Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 6, 2024, 6:15 p.m.	Oct. 6, 2024, 6:24 p.m.

Size	14.5MB
Type	Zip archive data, at least v2.0 to extract
MD5	`29fd6772aafb08c90b1ff9a91f48ecff`
SHA256	`287e892aeb4be05c881e19da227d0398cd321d5a9af837932c12dfaab641b4cb`
CRC32	`11F12601`
ssdeep	`393216:hU+MrvMUXlIm0QEiK4JISelo4pOT0w03Bl:hSIelIvgJYlIIF3/`
Yara	zip_file_format - ZIP file format

java.exe "C:\Program Files (x86)\Java\jre1.8.0_131\bin\java.exe" -jar C:\Users\test22\AppData\Local\Temp\185.jar
1648
- javaw.exe "C:\Program Files (x86)\Java\jre1.8.0_131\bin\javaw" -jar "C:\Users\test22\AppData\Local\Temp\m1728216960411752240726055893726.tmp" DELAY:3
  2268
  - netsh.exe netsh wlan show networks mode=bssid
    2652
  - netsh.exe netsh wlan show networks mode=bssid
    2744

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
185.196.220.62	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49168 -> 185.196.220.62:24464	2046187	ET MALWARE [ANY.RUN] Win32/DynamicRAT CnC Activity	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 6, 2024, 6:15 p.m.			0	0
IsDebuggerPresent Oct. 6, 2024, 6:16 p.m.			0	0

Command line console output was observed (5 events)

Time & API	Arguments	Status	Return
WriteConsoleA Oct. 6, 2024, 6:15 p.m.	buffer: ################################################ # # # ## # # ## ### ### ## ### # # # # # # # # # # # # # # # # ### # # ### # # # ## # # # # # ### ### # # # ### # # ### # # # # Obfuscation by Allatori Obfuscator v6.0 DEMO # # # # http://www.allatori.com # # # ################################################ console_handle: 0x00000007	1	1
WriteConsoleA Oct. 6, 2024, 6:15 p.m.	buffer: ################################################ # # # ## # # ## ### ### ## ### # # # # # # # # # # # # # # # # ### # # ### # # # ## # # # # # ### ### # # # ### # # ### # # # # Obfuscation by Allatori Obfuscator v6.0 DEMO # # # # http://www.allatori.com # # # ################################################ console_handle: 0x00000007	1	1
WriteConsoleA Oct. 6, 2024, 6:15 p.m.	buffer: ################################################ # # # ## # # ## ### ### ## ### # # # # # # # # # # # # # # # # ### # # ### # # # ## # # # # # ### ### # # # ### # # ### # # # # Obfuscation by Allatori Obfuscator v5.3 DEMO # # # # http://www.allatori.com # # # ################################################ console_handle: 0x00000007	1	1
WriteConsoleA Oct. 6, 2024, 6:15 p.m.	buffer: ################################################ # # # ## # # ## ### ### ## ### # # # # # # # # # # # # # # # # ### # # ### # # # ## # # # # # ### ### # # # ### # # ### # # # # Obfuscation by Allatori Obfuscator v5.3 DEMO # # # # http://www.allatori.com # # # ################################################ console_handle: 0x00000007	1	1
WriteConsoleA Oct. 6, 2024, 6:15 p.m.	buffer: ################################################ # # # ## # # ## ### ### ## ### # # # # # # # # # # # # # # # # ### # # ### # # # ## # # # # # ### ### # # # ### # # ### # # # # Obfuscation by Allatori Obfuscator v5.3 DEMO # # # # http://www.allatori.com # # # ################################################ console_handle: 0x00000007	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 6, 2024, 6:15 p.m.		1	1	0

One or more processes crashed (10 events)

Time & API	Arguments	Status
__exception__ Oct. 6, 2024, 6:15 p.m.	stacktrace: exception.instruction_r: 8b 06 8d b5 f8 00 00 00 c5 fe 7f 06 c5 fe 7f 7e exception.instruction: mov eax, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x2480202 registers.esp: 34797608 registers.edi: 1 registers.eax: 6 registers.ebp: 1950536896 registers.edx: 0 registers.ebx: 16910336 registers.esi: 0 registers.ecx: 3405691582	1
__exception__ Oct. 6, 2024, 6:16 p.m.	stacktrace: 0x24844e0 0x24844e0 0x24844e0 0x24847b4 0x24847b4 0x24847b4 0x24847b4 0x2480697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x59ba8 _JVM_EnqueueOperation@20-0x55108 jvm+0x167758 @ 0x74207758 JVM_GetThreadStateNames+0x59e13 _JVM_EnqueueOperation@20-0x54e9d jvm+0x1679c3 @ 0x742079c3 _JVM_InvokeMethod@16+0xb3 _JVM_NewInstanceFromConstructor@12-0x10d jvm+0x104093 @ 0x741a4093 _Java_sun_reflect_NativeMethodAccessorImpl_invoke0@20+0x15 _Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0@16-0x3 java+0x3b26 @ 0x74003b26 0x24847b4 0x24847b4 0x24847e9 0x24847b4 0x2480697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JNI_GetCreatedJavaVMs+0x6f27 JNI_CreateJavaVM-0xa4f9 jvm+0xdcb97 @ 0x7417cb97 JNI_GetCreatedJavaVMs+0xf4bf JNI_CreateJavaVM-0x1f61 jvm+0xe512f @ 0x7418512f java+0x229e @ 0x36229e java+0xae9f @ 0x36ae9f java+0xaf29 @ 0x36af29 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 85 05 00 01 52 00 8b f8 8b c6 8b f1 89 7c 24 34 exception.instruction: test eax, dword ptr [0x520100] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x25a7c5c registers.esp: 34796224 registers.edi: 268435456 registers.eax: 1049034481 registers.ebp: 34796556 registers.edx: 67125264 registers.ebx: 7 registers.esi: 3296699150 registers.ecx: 64	1
__exception__ Oct. 6, 2024, 6:16 p.m.	stacktrace: 0x24847b4 0x2484854 0x2484854 0x24847b4 0x24847b4 0x24847b4 0x24847b4 0x2484854 0x2484854 0x2484854 0x2484854 0x24847b4 0x2484854 0x2480697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x59ba8 _JVM_EnqueueOperation@20-0x55108 jvm+0x167758 @ 0x74207758 JVM_GetThreadStateNames+0x59e13 _JVM_EnqueueOperation@20-0x54e9d jvm+0x1679c3 @ 0x742079c3 _JVM_InvokeMethod@16+0xb3 _JVM_NewInstanceFromConstructor@12-0x10d jvm+0x104093 @ 0x741a4093 _Java_sun_reflect_NativeMethodAccessorImpl_invoke0@20+0x15 _Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0@16-0x3 java+0x3b26 @ 0x74003b26 0x24847b4 0x24847b4 0x24847e9 0x24847b4 0x2480697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x59ba8 _JVM_EnqueueOperation@20-0x55108 jvm+0x167758 @ 0x74207758 JVM_GetThreadStateNames+0x59e13 _JVM_EnqueueOperation@20-0x54e9d jvm+0x1679c3 @ 0x742079c3 _JVM_InvokeMethod@16+0xb3 _JVM_NewInstanceFromConstructor@12-0x10d jvm+0x104093 @ 0x741a4093 _Java_sun_reflect_NativeMethodAccessorImpl_invoke0@20+0x15 _Java_sun_reflect_NativeConstructorAccessorImpl_newInstance0@16-0x3 java+0x3b26 @ 0x74003b26 0x24847b4 0x24847b4 0x24847e9 0x24847b4 0x2480697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JNI_GetCreatedJavaVMs+0x6f27 JNI_CreateJavaVM-0xa4f9 jvm+0xdcb97 @ 0x7417cb97 JNI_GetCreatedJavaVMs+0xf4bf JNI_CreateJavaVM-0x1f61 jvm+0xe512f @ 0x7418512f java+0x229e @ 0x36229e java+0xae9f @ 0x36ae9f java+0xaf29 @ 0x36af29 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 85 05 00 01 52 00 c3 ba 00 c5 49 15 64 8b 0c 25 exception.instruction: test eax, dword ptr [0x520100] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x25df167 registers.esp: 34795084 registers.edi: 8961024 registers.eax: 73400320 registers.ebp: 34795140 registers.edx: 356516984 registers.ebx: 8192 registers.esi: 146264856 registers.ecx: 300711	1
__exception__ Oct. 6, 2024, 6:16 p.m.	stacktrace: exception.instruction_r: 8b 06 8d b5 f8 00 00 00 c5 fe 7f 06 c5 fe 7f 7e exception.instruction: mov eax, dword ptr [esi] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x24c0202 registers.esp: 35583388 registers.edi: 1 registers.eax: 6 registers.ebp: 1950536896 registers.edx: 0 registers.ebx: 16910336 registers.esi: 0 registers.ecx: 3405691582	1
__exception__ Oct. 6, 2024, 6:16 p.m.	stacktrace: _JVM_SetVmMemoryPressure@4-0x128cd jvm+0x7273 @ 0x740a7273 _JVM_SetVmMemoryPressure@4-0x127dc jvm+0x7364 @ 0x740a7364 JVM_FindClassFromBootLoader+0x3b _JVM_FindClassFromClassLoader@20-0x135 jvm+0x10781b @ 0x741a781b _Java_java_lang_ClassLoader_findBootstrapClass@12+0x69 _Java_java_lang_ClassLoader_findLoadedClass0@12-0x27 java+0x1e9d @ 0x74001e9d 0x24cd3d3 0x24c47b4 0x24c47b4 0x24c47b4 0x24c47b4 0x24c47b4 0x24c0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x741fb166 JVM_GetThreadStateNames+0x4d69f _JVM_EnqueueOperation@20-0x61611 jvm+0x15b24f @ 0x741fb24f _JVM_GetManagementExt@4+0x353d5 AsyncGetCallTrace-0x8508b jvm+0x508d5 @ 0x740f08d5 _JVM_GetManagementExt@4+0x3587a AsyncGetCallTrace-0x84be6 jvm+0x50d7a @ 0x740f0d7a _JVM_GetManagementExt@4+0x36ac0 AsyncGetCallTrace-0x839a0 jvm+0x51fc0 @ 0x740f1fc0 _JVM_GetManagementExt@4+0x36b0a AsyncGetCallTrace-0x83956 jvm+0x5200a @ 0x740f200a JVM_GetThreadStateNames+0x58feb _JVM_EnqueueOperation@20-0x55cc5 jvm+0x166b9b @ 0x74206b9b JVM_GetThreadStateNames+0x5a21d _JVM_EnqueueOperation@20-0x54a93 jvm+0x167dcd @ 0x74207dcd JVM_GetThreadStateNames+0x5a3c4 _JVM_EnqueueOperation@20-0x548ec jvm+0x167f74 @ 0x74207f74 _JVM_GetClassDeclaredFields@12+0x73d _JVM_GetClassDeclaredMethods@12-0x113 jvm+0x10ccbd @ 0x741accbd _JVM_GetClassDeclaredMethods@12+0x50 _JVM_GetClassDeclaredConstructors@12-0x50 jvm+0x10ce20 @ 0x741ace20 0x24cd3d3 0x24c47b4 0x24c47b4 0x24c47b4 0x24c47b4 0x24c47b4 0x24c47b4 0x24c47b4 0x24c47e9 0x24c47e9 0x24c47b4 0x24c47b4 0x24c47b4 0x24c47b4 0x24c0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde _JVM_GetManagementExt@4+0xa50eb AsyncGetCallTrace-0x15375 jvm+0xc05eb @ 0x741605eb _JVM_GetManagementExt@4+0xa62a7 AsyncGetCallTrace-0x141b9 jvm+0xc17a7 @ 0x741617a7 _JVM_GetManagementExt@4+0xa63f8 AsyncGetCallTrace-0x14068 jvm+0xc18f8 @ 0x741618f8 _JVM_GetManagementExt@4+0x68470 AsyncGetCallTrace-0x51ff0 jvm+0x83970 @ 0x74123970 _JVM_GetManagementExt@4+0x691fa AsyncGetCallTrace-0x51266 jvm+0x846fa @ 0x741246fa _JVM_GetManagementExt@4+0x64aa7 AsyncGetCallTrace-0x559b9 jvm+0x7ffa7 @ 0x7411ffa7 0x24d31bb 0x24c47e9 0x24c4854 0x24c4889 0x24c0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x741fb166 JVM_GetThreadStateNames+0x4d627 _JVM_EnqueueOperation@20-0x61689 jvm+0x15b1d7 @ 0x741fb1d7 jio_printf+0x9f _JVM_StartThread@8-0x11 jvm+0xff36f @ 0x7419f36f JVM_GetThreadStateNames+0x70080 _JVM_EnqueueOperation@20-0x3ec30 jvm+0x17dc30 @ 0x7421dc30 JVM_GetThreadStateNames+0x708fa _JVM_EnqueueOperation@20-0x3e3b6 jvm+0x17e4aa @ 0x7421e4aa _JVM_FindSignal@4+0x5b46 ??_7DCmdFactory@@6B@-0x1011ee jvm+0x1c2ec6 @ 0x74262ec6 _endthreadex+0x3a _beginthreadex-0xab msvcr100+0x5c556 @ 0x744cc556 exception.instruction_r: c7 04 08 01 00 00 00 5d c3 cc cc 83 3d 68 80 42 exception.instruction: mov dword ptr [eax + ecx], 1 exception.exception_code: 0xc0000005 exception.symbol: _JVM_SetVmMemoryPressure@4-0x1293b jvm+0x7205 exception.address: 0x740a7205 registers.esp: 383181812 registers.edi: 383181940 registers.eax: 3840 registers.ebp: 383181812 registers.edx: 383181979 registers.ebx: 0 registers.esi: 377255936 registers.ecx: 4653056	1
__exception__ Oct. 6, 2024, 6:16 p.m.	stacktrace: 0x24c4854 0x25ee4a8 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde _JVM_DoPrivileged@20+0x2bf _JVM_GetStackAccessControlContext@8-0x1b1 jvm+0x10b2cf @ 0x741ab2cf _Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2Ljava_security_AccessControlContext_2@16+0x17 _Java_java_security_AccessController_getStackAccessControlContext@8-0x3 java+0x1061 @ 0x74001061 0x265ec24 0x2667a7c JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x741fb166 JVM_GetThreadStateNames+0x4d69f _JVM_EnqueueOperation@20-0x61611 jvm+0x15b24f @ 0x741fb24f _JVM_GetManagementExt@4+0x353d5 AsyncGetCallTrace-0x8508b jvm+0x508d5 @ 0x740f08d5 _JVM_GetManagementExt@4+0x3587a AsyncGetCallTrace-0x84be6 jvm+0x50d7a @ 0x740f0d7a _JVM_GetManagementExt@4+0x36ac0 AsyncGetCallTrace-0x839a0 jvm+0x51fc0 @ 0x740f1fc0 _JVM_GetManagementExt@4+0x36b0a AsyncGetCallTrace-0x83956 jvm+0x5200a @ 0x740f200a _JVM_GetManagementExt@4+0x91bd8 AsyncGetCallTrace-0x28888 jvm+0xad0d8 @ 0x7414d0d8 _JVM_GetManagementExt@4+0x65a22 AsyncGetCallTrace-0x54a3e jvm+0x80f22 @ 0x74120f22 _JVM_GetManagementExt@4+0x65c07 AsyncGetCallTrace-0x54859 jvm+0x81107 @ 0x74121107 0x24d3ffe 0x24c47b4 0x24c47b4 0x24c47b4 0x24c47b4 0x24c4854 0x24c4854 0x24c4854 0x24c4889 0x24c0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x741fb166 JVM_GetThreadStateNames+0x4d627 _JVM_EnqueueOperation@20-0x61689 jvm+0x15b1d7 @ 0x741fb1d7 jio_printf+0x9f _JVM_StartThread@8-0x11 jvm+0xff36f @ 0x7419f36f JVM_GetThreadStateNames+0x70080 _JVM_EnqueueOperation@20-0x3ec30 jvm+0x17dc30 @ 0x7421dc30 JVM_GetThreadStateNames+0x708fa _JVM_EnqueueOperation@20-0x3e3b6 jvm+0x17e4aa @ 0x7421e4aa _JVM_FindSignal@4+0x5b46 ??_7DCmdFactory@@6B@-0x1011ee jvm+0x1c2ec6 @ 0x74262ec6 _endthreadex+0x3a _beginthreadex-0xab msvcr100+0x5c556 @ 0x744cc556 _endthreadex+0xe4 _beginthreadex-0x1 msvcr100+0x5c600 @ 0x744cc600 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 85 05 00 01 46 00 c3 b8 00 00 00 00 50 53 8b 58 exception.instruction: test eax, dword ptr [0x460100] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x25640da registers.esp: 382329484 registers.edi: 117 registers.eax: 163492136 registers.ebp: 382329848 registers.edx: 3 registers.ebx: 1 registers.esi: 163616992 registers.ecx: 105	1
__exception__ Oct. 6, 2024, 6:16 p.m.	stacktrace: 0x24c4854 0x25ee4a8 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde _JVM_DoPrivileged@20+0x2bf _JVM_GetStackAccessControlContext@8-0x1b1 jvm+0x10b2cf @ 0x741ab2cf _Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2Ljava_security_AccessControlContext_2@16+0x17 _Java_java_security_AccessController_getStackAccessControlContext@8-0x3 java+0x1061 @ 0x74001061 0x265ec24 0x2667a7c JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x741fb166 JVM_GetThreadStateNames+0x4d69f _JVM_EnqueueOperation@20-0x61611 jvm+0x15b24f @ 0x741fb24f _JVM_GetManagementExt@4+0x353d5 AsyncGetCallTrace-0x8508b jvm+0x508d5 @ 0x740f08d5 _JVM_GetManagementExt@4+0x3587a AsyncGetCallTrace-0x84be6 jvm+0x50d7a @ 0x740f0d7a _JVM_GetManagementExt@4+0x36ac0 AsyncGetCallTrace-0x839a0 jvm+0x51fc0 @ 0x740f1fc0 _JVM_GetManagementExt@4+0x36b0a AsyncGetCallTrace-0x83956 jvm+0x5200a @ 0x740f200a _JVM_GetManagementExt@4+0x91bd8 AsyncGetCallTrace-0x28888 jvm+0xad0d8 @ 0x7414d0d8 _JVM_GetManagementExt@4+0x65a22 AsyncGetCallTrace-0x54a3e jvm+0x80f22 @ 0x74120f22 _JVM_GetManagementExt@4+0x65c07 AsyncGetCallTrace-0x54859 jvm+0x81107 @ 0x74121107 0x24d3ffe 0x24c47b4 0x24c47b4 0x24c47b4 0x24c47b4 0x24c4854 0x24c4854 0x24c4854 0x24c4889 0x24c0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x741fb166 JVM_GetThreadStateNames+0x4d627 _JVM_EnqueueOperation@20-0x61689 jvm+0x15b1d7 @ 0x741fb1d7 jio_printf+0x9f _JVM_StartThread@8-0x11 jvm+0xff36f @ 0x7419f36f JVM_GetThreadStateNames+0x70080 _JVM_EnqueueOperation@20-0x3ec30 jvm+0x17dc30 @ 0x7421dc30 JVM_GetThreadStateNames+0x708fa _JVM_EnqueueOperation@20-0x3e3b6 jvm+0x17e4aa @ 0x7421e4aa _JVM_FindSignal@4+0x5b46 ??_7DCmdFactory@@6B@-0x1011ee jvm+0x1c2ec6 @ 0x74262ec6 _endthreadex+0x3a _beginthreadex-0xab msvcr100+0x5c556 @ 0x744cc556 _endthreadex+0xe4 _beginthreadex-0x1 msvcr100+0x5c600 @ 0x744cc600 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 85 05 00 01 46 00 c3 e8 86 d6 f4 ff e8 81 d6 f4 exception.instruction: test eax, dword ptr [0x460100] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x260eb7e registers.esp: 382329484 registers.edi: 117 registers.eax: 73 registers.ebp: 382329848 registers.edx: 73 registers.ebx: 1 registers.esi: 8388608 registers.ecx: 163492136	1
__exception__ Oct. 6, 2024, 6:16 p.m.	stacktrace: 0x24c4854 0x25ee4a8 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde _JVM_DoPrivileged@20+0x2bf _JVM_GetStackAccessControlContext@8-0x1b1 jvm+0x10b2cf @ 0x741ab2cf _Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2Ljava_security_AccessControlContext_2@16+0x17 _Java_java_security_AccessController_getStackAccessControlContext@8-0x3 java+0x1061 @ 0x74001061 0x265ec24 0x2667a7c JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x741fb166 JVM_GetThreadStateNames+0x4d69f _JVM_EnqueueOperation@20-0x61611 jvm+0x15b24f @ 0x741fb24f _JVM_GetManagementExt@4+0x353d5 AsyncGetCallTrace-0x8508b jvm+0x508d5 @ 0x740f08d5 _JVM_GetManagementExt@4+0x3587a AsyncGetCallTrace-0x84be6 jvm+0x50d7a @ 0x740f0d7a _JVM_GetManagementExt@4+0x36ac0 AsyncGetCallTrace-0x839a0 jvm+0x51fc0 @ 0x740f1fc0 _JVM_GetManagementExt@4+0x36b0a AsyncGetCallTrace-0x83956 jvm+0x5200a @ 0x740f200a _JVM_GetManagementExt@4+0x91bd8 AsyncGetCallTrace-0x28888 jvm+0xad0d8 @ 0x7414d0d8 _JVM_GetManagementExt@4+0x65a22 AsyncGetCallTrace-0x54a3e jvm+0x80f22 @ 0x74120f22 _JVM_GetManagementExt@4+0x65c07 AsyncGetCallTrace-0x54859 jvm+0x81107 @ 0x74121107 0x24d3ffe 0x24c47b4 0x24c47b4 0x24c47b4 0x24c47b4 0x24c4854 0x24c4854 0x24c4854 0x24c4889 0x24c0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x741fb166 JVM_GetThreadStateNames+0x4d627 _JVM_EnqueueOperation@20-0x61689 jvm+0x15b1d7 @ 0x741fb1d7 jio_printf+0x9f _JVM_StartThread@8-0x11 jvm+0xff36f @ 0x7419f36f JVM_GetThreadStateNames+0x70080 _JVM_EnqueueOperation@20-0x3ec30 jvm+0x17dc30 @ 0x7421dc30 JVM_GetThreadStateNames+0x708fa _JVM_EnqueueOperation@20-0x3e3b6 jvm+0x17e4aa @ 0x7421e4aa _JVM_FindSignal@4+0x5b46 ??_7DCmdFactory@@6B@-0x1011ee jvm+0x1c2ec6 @ 0x74262ec6 _endthreadex+0x3a _beginthreadex-0xab msvcr100+0x5c556 @ 0x744cc556 _endthreadex+0xe4 _beginthreadex-0x1 msvcr100+0x5c600 @ 0x744cc600 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 85 05 00 01 46 00 c3 b8 00 00 00 00 50 53 8b 58 exception.instruction: test eax, dword ptr [0x460100] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x25640da registers.esp: 382329484 registers.edi: 117 registers.eax: 163492136 registers.ebp: 382329848 registers.edx: 73 registers.ebx: 1 registers.esi: 8388608 registers.ecx: 117	1
__exception__ Oct. 6, 2024, 6:16 p.m.	stacktrace: 0x24c4854 0x25ee4a8 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde _JVM_DoPrivileged@20+0x2bf _JVM_GetStackAccessControlContext@8-0x1b1 jvm+0x10b2cf @ 0x741ab2cf _Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2Ljava_security_AccessControlContext_2@16+0x17 _Java_java_security_AccessController_getStackAccessControlContext@8-0x3 java+0x1061 @ 0x74001061 0x265ec24 0x2667a7c JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x741fb166 JVM_GetThreadStateNames+0x4d69f _JVM_EnqueueOperation@20-0x61611 jvm+0x15b24f @ 0x741fb24f _JVM_GetManagementExt@4+0x353d5 AsyncGetCallTrace-0x8508b jvm+0x508d5 @ 0x740f08d5 _JVM_GetManagementExt@4+0x3587a AsyncGetCallTrace-0x84be6 jvm+0x50d7a @ 0x740f0d7a _JVM_GetManagementExt@4+0x36ac0 AsyncGetCallTrace-0x839a0 jvm+0x51fc0 @ 0x740f1fc0 _JVM_GetManagementExt@4+0x36b0a AsyncGetCallTrace-0x83956 jvm+0x5200a @ 0x740f200a _JVM_GetManagementExt@4+0x91bd8 AsyncGetCallTrace-0x28888 jvm+0xad0d8 @ 0x7414d0d8 _JVM_GetManagementExt@4+0x65a22 AsyncGetCallTrace-0x54a3e jvm+0x80f22 @ 0x74120f22 _JVM_GetManagementExt@4+0x65c07 AsyncGetCallTrace-0x54859 jvm+0x81107 @ 0x74121107 0x24d3ffe 0x24c47b4 0x24c47b4 0x24c47b4 0x24c47b4 0x24c4854 0x24c4854 0x24c4854 0x24c4889 0x24c0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x741fb166 JVM_GetThreadStateNames+0x4d627 _JVM_EnqueueOperation@20-0x61689 jvm+0x15b1d7 @ 0x741fb1d7 jio_printf+0x9f _JVM_StartThread@8-0x11 jvm+0xff36f @ 0x7419f36f JVM_GetThreadStateNames+0x70080 _JVM_EnqueueOperation@20-0x3ec30 jvm+0x17dc30 @ 0x7421dc30 JVM_GetThreadStateNames+0x708fa _JVM_EnqueueOperation@20-0x3e3b6 jvm+0x17e4aa @ 0x7421e4aa _JVM_FindSignal@4+0x5b46 ??_7DCmdFactory@@6B@-0x1011ee jvm+0x1c2ec6 @ 0x74262ec6 _endthreadex+0x3a _beginthreadex-0xab msvcr100+0x5c556 @ 0x744cc556 _endthreadex+0xe4 _beginthreadex-0x1 msvcr100+0x5c600 @ 0x744cc600 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 85 05 00 01 46 00 c3 e8 86 d6 f4 ff e8 81 d6 f4 exception.instruction: test eax, dword ptr [0x460100] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x260eb7e registers.esp: 382329484 registers.edi: 117 registers.eax: 85 registers.ebp: 382329848 registers.edx: 85 registers.ebx: 1 registers.esi: 8388608 registers.ecx: 163492136	1
__exception__ Oct. 6, 2024, 6:17 p.m.	stacktrace: _JVM_SetVmMemoryPressure@4-0x128cd jvm+0x7273 @ 0x740a7273 _JVM_SetVmMemoryPressure@4-0x1285c jvm+0x72e4 @ 0x740a72e4 JVM_GetThreadStateNames+0x4f379 _JVM_EnqueueOperation@20-0x5f937 jvm+0x15cf29 @ 0x741fcf29 JVM_GetThreadStateNames+0x74947 _JVM_EnqueueOperation@20-0x3a369 jvm+0x1824f7 @ 0x742224f7 JVM_GetThreadStateNames+0x40a57 _JVM_EnqueueOperation@20-0x6e259 jvm+0x14e607 @ 0x741ee607 JVM_GetThreadStateNames+0x69f08 _JVM_EnqueueOperation@20-0x44da8 jvm+0x177ab8 @ 0x74217ab8 _JVM_GetManagementExt@4+0x62088 AsyncGetCallTrace-0x583d8 jvm+0x7d588 @ 0x7411d588 0x24d452b 0x24c47b4 0x24c4854 0x24c4854 0x24c4854 0x269e078 0x24c4854 0x24c4889 0x24c4889 0x24c4889 0x24c0697 JVM_GetThreadStateNames+0x4d395 _JVM_EnqueueOperation@20-0x6191b jvm+0x15af45 @ 0x741faf45 _JVM_FindSignal@4+0x6402e ??_7DCmdFactory@@6B@-0xa2d06 jvm+0x2213ae @ 0x742c13ae JVM_GetThreadStateNames+0x4d42e _JVM_EnqueueOperation@20-0x61882 jvm+0x15afde @ 0x741fafde JVM_GetThreadStateNames+0x4d5b6 _JVM_EnqueueOperation@20-0x616fa jvm+0x15b166 @ 0x741fb166 JVM_GetThreadStateNames+0x4d627 _JVM_EnqueueOperation@20-0x61689 jvm+0x15b1d7 @ 0x741fb1d7 jio_printf+0x9f _JVM_StartThread@8-0x11 jvm+0xff36f @ 0x7419f36f JVM_GetThreadStateNames+0x70080 _JVM_EnqueueOperation@20-0x3ec30 jvm+0x17dc30 @ 0x7421dc30 JVM_GetThreadStateNames+0x708fa _JVM_EnqueueOperation@20-0x3e3b6 jvm+0x17e4aa @ 0x7421e4aa _JVM_FindSignal@4+0x5b46 ??_7DCmdFactory@@6B@-0x1011ee jvm+0x1c2ec6 @ 0x74262ec6 _endthreadex+0x3a _beginthreadex-0xab msvcr100+0x5c556 @ 0x744cc556 _endthreadex+0xe4 _beginthreadex-0x1 msvcr100+0x5c600 @ 0x744cc600 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: c7 04 08 01 00 00 00 5d c3 cc cc 83 3d 68 80 42 exception.instruction: mov dword ptr [eax + ecx], 1 exception.exception_code: 0xc0000005 exception.symbol: _JVM_SetVmMemoryPressure@4-0x1293b jvm+0x7205 exception.address: 0x740a7205 registers.esp: 404614444 registers.edi: 376353792 registers.eax: 1664 registers.ebp: 404614444 registers.edx: 1949939156 registers.ebx: 9085008 registers.esi: 376353792 registers.ecx: 4653056	1

Starts servers listening (14 events)

Time & API	Arguments	Status	Return
bind Oct. 6, 2024, 6:16 p.m.	ip_address: socket: 736 port: 0	1	0
listen Oct. 6, 2024, 6:16 p.m.	socket: 736 backlog: 50	1	0
bind Oct. 6, 2024, 6:16 p.m.	ip_address: socket: 1248 port: 0	1	0
listen Oct. 6, 2024, 6:16 p.m.	socket: 1248 backlog: 50	1	0
accept Oct. 6, 2024, 6:16 p.m.	ip_address: socket: 1248 port: 0	1	940
bind Oct. 6, 2024, 6:16 p.m.	ip_address: socket: 1248 port: 0	1	0
listen Oct. 6, 2024, 6:16 p.m.	socket: 1248 backlog: 50	1	0
accept Oct. 6, 2024, 6:16 p.m.	ip_address: socket: 1248 port: 0	1	1256
bind Oct. 6, 2024, 6:16 p.m.	ip_address: socket: 1248 port: 0	1	0
listen Oct. 6, 2024, 6:16 p.m.	socket: 1248 backlog: 50	1	0
accept Oct. 6, 2024, 6:16 p.m.	ip_address: socket: 1248 port: 0	1	1264
bind Oct. 6, 2024, 6:16 p.m.	ip_address: socket: 1248 port: 0	1	0
listen Oct. 6, 2024, 6:16 p.m.	socket: 1248 backlog: 50	1	0
accept Oct. 6, 2024, 6:16 p.m.	ip_address: socket: 1248 port: 0	1	1272

Allocates read-write-execute memory (usually to unpack itself) (50 out of 104 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 163840 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02480000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024a8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024b8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024d8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024f0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024f8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02500000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02508000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02510000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02518000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02520000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02528000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02530000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02538000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02540000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02548000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02550000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02558000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02560000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02568000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02570000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02578000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02580000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02588000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02590000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02598000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025a0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025a8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025b8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025c0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025c8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025d0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025d8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025e0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x025e8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 2268 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 163840 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024c0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 2268 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024e8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 2268 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024f0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 2268 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x024f8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 2268 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02500000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 2268 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02508000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 2268 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02510000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Oct. 6, 2024, 6:16 p.m.	process_identifier: 2268 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 32768 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02518000 process_handle: 0xffffffff	1

Steals private information from local Internet browsers (50 out of 1166 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\ar
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\common.js
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\nl\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\es\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\lt\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\am
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\fi
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\_locales
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\fa
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\is
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\is\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\iw
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\it
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000101.log
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\ta\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\th\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56.sth
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\el\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crowd Deny
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\fil
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\de
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\id
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\de
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8620.824.0.0_0\_locales\nl
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\nl
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\da
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6781\manifest.fingerprint
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sl\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ms\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\pt_BR\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\sk\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sk
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\pt_BR\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\tr\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.47.0_0\_locales\ms\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\1256\_platform_specific\all\sths\e2694bae26e8e94009e8861bb63b83d43ee7fe7488fba48f2893019dddf1dbfe.sth
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\_locales\da\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\hi\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\6781\_metadata
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sv
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\fil\messages.json
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\sr
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\ko

Creates executable files on the filesystem (3 events)

file	C:\Users\test22\AppData\Local\Temp\JNativeHook-3756379486847286094.x86.dll
file	C:\Users\test22\AppData\Local\Temp\jna--877171118\jna1299671536493696708.dll
file	C:\Users\test22\AppData\Local\Temp\JNativeHook-908541295599153083.x86.dll

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\jna--877171118\jna1299671536493696708.dll

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Oct. 6, 2024, 6:15 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 65536 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x16200000 process_handle: 0xffffffff	1	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Oct. 6, 2024, 6:15 p.m.	flags: 28 family: 0	1	0	0

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

netsh wlan show networks mode=bssid

Communicates with host for which no DNS query was performed (1 event)

host

185.196.220.62

Attempts to identify installed AV products by installation directory (2 events)

file	C:\Users\test22\AppData\Local\AVAST Software\Browser\User Data
file	C:\Users\test22\AppData\Local\AVAST Software\Browser\User Data\Local State

Installs an hook procedure to monitor for mouse events (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExA Oct. 6, 2024, 6:16 p.m.	thread_identifier: 0 callback_function: 0x72071069 hook_identifier: 14 (WH_MOUSE_LL) module_address: 0x72070000	1	65865	0

Creates a windows hook that monitors keyboard input (keylogger) (1 event)

Time & API	Arguments	Status	Return	Repeated
SetWindowsHookExA Oct. 6, 2024, 6:16 p.m.	thread_identifier: 0 callback_function: 0x72071230 hook_identifier: 13 (WH_KEYBOARD_LL) module_address: 0x72070000	1	131399	0

File has been identified by 18 AntiVirus engines on VirusTotal as malicious (18 events)

Cynet	Malicious (score: 99)
Skyhigh	Artemis!Trojan
ESET-NOD32	a variant of Java/Kryptik.V
Avast	Java:Malware-gen [Trj]
Kaspersky	HEUR:Backdoor.Java.QRat.gen
Alibaba	Backdoor:JAVA/Kryptik.bd01b464
F-Secure	Malware.JAVA/AVI.Malware.mrucl
Ikarus	Trojan.Java.Crypt
Google	Detected
Avira	JAVA/AVI.Malware.mrucl
Kingsoft	Win32.Troj.Undef.a
Gridinsoft	Malware.U.Gen.tr
ZoneAlarm	HEUR:Backdoor.Java.QRat.gen
GData	Java.Trojan.Agent.S5JGEN
Varist	Java/Agent.APH
Tencent	Java.Backdoor.Qrat.Ktgl
AVG	Java:Malware-gen [Trj]
alibabacloud	Backdoor:Java/QRat.gyf

The processes java.exe, javaw.exe wrote an executable file to disk (4 events)

file	C:\Program Files (x86)\Java\jre1.8.0_131\bin\java.exe
file	C:\Users\test22\AppData\Local\Temp\JNativeHook-908541295599153083.x86.dll
file	C:\Users\test22\AppData\Local\Temp\JNativeHook-3756379486847286094.x86.dll
file	C:\Users\test22\AppData\Local\Temp\jna--877171118\jna1299671536493696708.dll

Generates some ICMP traffic

185.jar

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All