Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	July 31, 2024, 10:17 a.m.	July 31, 2024, 10:21 a.m.

Size	3.1MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`456509bf6306fe9f2f34cc8177cad73d`
SHA256	`ad20e7a152ac46c4aaa120869fc6034c35f7bd5bde9026274898e368ce679ea4`
CRC32	`AE211C5F`
ssdeep	`24576:waz1SiDbRumCs3bsvpYrp3PQCgQDfjXD8xPxUxcIO1LNaBFuqWRLgAFFFFFFpilF:n6Yp3tXDkxPxUx9ctDGl3lLrNtxV`
Yara	ConfuserEx_Zero - Confuser .NET Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature Malicious_Packer_Zero - Malicious Packer Is_DotNET_EXE - (no description) IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult UPX_Zero - UPX packed file

kjposter.exe "C:\Users\test22\AppData\Local\Temp\kjposter.exe"
1460

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (14 events)

Time & API	Arguments	Status	Return
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2024, 10:17 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 31, 2024, 10:17 a.m.			0	0
IsDebuggerPresent July 31, 2024, 10:17 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (6 events)

Time & API	Arguments	Status	Return
CryptExportKey July 31, 2024, 10:17 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x004a2268 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2024, 10:17 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x004a22e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2024, 10:17 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x004a22e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2024, 10:17 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x004a2d68 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2024, 10:17 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x004a2d68 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2024, 10:17 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x004a2d68 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 31, 2024, 10:17 a.m.		1	1	0

One or more processes crashed (10 events)

Time & API	Arguments	Status
__exception__ July 31, 2024, 10:17 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x754c374b DllDebugObjectRPCHook+0x108 HACCEL_UserFree-0x5 ole32+0x13f777 @ 0x75c6f777 NdrPointerFree+0x1b9 IUnknown_Release_Proxy-0xb rpcrt4+0x3419a @ 0x754d419a NdrClientCall2+0x118 RpcAsyncInitializeHandle-0xf1 rpcrt4+0xb011d @ 0x7555011d WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x75c6c8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x75b698ad CoWaitForMultipleHandles+0x1ee2 CoRegisterSurrogateEx-0x272d ole32+0x1805c @ 0x75b4805c MkParseDisplayName+0x60b CreatePointerMoniker-0x142 ole32+0xd4b4 @ 0x75b3d4b4 DllGetClassObjectInternal+0x21e5f CorDllMainForThunk-0x6a69c clr+0xe6ed8 @ 0x74016ed8 CreateHistoryReader+0xb0c60 PostErrorVA-0xb82ff clr+0x2c04a5 @ 0x741f04a5 CreateHistoryReader+0xb08c8 PostErrorVA-0xb8697 clr+0x2c010d @ 0x741f010d DllGetClassObjectInternal+0x6787f CorDllMainForThunk-0x24c7c clr+0x12c8f8 @ 0x7405c8f8 DllGetClassObjectInternal+0x4d4cf CorDllMainForThunk-0x3f02c clr+0x112548 @ 0x74042548 DllGetClassObjectInternal+0x52ce0 CorDllMainForThunk-0x3981b clr+0x117d59 @ 0x74047d59 system+0x946f6 @ 0x73cd46f6 system+0x8ddad @ 0x73ccddad system+0x8dc77 @ 0x73ccdc77 0x248edcb 0x248d438 0x248c5e3 system+0x19c522 @ 0x7101c522 system+0x19e920 @ 0x7101e920 system+0x19e803 @ 0x7101e803 system+0xaae673 @ 0x7192e673 system+0x202b60 @ 0x71082b60 system+0x1ee251 @ 0x7106e251 system+0x1ee229 @ 0x7106e229 system+0x1ee170 @ 0x7106e170 0x43a2ca gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x75600751 system+0x209247 @ 0x71089247 system+0x1fdbfc @ 0x7107dbfc system+0x1fd921 @ 0x7107d921 system+0x1fd792 @ 0x7107d792 system+0x1a14bd @ 0x710214bd 0x4f10ddc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x8001010d exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 3724080 registers.edi: 1974991376 registers.eax: 3724080 registers.ebp: 3724160 registers.edx: 1 registers.ebx: 5476524 registers.esi: 2147549453 registers.ecx: 1976003456	1
__exception__ July 31, 2024, 10:17 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x754c374b DllDebugObjectRPCHook+0x108 HACCEL_UserFree-0x5 ole32+0x13f777 @ 0x75c6f777 NdrPointerFree+0x1b9 IUnknown_Release_Proxy-0xb rpcrt4+0x3419a @ 0x754d419a NdrClientCall2+0x118 RpcAsyncInitializeHandle-0xf1 rpcrt4+0xb011d @ 0x7555011d WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x75c6c8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x75b698ad CoWaitForMultipleHandles+0x1ee2 CoRegisterSurrogateEx-0x272d ole32+0x1805c @ 0x75b4805c MkParseDisplayName+0x60b CreatePointerMoniker-0x142 ole32+0xd4b4 @ 0x75b3d4b4 DllGetClassObjectInternal+0x21e5f CorDllMainForThunk-0x6a69c clr+0xe6ed8 @ 0x74016ed8 CreateHistoryReader+0xb0c60 PostErrorVA-0xb82ff clr+0x2c04a5 @ 0x741f04a5 CreateHistoryReader+0xb08c8 PostErrorVA-0xb8697 clr+0x2c010d @ 0x741f010d DllGetClassObjectInternal+0x6787f CorDllMainForThunk-0x24c7c clr+0x12c8f8 @ 0x7405c8f8 DllGetClassObjectInternal+0x4d4cf CorDllMainForThunk-0x3f02c clr+0x112548 @ 0x74042548 DllGetClassObjectInternal+0x52ce0 CorDllMainForThunk-0x3981b clr+0x117d59 @ 0x74047d59 system+0x946f6 @ 0x73cd46f6 system+0xd7062 @ 0x73d17062 0x2486970 0x2485fd0 0x2484e87 0x248e68a 0x248eece 0x248d438 0x248c5e3 system+0x19c522 @ 0x7101c522 system+0x19e920 @ 0x7101e920 system+0x19e803 @ 0x7101e803 system+0xaae673 @ 0x7192e673 system+0x202b60 @ 0x71082b60 system+0x1ee251 @ 0x7106e251 system+0x1ee229 @ 0x7106e229 system+0x1ee170 @ 0x7106e170 0x43a2ca gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x75600751 system+0x209247 @ 0x71089247 system+0x1fdbfc @ 0x7107dbfc system+0x1fd921 @ 0x7107d921 system+0x1fd792 @ 0x7107d792 system+0x1a14bd @ 0x710214bd 0x4f10ddc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x8001010d exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 3723936 registers.edi: 1974991376 registers.eax: 3723936 registers.ebp: 3724016 registers.edx: 1 registers.ebx: 5476524 registers.esi: 2147549453 registers.ecx: 1976003456	1
__exception__ July 31, 2024, 10:17 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x754c374b DllDebugObjectRPCHook+0x108 HACCEL_UserFree-0x5 ole32+0x13f777 @ 0x75c6f777 NdrPointerFree+0x1b9 IUnknown_Release_Proxy-0xb rpcrt4+0x3419a @ 0x754d419a NdrClientCall2+0x118 RpcAsyncInitializeHandle-0xf1 rpcrt4+0xb011d @ 0x7555011d WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x75c6c8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x75b698ad CoWaitForMultipleHandles+0x1ee2 CoRegisterSurrogateEx-0x272d ole32+0x1805c @ 0x75b4805c MkParseDisplayName+0x60b CreatePointerMoniker-0x142 ole32+0xd4b4 @ 0x75b3d4b4 DllGetClassObjectInternal+0x21e5f CorDllMainForThunk-0x6a69c clr+0xe6ed8 @ 0x74016ed8 CreateHistoryReader+0xb0c60 PostErrorVA-0xb82ff clr+0x2c04a5 @ 0x741f04a5 CreateHistoryReader+0xb08c8 PostErrorVA-0xb8697 clr+0x2c010d @ 0x741f010d DllGetClassObjectInternal+0x6787f CorDllMainForThunk-0x24c7c clr+0x12c8f8 @ 0x7405c8f8 DllGetClassObjectInternal+0x4d4cf CorDllMainForThunk-0x3f02c clr+0x112548 @ 0x74042548 DllGetClassObjectInternal+0x52ce0 CorDllMainForThunk-0x3981b clr+0x117d59 @ 0x74047d59 system+0x946f6 @ 0x73cd46f6 system+0x8ddad @ 0x73ccddad system+0x8dc77 @ 0x73ccdc77 0x248f079 0x248d438 0x248c5e3 system+0x19c522 @ 0x7101c522 system+0x19e920 @ 0x7101e920 system+0x19e803 @ 0x7101e803 system+0xaae673 @ 0x7192e673 system+0x202b60 @ 0x71082b60 system+0x1ee251 @ 0x7106e251 system+0x1ee229 @ 0x7106e229 system+0x1ee170 @ 0x7106e170 0x43a2ca gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x75600751 system+0x209247 @ 0x71089247 system+0x1fdbfc @ 0x7107dbfc system+0x1fd921 @ 0x7107d921 system+0x1fd792 @ 0x7107d792 system+0x1a14bd @ 0x710214bd 0x4f10ddc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x8001010d exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 3724080 registers.edi: 1974991376 registers.eax: 3724080 registers.ebp: 3724160 registers.edx: 1 registers.ebx: 5476524 registers.esi: 2147549453 registers.ecx: 1976003456	1
__exception__ July 31, 2024, 10:17 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x754c374b DllDebugObjectRPCHook+0x108 HACCEL_UserFree-0x5 ole32+0x13f777 @ 0x75c6f777 NdrPointerFree+0x1b9 IUnknown_Release_Proxy-0xb rpcrt4+0x3419a @ 0x754d419a NdrClientCall2+0x118 RpcAsyncInitializeHandle-0xf1 rpcrt4+0xb011d @ 0x7555011d WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x75c6c8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x75b698ad CoWaitForMultipleHandles+0x1ee2 CoRegisterSurrogateEx-0x272d ole32+0x1805c @ 0x75b4805c MkParseDisplayName+0x60b CreatePointerMoniker-0x142 ole32+0xd4b4 @ 0x75b3d4b4 DllGetClassObjectInternal+0x21e5f CorDllMainForThunk-0x6a69c clr+0xe6ed8 @ 0x74016ed8 CreateHistoryReader+0xb0c60 PostErrorVA-0xb82ff clr+0x2c04a5 @ 0x741f04a5 CreateHistoryReader+0xb08c8 PostErrorVA-0xb8697 clr+0x2c010d @ 0x741f010d DllGetClassObjectInternal+0x6787f CorDllMainForThunk-0x24c7c clr+0x12c8f8 @ 0x7405c8f8 DllGetClassObjectInternal+0x4d4cf CorDllMainForThunk-0x3f02c clr+0x112548 @ 0x74042548 DllGetClassObjectInternal+0x52ce0 CorDllMainForThunk-0x3981b clr+0x117d59 @ 0x74047d59 system+0x946f6 @ 0x73cd46f6 system+0xd7062 @ 0x73d17062 0x2486970 0x2485fd0 0x248f38b 0x248d438 0x248c5e3 system+0x19c522 @ 0x7101c522 system+0x19e920 @ 0x7101e920 system+0x19e803 @ 0x7101e803 system+0xaae673 @ 0x7192e673 system+0x202b60 @ 0x71082b60 system+0x1ee251 @ 0x7106e251 system+0x1ee229 @ 0x7106e229 system+0x1ee170 @ 0x7106e170 0x43a2ca gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x75600751 system+0x209247 @ 0x71089247 system+0x1fdbfc @ 0x7107dbfc system+0x1fd921 @ 0x7107d921 system+0x1fd792 @ 0x7107d792 system+0x1a14bd @ 0x710214bd 0x4f10ddc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x8001010d exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 3723960 registers.edi: 1974991376 registers.eax: 3723960 registers.ebp: 3724040 registers.edx: 1 registers.ebx: 5476524 registers.esi: 2147549453 registers.ecx: 1976003456	1
__exception__ July 31, 2024, 10:17 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x754c374b DllDebugObjectRPCHook+0x108 HACCEL_UserFree-0x5 ole32+0x13f777 @ 0x75c6f777 NdrPointerFree+0x1b9 IUnknown_Release_Proxy-0xb rpcrt4+0x3419a @ 0x754d419a NdrClientCall2+0x118 RpcAsyncInitializeHandle-0xf1 rpcrt4+0xb011d @ 0x7555011d WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x75c6c8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x75b698ad CoWaitForMultipleHandles+0x1ee2 CoRegisterSurrogateEx-0x272d ole32+0x1805c @ 0x75b4805c MkParseDisplayName+0x60b CreatePointerMoniker-0x142 ole32+0xd4b4 @ 0x75b3d4b4 DllGetClassObjectInternal+0x21e5f CorDllMainForThunk-0x6a69c clr+0xe6ed8 @ 0x74016ed8 CreateHistoryReader+0xb0c60 PostErrorVA-0xb82ff clr+0x2c04a5 @ 0x741f04a5 CreateHistoryReader+0xb08c8 PostErrorVA-0xb8697 clr+0x2c010d @ 0x741f010d DllGetClassObjectInternal+0x6787f CorDllMainForThunk-0x24c7c clr+0x12c8f8 @ 0x7405c8f8 DllGetClassObjectInternal+0x4d4cf CorDllMainForThunk-0x3f02c clr+0x112548 @ 0x74042548 DllGetClassObjectInternal+0x52ce0 CorDllMainForThunk-0x3981b clr+0x117d59 @ 0x74047d59 system+0x946f6 @ 0x73cd46f6 system+0x8ddad @ 0x73ccddad system+0x8dc77 @ 0x73ccdc77 0x248edcb 0x5d99d97 0x248d7a4 0x248c5e3 system+0x19c522 @ 0x7101c522 system+0x19e920 @ 0x7101e920 system+0x19e803 @ 0x7101e803 system+0xaae673 @ 0x7192e673 system+0x202b60 @ 0x71082b60 system+0x1ee251 @ 0x7106e251 system+0x1ee229 @ 0x7106e229 system+0x1ee170 @ 0x7106e170 0x43a2ca gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x75600751 system+0x209247 @ 0x71089247 system+0x1fdbfc @ 0x7107dbfc system+0x1fd921 @ 0x7107d921 system+0x1fd792 @ 0x7107d792 system+0x1a14bd @ 0x710214bd 0x4f10ddc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x8001010d exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 3724032 registers.edi: 1974991376 registers.eax: 3724032 registers.ebp: 3724112 registers.edx: 1 registers.ebx: 5476524 registers.esi: 2147549453 registers.ecx: 1976003456	1
__exception__ July 31, 2024, 10:17 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x754c374b DllDebugObjectRPCHook+0x108 HACCEL_UserFree-0x5 ole32+0x13f777 @ 0x75c6f777 NdrPointerFree+0x1b9 IUnknown_Release_Proxy-0xb rpcrt4+0x3419a @ 0x754d419a NdrClientCall2+0x118 RpcAsyncInitializeHandle-0xf1 rpcrt4+0xb011d @ 0x7555011d WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x75c6c8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x75b698ad CoWaitForMultipleHandles+0x1ee2 CoRegisterSurrogateEx-0x272d ole32+0x1805c @ 0x75b4805c MkParseDisplayName+0x60b CreatePointerMoniker-0x142 ole32+0xd4b4 @ 0x75b3d4b4 DllGetClassObjectInternal+0x21e5f CorDllMainForThunk-0x6a69c clr+0xe6ed8 @ 0x74016ed8 CreateHistoryReader+0xb0c60 PostErrorVA-0xb82ff clr+0x2c04a5 @ 0x741f04a5 CreateHistoryReader+0xb08c8 PostErrorVA-0xb8697 clr+0x2c010d @ 0x741f010d DllGetClassObjectInternal+0x6787f CorDllMainForThunk-0x24c7c clr+0x12c8f8 @ 0x7405c8f8 DllGetClassObjectInternal+0x4d4cf CorDllMainForThunk-0x3f02c clr+0x112548 @ 0x74042548 DllGetClassObjectInternal+0x52ce0 CorDllMainForThunk-0x3981b clr+0x117d59 @ 0x74047d59 system+0x946f6 @ 0x73cd46f6 system+0x8ddad @ 0x73ccddad system+0x8dc77 @ 0x73ccdc77 0x248f079 0x5d99d97 0x248d7a4 0x248c5e3 system+0x19c522 @ 0x7101c522 system+0x19e920 @ 0x7101e920 system+0x19e803 @ 0x7101e803 system+0xaae673 @ 0x7192e673 system+0x202b60 @ 0x71082b60 system+0x1ee251 @ 0x7106e251 system+0x1ee229 @ 0x7106e229 system+0x1ee170 @ 0x7106e170 0x43a2ca gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x75600751 system+0x209247 @ 0x71089247 system+0x1fdbfc @ 0x7107dbfc system+0x1fd921 @ 0x7107d921 system+0x1fd792 @ 0x7107d792 system+0x1a14bd @ 0x710214bd 0x4f10ddc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x8001010d exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 3724032 registers.edi: 1974991376 registers.eax: 3724032 registers.ebp: 3724112 registers.edx: 1 registers.ebx: 5476524 registers.esi: 2147549453 registers.ecx: 1976003456	1
__exception__ July 31, 2024, 10:17 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x754c374b DllDebugObjectRPCHook+0x108 HACCEL_UserFree-0x5 ole32+0x13f777 @ 0x75c6f777 NdrPointerFree+0x1b9 IUnknown_Release_Proxy-0xb rpcrt4+0x3419a @ 0x754d419a NdrClientCall2+0x118 RpcAsyncInitializeHandle-0xf1 rpcrt4+0xb011d @ 0x7555011d WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x75c6c8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x75b698ad CoWaitForMultipleHandles+0x1ee2 CoRegisterSurrogateEx-0x272d ole32+0x1805c @ 0x75b4805c MkParseDisplayName+0x60b CreatePointerMoniker-0x142 ole32+0xd4b4 @ 0x75b3d4b4 DllGetClassObjectInternal+0x21e5f CorDllMainForThunk-0x6a69c clr+0xe6ed8 @ 0x74016ed8 CreateHistoryReader+0xb0c60 PostErrorVA-0xb82ff clr+0x2c04a5 @ 0x741f04a5 CreateHistoryReader+0xb08c8 PostErrorVA-0xb8697 clr+0x2c010d @ 0x741f010d DllGetClassObjectInternal+0x6787f CorDllMainForThunk-0x24c7c clr+0x12c8f8 @ 0x7405c8f8 DllGetClassObjectInternal+0x4d4cf CorDllMainForThunk-0x3f02c clr+0x112548 @ 0x74042548 DllGetClassObjectInternal+0x52ce0 CorDllMainForThunk-0x3981b clr+0x117d59 @ 0x74047d59 system+0x946f6 @ 0x73cd46f6 system+0xd7062 @ 0x73d17062 0x2486970 0x2485fd0 0x248f38b 0x5d99d97 0x248d7a4 0x248c5e3 system+0x19c522 @ 0x7101c522 system+0x19e920 @ 0x7101e920 system+0x19e803 @ 0x7101e803 system+0xaae673 @ 0x7192e673 system+0x202b60 @ 0x71082b60 system+0x1ee251 @ 0x7106e251 system+0x1ee229 @ 0x7106e229 system+0x1ee170 @ 0x7106e170 0x43a2ca gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x75600751 system+0x209247 @ 0x71089247 system+0x1fdbfc @ 0x7107dbfc system+0x1fd921 @ 0x7107d921 system+0x1fd792 @ 0x7107d792 system+0x1a14bd @ 0x710214bd 0x4f10ddc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x8001010d exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 3723920 registers.edi: 1974991376 registers.eax: 3723920 registers.ebp: 3724000 registers.edx: 1 registers.ebx: 5476524 registers.esi: 2147549453 registers.ecx: 1976003456	1
__exception__ July 31, 2024, 10:17 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x754c374b DllDebugObjectRPCHook+0x108 HACCEL_UserFree-0x5 ole32+0x13f777 @ 0x75c6f777 NdrPointerFree+0x1b9 IUnknown_Release_Proxy-0xb rpcrt4+0x3419a @ 0x754d419a NdrClientCall2+0x118 RpcAsyncInitializeHandle-0xf1 rpcrt4+0xb011d @ 0x7555011d WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x75c6c8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x75b698ad CoWaitForMultipleHandles+0x1ee2 CoRegisterSurrogateEx-0x272d ole32+0x1805c @ 0x75b4805c MkParseDisplayName+0x60b CreatePointerMoniker-0x142 ole32+0xd4b4 @ 0x75b3d4b4 DllGetClassObjectInternal+0x21e5f CorDllMainForThunk-0x6a69c clr+0xe6ed8 @ 0x74016ed8 CreateHistoryReader+0xb0c60 PostErrorVA-0xb82ff clr+0x2c04a5 @ 0x741f04a5 CreateHistoryReader+0xb08c8 PostErrorVA-0xb8697 clr+0x2c010d @ 0x741f010d DllGetClassObjectInternal+0x6787f CorDllMainForThunk-0x24c7c clr+0x12c8f8 @ 0x7405c8f8 DllGetClassObjectInternal+0x4d4cf CorDllMainForThunk-0x3f02c clr+0x112548 @ 0x74042548 DllGetClassObjectInternal+0x52ce0 CorDllMainForThunk-0x3981b clr+0x117d59 @ 0x74047d59 system+0x946f6 @ 0x73cd46f6 system+0x8ddad @ 0x73ccddad system+0x8dc77 @ 0x73ccdc77 0x248edcb 0x5d99d97 0x5d9a60c 0x248d7c7 0x248c5e3 system+0x19c522 @ 0x7101c522 system+0x19e920 @ 0x7101e920 system+0x19e803 @ 0x7101e803 system+0xaae673 @ 0x7192e673 system+0x202b60 @ 0x71082b60 system+0x1ee251 @ 0x7106e251 system+0x1ee229 @ 0x7106e229 system+0x1ee170 @ 0x7106e170 0x43a2ca gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x75600751 system+0x209247 @ 0x71089247 system+0x1fdbfc @ 0x7107dbfc system+0x1fd921 @ 0x7107d921 system+0x1fd792 @ 0x7107d792 system+0x1a14bd @ 0x710214bd 0x4f10ddc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x8001010d exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 3723720 registers.edi: 1974991376 registers.eax: 3723720 registers.ebp: 3723800 registers.edx: 1 registers.ebx: 5476524 registers.esi: 2147549453 registers.ecx: 1976003456	1
__exception__ July 31, 2024, 10:17 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x754c374b DllDebugObjectRPCHook+0x108 HACCEL_UserFree-0x5 ole32+0x13f777 @ 0x75c6f777 NdrPointerFree+0x1b9 IUnknown_Release_Proxy-0xb rpcrt4+0x3419a @ 0x754d419a NdrClientCall2+0x118 RpcAsyncInitializeHandle-0xf1 rpcrt4+0xb011d @ 0x7555011d WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x75c6c8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x75b698ad CoWaitForMultipleHandles+0x1ee2 CoRegisterSurrogateEx-0x272d ole32+0x1805c @ 0x75b4805c MkParseDisplayName+0x60b CreatePointerMoniker-0x142 ole32+0xd4b4 @ 0x75b3d4b4 DllGetClassObjectInternal+0x21e5f CorDllMainForThunk-0x6a69c clr+0xe6ed8 @ 0x74016ed8 CreateHistoryReader+0xb0c60 PostErrorVA-0xb82ff clr+0x2c04a5 @ 0x741f04a5 CreateHistoryReader+0xb08c8 PostErrorVA-0xb8697 clr+0x2c010d @ 0x741f010d DllGetClassObjectInternal+0x6787f CorDllMainForThunk-0x24c7c clr+0x12c8f8 @ 0x7405c8f8 DllGetClassObjectInternal+0x4d4cf CorDllMainForThunk-0x3f02c clr+0x112548 @ 0x74042548 DllGetClassObjectInternal+0x52ce0 CorDllMainForThunk-0x3981b clr+0x117d59 @ 0x74047d59 system+0x946f6 @ 0x73cd46f6 system+0x8ddad @ 0x73ccddad system+0x8dc77 @ 0x73ccdc77 0x248f079 0x5d99d97 0x5d9a60c 0x248d7c7 0x248c5e3 system+0x19c522 @ 0x7101c522 system+0x19e920 @ 0x7101e920 system+0x19e803 @ 0x7101e803 system+0xaae673 @ 0x7192e673 system+0x202b60 @ 0x71082b60 system+0x1ee251 @ 0x7106e251 system+0x1ee229 @ 0x7106e229 system+0x1ee170 @ 0x7106e170 0x43a2ca gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x75600751 system+0x209247 @ 0x71089247 system+0x1fdbfc @ 0x7107dbfc system+0x1fd921 @ 0x7107d921 system+0x1fd792 @ 0x7107d792 system+0x1a14bd @ 0x710214bd 0x4f10ddc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x8001010d exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 3723720 registers.edi: 1974991376 registers.eax: 3723720 registers.ebp: 3723800 registers.edx: 1 registers.ebx: 5476524 registers.esi: 2147549453 registers.ecx: 1976003456	1
__exception__ July 31, 2024, 10:17 a.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x754c374b DllDebugObjectRPCHook+0x108 HACCEL_UserFree-0x5 ole32+0x13f777 @ 0x75c6f777 NdrPointerFree+0x1b9 IUnknown_Release_Proxy-0xb rpcrt4+0x3419a @ 0x754d419a NdrClientCall2+0x118 RpcAsyncInitializeHandle-0xf1 rpcrt4+0xb011d @ 0x7555011d WdtpInterfacePointer_UserUnmarshal+0x166b DllDebugObjectRPCHook-0x2d8d ole32+0x13c8e2 @ 0x75c6c8e2 CoRegisterMessageFilter+0x32b4 ObjectStublessClient5-0x1db5 ole32+0x398ad @ 0x75b698ad CoWaitForMultipleHandles+0x1ee2 CoRegisterSurrogateEx-0x272d ole32+0x1805c @ 0x75b4805c MkParseDisplayName+0x60b CreatePointerMoniker-0x142 ole32+0xd4b4 @ 0x75b3d4b4 DllGetClassObjectInternal+0x21e5f CorDllMainForThunk-0x6a69c clr+0xe6ed8 @ 0x74016ed8 CreateHistoryReader+0xb0c60 PostErrorVA-0xb82ff clr+0x2c04a5 @ 0x741f04a5 CreateHistoryReader+0xb08c8 PostErrorVA-0xb8697 clr+0x2c010d @ 0x741f010d DllGetClassObjectInternal+0x6787f CorDllMainForThunk-0x24c7c clr+0x12c8f8 @ 0x7405c8f8 DllGetClassObjectInternal+0x4d4cf CorDllMainForThunk-0x3f02c clr+0x112548 @ 0x74042548 DllGetClassObjectInternal+0x52ce0 CorDllMainForThunk-0x3981b clr+0x117d59 @ 0x74047d59 system+0x946f6 @ 0x73cd46f6 system+0xd7062 @ 0x73d17062 0x2486970 0x2485fd0 0x248f38b 0x5d99d97 0x5d9a60c 0x248d7c7 0x248c5e3 system+0x19c522 @ 0x7101c522 system+0x19e920 @ 0x7101e920 system+0x19e803 @ 0x7101e803 system+0xaae673 @ 0x7192e673 system+0x202b60 @ 0x71082b60 system+0x1ee251 @ 0x7106e251 system+0x1ee229 @ 0x7106e229 system+0x1ee170 @ 0x7106e170 0x43a2ca gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755f62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755f6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755f6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755f6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x778b011a PeekMessageW+0x197 MsgWaitForMultipleObjectsEx-0x143 user32+0x20751 @ 0x75600751 system+0x209247 @ 0x71089247 system+0x1fdbfc @ 0x7107dbfc system+0x1fd921 @ 0x7107d921 system+0x1fd792 @ 0x7107d792 system+0x1a14bd @ 0x710214bd 0x4f10ddc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73f32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73ff74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73ff7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x74081dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x74081e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x74081f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7408416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745df5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74867f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74864de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x8001010d exception.offset: 46887 exception.address: 0x7559b727 registers.esp: 3723600 registers.edi: 1974991376 registers.eax: 3723600 registers.ebp: 3723680 registers.edx: 1 registers.ebx: 5476524 registers.esi: 2147549453 registers.ecx: 1976003456	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 96 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 1376256 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00550000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00660000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f32000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 851968 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00580000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00610000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00422000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0043c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00555000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0055b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00557000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0044a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00447000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00446000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006a1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0043d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bd0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0043a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006a2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0043e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006a3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006a4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006a5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006a9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ac000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ae000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0043f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006af000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0044b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024bf000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04510000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024cc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04511000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024cd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f11000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2024, 10:17 a.m.	process_identifier: 1460 region_size: 36864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04f14000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses July 31, 2024, 10:17 a.m.	flags: 15 family: 0		111	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW July 31, 2024, 10:17 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation July 31, 2024, 10:17 a.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

A process attempted to delay the analysis task. (1 event)

description

kjposter.exe tried to sleep 19097292 seconds, actually delayed analysis time by 19097292 seconds

File has been identified by 34 AntiVirus engines on VirusTotal as malicious (34 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Generic.4!c
ALYac	Gen:Variant.Zusy.555548
VIPRE	Gen:Variant.Zusy.555548
Sangfor	Trojan.Win32.Zusy.Vvo8
K7AntiVirus	Riskware ( 0040eff71 )
BitDefender	Gen:Variant.Zusy.555548
K7GW	Riskware ( 0040eff71 )
Arcabit	Trojan.Zusy.D87A1C
Symantec	ML.Attribute.HighConfidence
McAfee	Artemis!456509BF6306
Avast	MalwareX-gen [Trj]
ClamAV	Win.Packed.Lazy-10033423-0
MicroWorld-eScan	Gen:Variant.Zusy.555548
Emsisoft	Gen:Variant.Zusy.555548 (B)
DrWeb	Trojan.DownloaderNET.156
McAfeeD	ti!AD20E7A152AC
FireEye	Gen:Variant.Zusy.555548
Google	Detected
MAX	malware (ai score=88)
Antiy-AVL	GrayWare/Win32.Wacapew
Gridinsoft	Trojan.Win32.Downloader.sa
Microsoft	Trojan:Win32/Wacatac.B!ml
GData	Gen:Variant.Zusy.555548
AhnLab-V3	Trojan/Win.Generic.C5653792
BitDefenderTheta	Gen:NN.ZemsilCO.36810.ip1@aiTq3Jb
DeepInstinct	MALICIOUS
Malwarebytes	Malware.AI.960162144
Ikarus	Trojan.Crypt
Panda	Trj/Chgt.AD
TrendMicro-HouseCall	TROJ_GEN.R002H09GU24
Fortinet	PossibleThreat
AVG	MalwareX-gen [Trj]
Paloalto	generic.ml

kjposter.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All