV0@@Z-0x9f wbemcomn+0x2d245 exception.address: 0x7fef944d245 registers.r14: 0 registers.r15: 0 registers.rcx: 262476 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1769360 registers.r11: 1768448 registers.r8: 3326384 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 8791685262000 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CAbstractQl1Parser@@QEAA@PEAVCGenLexSource@@@Z+0x2a ?Parse@QL1_Parser@@QEAAHPEAPEAUQL_LEVEL_1_RPN_EXPRESSION@@@Z-0x13a wbemcomn+0x50aa @ 0x7fef94250aa rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 89 01 33 f6 89 71 58 89 71 68 48 89 71 60 48 exception.instruction: mov qword ptr [rcx], rax exception.exception_code: 0xc0000005 exception.symbol: ??0CAbstractQl1Parser@@QEAA@PEAVCGenLexSource@@@Z+0x2a ?Parse@QL1_Parser@@QEAAHPEAPEAUQL_LEVEL_1_RPN_EXPRESSION@@@Z-0x13a wbemcomn+0x50aa exception.address: 0x7fef94250aa registers.r14: 0 registers.r15: 0 registers.rcx: 131450 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2358672 registers.r11: 2357760 registers.r8: 3129850 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 8791685262000 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CArena@@QEAA@AEBV0@@Z+0x7 ??1CWin32DefaultArena@@QEAA@XZ-0xd wbemcomn+0x20057 @ 0x7fef9440057 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 89 01 48 8b c1 c3 90 90 90 90 90 90 48 8d 05 exception.instruction: mov qword ptr [rcx], rax exception.exception_code: 0xc0000005 exception.symbol: ??0CArena@@QEAA@AEBV0@@Z+0x7 ??1CWin32DefaultArena@@QEAA@XZ-0xd wbemcomn+0x20057 exception.address: 0x7fef9440057 registers.r14: 0 registers.r15: 0 registers.rcx: 655672 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2096528 registers.r11: 2095616 registers.r8: 3785052 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 8791685261016 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CBuffer@@QEAA@AEBV0@@Z+0x10 ??4CBuffer@@QEAAAEAV0@AEBV0@@Z-0x2c wbemcomn+0x202c0 @ 0x7fef94402c0 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 89 01 33 c0 89 41 08 48 89 41 10 89 41 18 89 exception.instruction: mov qword ptr [rcx], rax exception.exception_code: 0xc0000005 exception.symbol: ??0CBuffer@@QEAA@AEBV0@@Z+0x10 ??4CBuffer@@QEAAAEAV0@AEBV0@@Z-0x2c wbemcomn+0x202c0 exception.address: 0x7fef94402c0 registers.r14: 0 registers.r15: 0 registers.rcx: 131718 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 981936 registers.r11: 981024 registers.r8: 3129738 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 8791685261072 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CWbemCriticalSection@@QEAA@XZ+0xa8 ?AddMember@CLimitControl@@UEAAJXZ-0x28 wbemcomn+0xd190 @ 0x7fef942d190 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 83 61 08 00 83 61 1c 00 48 8d 05 71 15 04 00 48 exception.instruction: and dword ptr [rcx + 8], 0 exception.exception_code: 0xc0000005 exception.symbol: ??0CWbemCriticalSection@@QEAA@XZ+0xa8 ?AddMember@CLimitControl@@UEAAJXZ-0x28 wbemcomn+0xd190 exception.address: 0x7fef942d190 registers.r14: 0 registers.r15: 0 registers.rcx: 131738 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1701952 registers.r11: 1701040 registers.r8: 2408842 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 131738 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CCheckedInCritSec@@QEAA@PEAVCCritSec@@@Z+0x6 ??1CCheckedInCritSec@@QEAA@XZ-0x2a wbemcomn+0x2916 @ 0x7fef9422916 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 83 61 08 00 48 8b d9 48 89 11 48 8b ca e8 68 e7 exception.instruction: and dword ptr [rcx + 8], 0 exception.exception_code: 0xc0000005 exception.symbol: ??0CCheckedInCritSec@@QEAA@PEAVCCritSec@@@Z+0x6 ??1CCheckedInCritSec@@QEAA@XZ-0x2a wbemcomn+0x2916 exception.address: 0x7fef9422916 registers.r14: 0 registers.r15: 0 registers.rcx: 262784 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 916512 registers.r11: 915600 registers.r8: 2933214 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 262784 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CClientOpsNode@@QEAA@XZ+0x2 ?Lock@CClientOpsNode@@QEAAXXZ-0x1e wbemcomn+0x40226 @ 0x7fef9460226 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 89 01 48 89 41 08 48 89 41 10 48 89 41 18 48 exception.instruction: mov qword ptr [rcx], rax exception.exception_code: 0xc0000005 exception.symbol: ??0CClientOpsNode@@QEAA@XZ+0x2 ?Lock@CClientOpsNode@@QEAAXXZ-0x1e wbemcomn+0x40226 exception.address: 0x7fef9460226 registers.r14: 0 registers.r15: 0 registers.rcx: 131808 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2227088 registers.r11: 2226176 registers.r8: 835980 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CContainerControl@@QEAA@PEAUIUnknown@@@Z+0x7 ?AddRef@CContainerControl@@UEAAXPEAUIUnknown@@@Z-0x11 wbemcomn+0x268af @ 0x7fef94468af rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 89 51 08 48 89 01 48 8b c1 c3 90 90 90 90 90 exception.instruction: mov qword ptr [rcx + 8], rdx exception.exception_code: 0xc0000005 exception.symbol: ??0CContainerControl@@QEAA@PEAUIUnknown@@@Z+0x7 ?AddRef@CContainerControl@@UEAAXPEAUIUnknown@@@Z-0x11 wbemcomn+0x268af exception.address: 0x7fef94468af registers.r14: 0 registers.r15: 0 registers.rcx: 131846 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1768992 registers.r11: 1768080 registers.r8: 2998750 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 8791685261568 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: RtlInitializeCriticalSectionAndSpinCount+0x16 RtlInterlockedFlushSList-0x15a ntdll+0x26c36 @ 0x76d56c36 InitializeCriticalSectionAndSpinCount+0xa KernelBaseGetGlobalData-0x16 kernelbase+0x408a @ 0x7fefd4f408a ??0CCritSec@@QEAA@XZ+0x11 ?SetBSTR@CVar@@QEAAHPEAG@Z-0x7f wbemcomn+0x18c1 @ 0x7fef94218c1 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: c7 41 08 ff ff ff ff 48 89 bc 24 88 00 00 00 4c exception.symbol: RtlInitializeCriticalSectionAndSpinCount+0x16 RtlInterlockedFlushSList-0x15a ntdll+0x26c36 exception.instruction: mov dword ptr [rcx + 8], 0xffffffff exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 158774 exception.address: 0x76d56c36 registers.r14: 0 registers.r15: 0 registers.rcx: 131844 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1570880 registers.r11: 1569968 registers.r8: 3391840 registers.r9: 10 registers.rdx: 0 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 131844 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CDateTimeParser@@QEAA@PEBG@Z+0x10 ??0CDateTimeParser@@IEAA@XZ-0x230 wbemcomn+0x22a48 @ 0x7fef9442a48 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: c7 81 f8 00 00 00 02 00 00 00 e8 2d 05 00 00 4c exception.instruction: mov dword ptr [rcx + 0xf8], 2 exception.exception_code: 0xc0000005 exception.symbol: ??0CDateTimeParser@@QEAA@PEBG@Z+0x10 ??0CDateTimeParser@@IEAA@XZ-0x230 wbemcomn+0x22a48 exception.address: 0x7fef9442a48 registers.r14: 0 registers.r15: 0 registers.rcx: 262880 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2489616 registers.r11: 2488704 registers.r8: 3391894 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 262880 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ?Enter@CWbemCriticalSection@@QEAAHK@Z+0x37 ?Leave@CWbemCriticalSection@@QEAAXXZ-0x39 wbemcomn+0x6297 @ 0x7fef9426297 ??0CEnterWbemCriticalSection@@QEAA@PEAVCWbemCriticalSection@@K@Z+0x23 ??1CEnterWbemCriticalSection@@QEAA@XZ-0x15 wbemcomn+0x20cb3 @ 0x7fef9440cb3 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: f0 0f c1 03 03 c7 0f 85 1d 6f 00 00 89 6b 08 89 exception.instruction: xadd dword ptr [rbx], eax exception.exception_code: 0xc0000005 exception.symbol: ?Enter@CWbemCriticalSection@@QEAAHK@Z+0x37 ?Leave@CWbemCriticalSection@@QEAAXXZ-0x39 wbemcomn+0x6297 exception.address: 0x7fef9426297 registers.r14: 0 registers.r15: 0 registers.rcx: 4282712064 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 785168 registers.r11: 784256 registers.r8: 2998856 registers.r9: 10 registers.rdx: 2998856 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??4WString@@QEAAAEAV0@AEBV0@@Z+0x35 ?UnaccessRawArray@CVarVector@@QEAAJXZ-0x47 wbemcomn+0x2a19 @ 0x7fef9422a19 ??0CEventLog@@QEAA@AEBV0@@Z+0x27 ??4CEventLog@@QEAAAEAV0@AEBV0@@Z-0x61 wbemcomn+0x2753f @ 0x7fef944753f rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 66 f2 af 41 8d 40 03 48 f7 d1 48 8b f9 48 f7 e1 exception.instruction: scasw ax, word ptr [rdi] exception.exception_code: 0xc0000005 exception.symbol: ??4WString@@QEAAAEAV0@AEBV0@@Z+0x35 ?UnaccessRawArray@CVarVector@@QEAAJXZ-0x47 wbemcomn+0x2a19 exception.address: 0x7fef9422a19 registers.r14: 0 registers.r15: 0 registers.rcx: -1 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2424096 registers.r11: 2423184 registers.r8: -1 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CEventLogRecord@@QEAA@AEAV0@@Z+0x21 ??4CEventLogRecord@@QEAAAEAV0@AEAV0@@Z-0x33 wbemcomn+0x2749d @ 0x7fef944749d rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 66 89 01 8b 42 04 89 41 04 48 83 c2 08 48 83 c1 exception.instruction: mov word ptr [rcx], ax exception.exception_code: 0xc0000005 exception.symbol: ??0CEventLogRecord@@QEAA@AEAV0@@Z+0x21 ??4CEventLogRecord@@QEAAAEAV0@AEAV0@@Z-0x33 wbemcomn+0x2749d exception.address: 0x7fef944749d registers.r14: 0 registers.r15: 0 registers.rcx: 131976 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1441120 registers.r11: 1440208 registers.r8: 3457450 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 23117 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: memcpy+0x31 memcmp-0x15f msvcrt+0x1111 @ 0x7fefdaf1111 ??4CFlexArray@@QEAAAEAV0@AEAV0@@Z+0xe1 ?Sort@CFlexArray@@QEAAXXZ-0x3f wbemcomn+0x28a21 @ 0x7fef9448a21 ??0CFlexArray@@QEAA@AEAV0@@Z+0x20 ??4CFlexArray@@QEAAAEAV0@AEAV0@@Z-0x1c wbemcomn+0x28924 @ 0x7fef9448924 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 8b 04 0a 49 83 e8 04 89 01 4d 8b c8 49 c1 e9 05 exception.symbol: memcpy+0x31 memcmp-0x15f msvcrt+0x1111 exception.instruction: mov eax, dword ptr [rdx + rcx] exception.module: msvcrt.dll exception.exception_code: 0xc0000005 exception.offset: 4369 exception.address: 0x7fefdaf1111 registers.r14: 0 registers.r15: 0 registers.rcx: 76076136 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1178064 registers.r11: 393732 registers.r8: 75682408 registers.r9: 10 registers.rdx: -393548 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 4 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CFlexQueue@@QEAA@H@Z+0xb ??1CFlexQueue@@QEAA@XZ-0x41 wbemcomn+0x21eb @ 0x7fef94221eb rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 89 51 08 89 41 0c 89 41 10 3b d0 74 3f 48 63 d2 exception.instruction: mov dword ptr [rcx + 8], edx exception.exception_code: 0xc0000005 exception.symbol: ??0CFlexQueue@@QEAA@H@Z+0xb ??1CFlexQueue@@QEAA@XZ-0x41 wbemcomn+0x21eb exception.address: 0x7fef94221eb registers.r14: 0 registers.r15: 0 registers.rcx: 197572 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2620832 registers.r11: 2619920 registers.r8: 1032550 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??PWString@@QEBAHPEBG@Z+0x34 ??0CInsertionString@@QEAA@PEBG@Z-0xc wbemcomn+0x27330 @ 0x7fef9447330 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 89 11 48 8b c1 c3 90 90 90 90 90 90 48 89 4c 24 exception.instruction: mov dword ptr [rcx], edx exception.exception_code: 0xc0000005 exception.symbol: ??PWString@@QEBAHPEBG@Z+0x34 ??0CInsertionString@@QEAA@PEBG@Z-0xc wbemcomn+0x27330 exception.address: 0x7fef9447330 registers.r14: 0 registers.r15: 0 registers.rcx: 132118 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1441392 registers.r11: 1440480 registers.r8: 2212186 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 132118 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: RtlEqualSid+0x70 RtlCopySid-0x20 ntdll+0x292f0 @ 0x76d592f0 ??0CNtSid@@QEAA@AEBV0@@Z+0x5b ??BWString@@QEAAPEAGXZ-0xb5 wbemcomn+0x802b @ 0x7fef942802b ??0CIdentitySecurity@@QEAA@AEBV0@@Z+0x31 ??4CIdentitySecurity@@QEAAAEAV0@AEBV0@@Z-0x1b wbemcomn+0x21221 @ 0x7fef9441221 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 0f b6 41 01 8d 04 85 08 00 00 00 c3 90 90 90 90 exception.symbol: RtlEqualSid+0x70 RtlCopySid-0x20 ntdll+0x292f0 exception.instruction: movzx eax, byte ptr [rcx + 1] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 168688 exception.address: 0x76d592f0 registers.r14: 0 registers.r15: 0 registers.rcx: 64 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 720464 registers.r11: 719824 registers.r8: 3326382 registers.r9: 10 registers.rdx: 4282712088 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CIdentityTest@@QEAA@AEBV0@@Z+0x7 ??4CInstructionQueue@@QEAAAEAV0@AEBV0@@Z-0x15 wbemcomn+0x2fb53 @ 0x7fef944fb53 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 89 01 48 8b 42 08 48 89 41 08 48 8b c1 c3 90 exception.instruction: mov qword ptr [rcx], rax exception.exception_code: 0xc0000005 exception.symbol: ??0CIdentityTest@@QEAA@AEBV0@@Z+0x7 ??4CInstructionQueue@@QEAAAEAV0@AEBV0@@Z-0x15 wbemcomn+0x2fb53 exception.address: 0x7fef944fb53 registers.r14: 0 registers.r15: 0 registers.rcx: 132154 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1375792 registers.r11: 1374880 registers.r8: 2343318 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 8791685262200 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CIdentityTest@@QEAA@PEAVCTimerInstruction@@@Z+0x1d ??1CIdentityTest@@QEAA@XZ-0x13 wbemcomn+0x2fb1d @ 0x7fef944fb1d rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: ff 50 08 48 8b c3 48 83 c4 20 5b c3 90 90 90 90 exception.instruction: call qword ptr [rax + 8] exception.exception_code: 0xc0000005 exception.symbol: ??0CIdentityTest@@QEAA@PEAVCTimerInstruction@@@Z+0x1d ??1CIdentityTest@@QEAA@XZ-0x13 wbemcomn+0x2fb1d exception.address: 0x7fef944fb1d registers.r14: 0 registers.r15: 0 registers.rcx: 4282712064 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2752384 registers.r11: 2751472 registers.r8: 3916280 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 12894362189 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: RtlEnterCriticalSection+0x6 RtlLeaveCriticalSection-0x3a ntdll+0x52fc6 @ 0x76d82fc6 ??0CInCritSec@@QEAA@PEAU_RTL_CRITICAL_SECTION@@@Z+0x19 ??1CInCritSec@@QEAA@XZ-0x17 wbemcomn+0x1029 @ 0x7fef9421029 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: f0 0f ba 71 08 00 48 8b d9 0f 83 e9 b1 ff ff 65 exception.symbol: RtlEnterCriticalSection+0x6 RtlLeaveCriticalSection-0x3a ntdll+0x52fc6 exception.instruction: btr dword ptr [rcx + 8], 0 exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 339910 exception.address: 0x76d82fc6 registers.r14: 0 registers.r15: 0 registers.rcx: 4282712064 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2029968 registers.r11: 2029056 registers.r8: 2998778 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 66626 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??4WString@@QEAAAEAV0@AEBV0@@Z+0x35 ?UnaccessRawArray@CVarVector@@QEAAJXZ-0x47 wbemcomn+0x2a19 @ 0x7fef9422a19 ??0CInsertionString@@QEAA@AEBV0@@Z+0x2b ??4CInsertionString@@QEAAAEAV0@AEBV0@@Z-0x11 wbemcomn+0x27403 @ 0x7fef9447403 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 66 f2 af 41 8d 40 03 48 f7 d1 48 8b f9 48 f7 e1 exception.instruction: scasw ax, word ptr [rdi] exception.exception_code: 0xc0000005 exception.symbol: ??4WString@@QEAAAEAV0@AEBV0@@Z+0x35 ?UnaccessRawArray@CVarVector@@QEAAJXZ-0x47 wbemcomn+0x2a19 exception.address: 0x7fef9422a19 registers.r14: 0 registers.r15: 0 registers.rcx: -1 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2227792 registers.r11: 2226880 registers.r8: -1 registers.r9: 10 registers.rdx: 4282712072 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CInsertionString@@QEAA@PEBD@Z+0x16 ??1CInsertionString@@QEAA@XZ-0x1e wbemcomn+0x27386 @ 0x7fef9447386 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 83 21 00 48 83 c1 08 e8 7e c6 fd ff 90 48 8b c3 exception.instruction: and dword ptr [rcx], 0 exception.exception_code: 0xc0000005 exception.symbol: ??0CInsertionString@@QEAA@PEBD@Z+0x16 ??1CInsertionString@@QEAA@XZ-0x1e wbemcomn+0x27386 exception.address: 0x7fef9447386 registers.r14: 0 registers.r15: 0 registers.rcx: 132316 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1768416 registers.r11: 1767504 registers.r8: 3505512 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 132316 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CInsertionString@@QEAA@XZ+0x11 ?SetThreadLimits@CExecQueue@@QEAAXJJJ@Z-0x23 wbemcomn+0xed71 @ 0x7fef942ed71 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: c7 01 01 00 00 00 48 8d 05 62 74 06 00 48 89 41 exception.instruction: mov dword ptr [rcx], 1 exception.exception_code: 0xc0000005 exception.symbol: ??0CInsertionString@@QEAA@XZ+0x11 ?SetThreadLimits@CExecQueue@@QEAAXJJJ@Z-0x23 wbemcomn+0xed71 exception.address: 0x7fef942ed71 registers.r14: 0 registers.r15: 0 registers.rcx: 197856 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2227952 registers.r11: 2227040 registers.r8: 4357456 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 197856 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CInstructionTest@@QEAA@AEBV0@@Z+0x7 ??0CIdentityTest@@QEAA@PEAVCTimerInstruction@@@Z-0x15 wbemcomn+0x2faeb @ 0x7fef944faeb rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 89 01 48 8b c1 c3 90 90 90 90 90 90 90 90 90 exception.instruction: mov qword ptr [rcx], rax exception.exception_code: 0xc0000005 exception.symbol: ??0CInstructionTest@@QEAA@AEBV0@@Z+0x7 ??0CIdentityTest@@QEAA@PEAVCTimerInstruction@@@Z-0x15 wbemcomn+0x2faeb exception.address: 0x7fef944faeb registers.r14: 0 registers.r15: 0 registers.rcx: 132372 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2422864 registers.r11: 2421952 registers.r8: 3177808 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 8791685262192 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ?SetExpression@CLike@@QEAAXPEBGG@Z+0x32 ?Match@CLike@@QEAA_NPEBG@Z-0x102 wbemcomn+0x2b646 @ 0x7fef944b646 ??4CLike@@QEAAAEAV0@AEBV0@@Z+0x1c ?SetExpression@CLike@@QEAAXPEBGG@Z-0x20 wbemcomn+0x2b5f4 @ 0x7fef944b5f4 ??0CLike@@QEAA@AEBV0@@Z+0x12 ??0CLike@@QEAA@PEBGG@Z-0x12 wbemcomn+0x2b5a2 @ 0x7fef944b5a2 rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 66 f2 af 41 8d 40 03 48 f7 d1 48 8b f9 48 f7 e1 exception.instruction: scasw ax, word ptr [rdi] exception.exception_code: 0xc0000005 exception.symbol: ?SetExpression@CLike@@QEAAXPEBGG@Z+0x32 ?Match@CLike@@QEAA_NPEBG@Z-0x102 wbemcomn+0x2b646 exception.address: 0x7fef944b646 registers.r14: 0 registers.r15: 0 registers.rcx: -1 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 1047824 registers.r11: 1046912 registers.r8: -1 registers.r9: 10 registers.rdx: 12894362189 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ Jan. 24, 2024, 1:19 p.m.	stacktrace: ??0CLike@@QEAA@PEBGG@Z+0x6 ??4CLike@@QEAAAEAV0@AEBV0@@Z-0x1e wbemcomn+0x2b5ba @ 0x7fef944b5ba rundll32+0x2f42 @ 0xff452f42 rundll32+0x3b7a @ 0xff453b7a BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76c2652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x76d5c521 exception.instruction_r: 48 83 21 00 48 8b d9 e8 4e 00 00 00 48 8b c3 48 exception.instruction: and qword ptr [rcx], 0 exception.exception_code: 0xc0000005 exception.symbol: ??0CLike@@QEAA@PEBGG@Z+0x6 ??4CLike@@QEAAAEAV0@AEBV0@@Z-0x1e wbemcomn+0x2b5ba exception.address: 0x7fef944b5ba registers.r14: 0 registers.r15: 0 registers.rcx: 327982 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 851328 registers.r11: 850416 registers.r8: 2904532 registers.r9: 10 registers.rdx: 4282712064 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 327982 registers.r13: 0	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 201 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 2952 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 812 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 2268 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 2256 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 2684 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 2868 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 2588 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 2856 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 2652 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3068 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 2896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3200 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3324 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3708 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3860 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3972 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3228 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3496 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 4088 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3828 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3960 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 2104 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 2064 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 4080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3784 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 4184 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 4368 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 4712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 4100 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3292 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 4252 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 4640 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 4756 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3516 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 4236 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 3232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 5008 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 232 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 4988 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 5072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 4372 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 4992 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 5124 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000007304c000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 5376 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef41f4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 5376 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefa421000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Jan. 24, 2024, 1:19 p.m.	process_identifier: 5376 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefeb86000 process_handle: 0xffffffffffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00001600', u'virtual_address': u'0x0005f000', u'entropy': 7.612534918548779, u'name': u'.pdata', u'virtual_size': u'0x00001440'}

entropy

7.61253491855

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x00151200', u'virtual_address': u'0x00062000', u'entropy': 7.182736047377162, u'name': u'.text0', u'virtual_size': u'0x001511f8'}

entropy

7.18273604738

description

A section with a high entropy has been found

entropy

0.786295005807

description

Overall entropy of this PE file is high

File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 events)

Bkav	W64.AIDetectMalware
Lionic	Trojan.Win32.Mint.a!c
Cynet	Malicious (score: 100)
CAT-QuickHeal	TrojanDownloader.Win64
Skyhigh	BehavesLike.Win64.Trojan.tc
ALYac	Backdoor.Agent.status
Cylance	unsafe
VIPRE	Trojan.GenericKD.71282323
Sangfor	Downloader.Win64.Mint.Vtfm
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Trojan.GenericKD.71282323
K7GW	Trojan ( 005b0ce31 )
K7AntiVirus	Trojan ( 005b0ce31 )
Arcabit	Trojan.Generic.D43FAE93
Symantec	Trojan Horse
ESET-NOD32	a variant of Win64/Agent.DIZ
McAfee	Artemis!EDCA71EDA865
Avast	Win64:DropperX-gen [Drp]
Kaspersky	Trojan-Downloader.Win64.Mint.ava
Alibaba	TrojanDownloader:Win64/DropperX.92f32ac4
MicroWorld-eScan	Trojan.GenericKD.71282323
Rising	Downloader.Mint!8.15E62 (CLOUD)
Emsisoft	Trojan.GenericKD.71282323 (B)
F-Secure	Trojan.TR/Agent.tqvcs
FireEye	Generic.mg.edca71eda8650a2c
Sophos	Mal/Generic-S
Ikarus	Trojan.Win64.Agent
Webroot	W32.Trojan.Gen
Google	Detected
Avira	TR/Agent.tqvcs
Antiy-AVL	Trojan[Downloader]/Win64.Mint
Kingsoft	Win32.Troj.Unknown.a
Xcitium	Malware@#dcmsrfxmrc5j
Microsoft	Trojan:Win32/Phonzy.A!ml
ViRobot	Trojan.Win.S.Agent.1764352
ZoneAlarm	Trojan-Downloader.Win64.Mint.ava
GData	Win64.Trojan.Agent.VU8BS8
Varist	W64/ABRisk.XGQA-9302
AhnLab-V3	Trojan/Win.LazarLoader.C5572843
DeepInstinct	MALICIOUS
VBA32	TrojanDownloader.Win64.Mint
TrendMicro-HouseCall	TROJ_GEN.R002H0DAK24
Tencent	Malware.Win32.Gencirc.13fe361c
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/PossibleThreat
AVG	Win64:DropperX-gen [Drp]

edca71eda8650a2c591c37c780b6a0c5.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All