Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 13, 2025, 2:59 p.m.	Jan. 13, 2025, 4:04 p.m.

Size	1.8MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`38a3db1b2362bfb8e0e0537f4299796a`
SHA256	`5e8d457a37ad2335f9ebddf695bd870f4222e943d2e747d66689fe86070e262a`
CRC32	`C156DF15`
ssdeep	`49152:MspG5MAzgqvijHN9PEx7fH5ppYzNRTWDd00p:Mspavij3PQfHq2`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

random.exe "C:\Users\test22\AppData\Local\Temp\random.exe"
1604

Name	Response	Post-Analysis Lookup
t.me	A 149.154.167.99	149.154.167.99
steamcommunity.com	A 104.76.74.15	23.49.154.73

IP Address	Status	Action
104.76.74.15	Active	Moloch
149.154.167.99	Active	Moloch
164.124.101.2	Active	Moloch
49.12.115.0	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49170 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 49.12.115.0:443 -> 192.168.56.103:49173	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49180 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49165 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49165 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49165 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49200 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49200 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 149.154.167.99:443 -> 192.168.56.103:49168	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49200 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49176 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49176 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49176 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49177	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49208 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49208 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49186 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49186 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49185 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49185 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49186 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49185 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49196	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49195 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49195 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49195 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49199 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49199 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 149.154.167.99:443 -> 192.168.56.103:49201	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49210	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 49.12.115.0:443 -> 192.168.56.103:49224	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49218 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49218 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49218 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 49.12.115.0:443 -> 192.168.56.103:49183	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49231 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49249 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49231 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49249 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49194 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49194 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49249 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49231 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49194 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49199 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 49.12.115.0:443 -> 192.168.56.103:49206	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49234 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49203 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 49.12.115.0:443 -> 192.168.56.103:49280	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49209 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49209 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49209 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49286 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 49.12.115.0:443 -> 192.168.56.103:49215	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 49.12.115.0:443 -> 192.168.56.103:49237	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49219	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49217 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49217 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49217 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49241	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 49.12.115.0:443 -> 192.168.56.103:49289	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 49.12.115.0:443 -> 192.168.56.103:49246	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49221 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49258 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49259	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49305 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49258 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49305 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49258 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49305 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49266	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49306	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49268 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49226 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49226 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49175 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49175 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49226 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49175 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49227 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49187	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49227 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49227 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 49.12.115.0:443 -> 192.168.56.103:49192	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49230 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49230 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49230 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49232	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49167 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49167 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49283 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49283 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49283 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49248 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49248 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49277 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49248 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49243 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49252 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 49.12.115.0:443 -> 192.168.56.103:49255	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49273 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 49.12.115.0:443 -> 192.168.56.103:49271	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49273 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49274 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49274 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49274 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49282 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49282 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 149.154.167.99:443 -> 192.168.56.103:49293	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49282 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 49.12.115.0:443 -> 192.168.56.103:49302	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49297	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49314 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49314 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49314 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49324	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49317 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 49.12.115.0:443 -> 192.168.56.103:49320	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49275	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49284	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49291 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49291 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49323 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49323 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49291 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49323 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49167 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49295 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49295 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49295 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49189 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49299 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49322 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49322 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49322 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49212 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 149.154.167.99:443 -> 192.168.56.103:49228	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49239 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49239 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49239 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49240 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49240 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49240 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49250	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49257 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49257 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49257 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49264 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49264 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49264 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49265 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49265 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49265 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49292 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49292 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49292 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49296 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49296 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49296 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49304 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49304 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49304 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49308 -> 104.76.74.15:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 49.12.115.0:443 -> 192.168.56.103:49311	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49313 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49313 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49313 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49315	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49226 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49248 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49209 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49273 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49185 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49199 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49165 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49282 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49274 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49217 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49227 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49176 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49218 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49283 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49314 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49186 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49258 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49323 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49195 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49231 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49305 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49249 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49200 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49208 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49304 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49265 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49257 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49240 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49313 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49167 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49264 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49239 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49292 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49296 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49291 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49295 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49175 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49322 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49194 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49170 104.76.74.15:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49180 104.76.74.15:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49234 104.76.74.15:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49203 104.76.74.15:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49286 104.76.74.15:443	None	None	None
TLSv1 192.168.56.103:49221 104.76.74.15:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49268 104.76.74.15:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49277 104.76.74.15:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49243 104.76.74.15:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49252 104.76.74.15:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49317 104.76.74.15:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49299 104.76.74.15:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49189 104.76.74.15:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49212 104.76.74.15:443	None	None	None
TLSv1 192.168.56.103:49308 104.76.74.15:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Jan. 13, 2025, 2:59 p.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (39 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 13, 2025, 2:59 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0
IsDebuggerPresent Jan. 13, 2025, 3:01 p.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	gyqqudfz
section	uqvvkgld
section	.taggant

One or more processes crashed (50 out of 116 events)

Time & API	Arguments	Status
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: _UnhandledExceptionFilter@4+0x300591 random+0x3250b9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 3297465 exception.address: 0x7250b9 registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 9232384 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 81 c2 e5 2a e5 59 81 ea dc b8 d7 4e 81 c2 32 exception.symbol: _UnhandledExceptionFilter@4+0x358b4 random+0x5a3dc exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 369628 exception.address: 0x45a3dc registers.esp: 1638240 registers.edi: 1971192040 registers.eax: 31125 registers.ebp: 3994583060 registers.edx: 4562403 registers.ebx: 1 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 89 14 24 e9 e3 01 00 00 89 exception.symbol: _UnhandledExceptionFilter@4+0x3541e random+0x59f46 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 368454 exception.address: 0x459f46 registers.esp: 1638244 registers.edi: 1971192040 registers.eax: 31125 registers.ebp: 3994583060 registers.edx: 4593528 registers.ebx: 1 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 50 e9 27 02 00 00 51 e9 e7 fb ff ff 45 45 81 exception.symbol: _UnhandledExceptionFilter@4+0x35bca random+0x5a6f2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 370418 exception.address: 0x45a6f2 registers.esp: 1638244 registers.edi: 1971192040 registers.eax: 0 registers.ebp: 3994583060 registers.edx: 4565472 registers.ebx: 1 registers.esi: 236777 registers.ecx: 1971388416	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb e9 8b ff ff ff 8b 14 24 81 c4 04 00 00 00 81 exception.symbol: _UnhandledExceptionFilter@4+0x36b2c random+0x5b654 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 374356 exception.address: 0x45b654 registers.esp: 1638240 registers.edi: 1971192040 registers.eax: 4566817 registers.ebp: 3994583060 registers.edx: 4565472 registers.ebx: 1044289047 registers.esi: 236777 registers.ecx: 1044538791	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 52 e9 9d 05 00 00 81 c9 c2 16 fd 1b 81 e9 3e exception.symbol: _UnhandledExceptionFilter@4+0x3647f random+0x5afa7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 372647 exception.address: 0x45afa7 registers.esp: 1638244 registers.edi: 4294939528 registers.eax: 4597724 registers.ebp: 3994583060 registers.edx: 1259 registers.ebx: 1044289047 registers.esi: 236777 registers.ecx: 1044538791	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 53 89 e3 81 c3 04 00 00 00 52 ba 04 00 00 00 exception.symbol: _UnhandledExceptionFilter@4+0x1ad90a random+0x1d2432 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1909810 exception.address: 0x5d2432 registers.esp: 1638244 registers.edi: 6106315 registers.eax: 33082 registers.ebp: 3994583060 registers.edx: 0 registers.ebx: 64488408 registers.esi: 6085423 registers.ecx: 613097	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 81 c6 07 b8 f6 77 81 c6 00 af ff 7a 03 34 24 exception.symbol: _UnhandledExceptionFilter@4+0x1af9de random+0x1d4506 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1918214 exception.address: 0x5d4506 registers.esp: 1638240 registers.edi: 6106315 registers.eax: 26152 registers.ebp: 3994583060 registers.edx: 583451080 registers.ebx: 793556785 registers.esi: 6111665 registers.ecx: 1081334088	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb e9 36 03 00 00 ba 12 3e c6 6f c1 ea 02 f7 da exception.symbol: _UnhandledExceptionFilter@4+0x1af6b8 random+0x1d41e0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1917408 exception.address: 0x5d41e0 registers.esp: 1638244 registers.edi: 6106315 registers.eax: 26152 registers.ebp: 3994583060 registers.edx: 583451080 registers.ebx: 793556785 registers.esi: 6137817 registers.ecx: 1081334088	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 56 89 e6 81 c6 04 00 00 00 81 ee 04 00 00 00 exception.symbol: _UnhandledExceptionFilter@4+0x1b008c random+0x1d4bb4 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1919924 exception.address: 0x5d4bb4 registers.esp: 1638244 registers.edi: 0 registers.eax: 26152 registers.ebp: 3994583060 registers.edx: 583451080 registers.ebx: 793556785 registers.esi: 6114525 registers.ecx: 1549541099	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 29 c9 ff 34 0a ff 34 24 8b 1c 24 51 68 a8 95 exception.symbol: _UnhandledExceptionFilter@4+0x1b6c41 random+0x1db769 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1947497 exception.address: 0x5db769 registers.esp: 1638244 registers.edi: 0 registers.eax: 26652 registers.ebp: 3994583060 registers.edx: 6167135 registers.ebx: 6114551 registers.esi: 19703 registers.ecx: 6114551	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 68 03 80 3d 4b 89 3c 24 e9 00 00 00 00 89 e7 exception.symbol: _UnhandledExceptionFilter@4+0x1b6e8f random+0x1db9b7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1948087 exception.address: 0x5db9b7 registers.esp: 1638244 registers.edi: 0 registers.eax: 26652 registers.ebp: 3994583060 registers.edx: 6167135 registers.ebx: 202985 registers.esi: 19703 registers.ecx: 4294943560	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 53 89 e3 81 c3 04 00 00 exception.symbol: _UnhandledExceptionFilter@4+0x1bbc91 random+0x1e07b9 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1968057 exception.address: 0x5e07b9 registers.esp: 1638236 registers.edi: 10694264 registers.eax: 1447909480 registers.ebp: 3994583060 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 6149760 registers.ecx: 20	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: _UnhandledExceptionFilter@4+0x1be486 random+0x1e2fae exception.address: 0x5e2fae exception.module: random.exe exception.exception_code: 0xc000001d exception.offset: 1978286 registers.esp: 1638236 registers.edi: 10694264 registers.eax: 1 registers.ebp: 3994583060 registers.edx: 22104 registers.ebx: 0 registers.esi: 6149760 registers.ecx: 20	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 35 2a 2d 12 01 exception.symbol: _UnhandledExceptionFilter@4+0x1bc6d9 random+0x1e1201 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1970689 exception.address: 0x5e1201 registers.esp: 1638236 registers.edi: 10694264 registers.eax: 1447909480 registers.ebp: 3994583060 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 6149760 registers.ecx: 10	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: cd 01 eb 00 66 ba 82 ee 64 8f 05 00 00 00 00 83 exception.symbol: _UnhandledExceptionFilter@4+0x1c15ae random+0x1e60d6 exception.instruction: int 1 exception.module: random.exe exception.exception_code: 0xc0000005 exception.offset: 1990870 exception.address: 0x5e60d6 registers.esp: 1638204 registers.edi: 0 registers.eax: 1638204 registers.ebp: 3994583060 registers.edx: 63803585 registers.ebx: 6185504 registers.esi: 1878281271 registers.ecx: 2581053254	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 55 bd 78 d8 67 4d e9 dc 00 00 00 05 04 00 00 exception.symbol: _UnhandledExceptionFilter@4+0x1c227a random+0x1e6da2 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1994146 exception.address: 0x5e6da2 registers.esp: 1638244 registers.edi: 10694264 registers.eax: 30586 registers.ebp: 3994583060 registers.edx: 2130566132 registers.ebx: 63788203 registers.esi: 10 registers.ecx: 6216814	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 52 c7 04 24 31 51 06 5f 89 1c 24 53 89 2c 24 exception.symbol: _UnhandledExceptionFilter@4+0x1c2652 random+0x1e717a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1995130 exception.address: 0x5e717a registers.esp: 1638244 registers.edi: 10694264 registers.eax: 0 registers.ebp: 3994583060 registers.edx: 6379 registers.ebx: 63788203 registers.esi: 10 registers.ecx: 6189678	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 81 ee 7b d9 de 7e 55 e9 e9 fe ff ff 81 eb cd exception.symbol: _UnhandledExceptionFilter@4+0x1d28ed random+0x1f7415 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2061333 exception.address: 0x5f7415 registers.esp: 1638240 registers.edi: 4555102 registers.eax: 30003 registers.ebp: 3994583060 registers.edx: 6 registers.ebx: 63791265 registers.esi: 6254320 registers.ecx: 0	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 0c 24 c7 04 24 85 b0 9e 66 81 04 exception.symbol: _UnhandledExceptionFilter@4+0x1d2405 random+0x1f6f2d exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2060077 exception.address: 0x5f6f2d registers.esp: 1638244 registers.edi: 4555102 registers.eax: 0 registers.ebp: 3994583060 registers.edx: 6 registers.ebx: 262633 registers.esi: 6257391 registers.ecx: 0	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 55 c7 04 24 22 ad fe 1d c1 2c 24 01 52 ba 9c exception.symbol: _UnhandledExceptionFilter@4+0x1d8238 random+0x1fcd60 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2084192 exception.address: 0x5fcd60 registers.esp: 1638236 registers.edi: 3999072586 registers.eax: 29083 registers.ebp: 3994583060 registers.edx: 1242478786 registers.ebx: 1241532560 registers.esi: 6307469 registers.ecx: 1248749815	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 56 50 b8 f4 7d 3a 6f 51 b9 91 50 c8 32 31 c8 exception.symbol: _UnhandledExceptionFilter@4+0x1d8421 random+0x1fcf49 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2084681 exception.address: 0x5fcf49 registers.esp: 1638236 registers.edi: 3199079608 registers.eax: 29083 registers.ebp: 3994583060 registers.edx: 1242478786 registers.ebx: 4294941396 registers.esi: 6307469 registers.ecx: 1248749815	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 50 89 34 24 e9 9a 02 00 00 89 14 24 83 ec 04 exception.symbol: _UnhandledExceptionFilter@4+0x1d99fb random+0x1fe523 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2090275 exception.address: 0x5fe523 registers.esp: 1638236 registers.edi: 3199079608 registers.eax: 32365 registers.ebp: 3994583060 registers.edx: 1425696357 registers.ebx: 1932115132 registers.esi: 6314458 registers.ecx: 1159373186	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 34 24 53 e9 65 00 00 00 exception.symbol: _UnhandledExceptionFilter@4+0x1d93ed random+0x1fdf15 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2088725 exception.address: 0x5fdf15 registers.esp: 1638236 registers.edi: 0 registers.eax: 32365 registers.ebp: 3994583060 registers.edx: 1425696357 registers.ebx: 30697 registers.esi: 6285626 registers.ecx: 1159373186	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 81 c1 fe c8 b5 76 81 ec 04 00 00 00 89 14 24 exception.symbol: _UnhandledExceptionFilter@4+0x1df4a2 random+0x203fca exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2113482 exception.address: 0x603fca registers.esp: 1638232 registers.edi: 0 registers.eax: 31489 registers.ebp: 3994583060 registers.edx: 2130566132 registers.ebx: 1324089278 registers.esi: 6285626 registers.ecx: 6307416	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 29 db ff 34 0b ff 34 24 8b 04 24 81 ec 04 00 exception.symbol: _UnhandledExceptionFilter@4+0x1df8fa random+0x204422 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2114594 exception.address: 0x604422 registers.esp: 1638236 registers.edi: 0 registers.eax: 31489 registers.ebp: 3994583060 registers.edx: 2130566132 registers.ebx: 1324089278 registers.esi: 6285626 registers.ecx: 6338905	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 51 e9 0c 01 00 00 bf d4 b5 10 85 e9 b3 01 00 exception.symbol: _UnhandledExceptionFilter@4+0x1df9a6 random+0x2044ce exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2114766 exception.address: 0x6044ce registers.esp: 1638236 registers.edi: 0 registers.eax: 84201 registers.ebp: 3994583060 registers.edx: 2130566132 registers.ebx: 4294938300 registers.esi: 6285626 registers.ecx: 6338905	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 68 21 f4 73 22 e9 9c fd ff ff 81 04 24 49 81 exception.symbol: _UnhandledExceptionFilter@4+0x1fd37b random+0x221ea3 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2236067 exception.address: 0x621ea3 registers.esp: 1638200 registers.edi: 569765487 registers.eax: 6428215 registers.ebp: 3994583060 registers.edx: 2130566132 registers.ebx: 2318644003 registers.esi: 6422840 registers.ecx: 2106654720	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 57 54 5f 56 be 98 49 7d 7f e9 21 00 00 00 01 exception.symbol: _UnhandledExceptionFilter@4+0x1fd19f random+0x221cc7 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2235591 exception.address: 0x621cc7 registers.esp: 1638204 registers.edi: 569765487 registers.eax: 6458458 registers.ebp: 3994583060 registers.edx: 2130566132 registers.ebx: 4294940092 registers.esi: 6422840 registers.ecx: 2887892823	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb e9 55 03 00 00 59 52 ba a6 ee 99 3f e9 b0 03 exception.symbol: _UnhandledExceptionFilter@4+0x1fded5 random+0x2229fd exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2238973 exception.address: 0x6229fd registers.esp: 1638204 registers.edi: 569765487 registers.eax: 32405 registers.ebp: 3994583060 registers.edx: 1128270001 registers.ebx: 6464054 registers.esi: 6422840 registers.ecx: 76737378	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 57 53 e9 9e 00 00 00 31 d5 5a e9 c5 fe ff ff exception.symbol: _UnhandledExceptionFilter@4+0x1fdd38 random+0x222860 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2238560 exception.address: 0x622860 registers.esp: 1638204 registers.edi: 569765487 registers.eax: 32405 registers.ebp: 3994583060 registers.edx: 0 registers.ebx: 6434406 registers.esi: 6422840 registers.ecx: 322689	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 57 e9 61 01 00 00 57 bf 6a 6e 1c 03 01 fe 5f exception.symbol: _UnhandledExceptionFilter@4+0x1ffcf0 random+0x224818 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2246680 exception.address: 0x624818 registers.esp: 1638200 registers.edi: 569765487 registers.eax: 27960 registers.ebp: 3994583060 registers.edx: 1682022475 registers.ebx: 6440778 registers.esi: 570011514 registers.ecx: 1688461432	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 89 e0 e9 bd fc ff ff 29 c3 exception.symbol: _UnhandledExceptionFilter@4+0x200062 random+0x224b8a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2247562 exception.address: 0x624b8a registers.esp: 1638204 registers.edi: 569765487 registers.eax: 27960 registers.ebp: 3994583060 registers.edx: 1682022475 registers.ebx: 6468738 registers.esi: 570011514 registers.ecx: 1688461432	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb e9 1f fb ff ff 83 c4 04 e9 87 01 00 00 54 5b exception.symbol: _UnhandledExceptionFilter@4+0x20040a random+0x224f32 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2248498 exception.address: 0x624f32 registers.esp: 1638204 registers.edi: 0 registers.eax: 1673341280 registers.ebp: 3994583060 registers.edx: 1682022475 registers.ebx: 6443542 registers.esi: 570011514 registers.ecx: 1688461432	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 29 db 68 a7 4a ec 7c e9 0f 00 00 00 89 2c 24 exception.symbol: _UnhandledExceptionFilter@4+0x2019c8 random+0x2264f0 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2254064 exception.address: 0x6264f0 registers.esp: 1638204 registers.edi: 6445745 registers.eax: 28156 registers.ebp: 3994583060 registers.edx: 1682022475 registers.ebx: 1962544938 registers.esi: 6445205 registers.ecx: 6474319	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 68 a7 f9 b9 74 89 34 24 e9 20 00 00 00 87 0c exception.symbol: _UnhandledExceptionFilter@4+0x201394 random+0x225ebc exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2252476 exception.address: 0x625ebc registers.esp: 1638204 registers.edi: 6445745 registers.eax: 28156 registers.ebp: 3994583060 registers.edx: 1682022475 registers.ebx: 4294941768 registers.esi: 4291204280 registers.ecx: 6474319	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 29 c0 ff 34 08 ff 34 24 5e 52 c7 04 24 94 fa exception.symbol: _UnhandledExceptionFilter@4+0x202556 random+0x22707e exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2257022 exception.address: 0x62707e registers.esp: 1638204 registers.edi: 6445745 registers.eax: 30865 registers.ebp: 3994583060 registers.edx: 1682022475 registers.ebx: 4294941768 registers.esi: 4291204280 registers.ecx: 6480060	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb e9 aa fe ff ff 29 f8 e9 fa 00 00 00 68 b6 f7 exception.symbol: _UnhandledExceptionFilter@4+0x202357 random+0x226e7f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2256511 exception.address: 0x626e7f registers.esp: 1638204 registers.edi: 6445745 registers.eax: 4294939316 registers.ebp: 3994583060 registers.edx: 1682022475 registers.ebx: 4294941768 registers.esi: 607947094 registers.ecx: 6480060	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 68 34 63 44 58 89 0c 24 89 04 24 55 50 b8 19 exception.symbol: _UnhandledExceptionFilter@4+0x2083b1 random+0x22ced9 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2281177 exception.address: 0x62ced9 registers.esp: 1638204 registers.edi: 6445745 registers.eax: 27380 registers.ebp: 3994583060 registers.edx: 0 registers.ebx: 262186 registers.esi: 608004324 registers.ecx: 6502122	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb b8 80 c4 4f 3b 2d a6 d7 7d 6d 56 e9 b5 01 00 exception.symbol: _UnhandledExceptionFilter@4+0x20873b random+0x22d263 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2282083 exception.address: 0x62d263 registers.esp: 1638204 registers.edi: 6445745 registers.eax: 27380 registers.ebp: 3994583060 registers.edx: 0 registers.ebx: 24811 registers.esi: 4294942768 registers.ecx: 6502122	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb e9 cc fd ff ff 53 bb 00 00 00 00 e9 e3 fe ff exception.symbol: _UnhandledExceptionFilter@4+0x20b33c random+0x22fe64 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2293348 exception.address: 0x62fe64 registers.esp: 1638200 registers.edi: 6445745 registers.eax: 30548 registers.ebp: 3994583060 registers.edx: 0 registers.ebx: 1017682948 registers.esi: 6486424 registers.ecx: 6502122	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb e9 6f 00 00 00 5c 81 c1 01 45 31 93 68 d6 44 exception.symbol: _UnhandledExceptionFilter@4+0x20b574 random+0x23009c exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2293916 exception.address: 0x63009c registers.esp: 1638204 registers.edi: 322689 registers.eax: 0 registers.ebp: 3994583060 registers.edx: 0 registers.ebx: 1017682948 registers.esi: 6489208 registers.ecx: 6502122	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 52 ba 61 c1 ff 77 81 ca b7 e0 9e 3f c1 ea 01 exception.symbol: _UnhandledExceptionFilter@4+0x20d55a random+0x232082 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2302082 exception.address: 0x632082 registers.esp: 1638200 registers.edi: 322689 registers.eax: 27507 registers.ebp: 3994583060 registers.edx: 0 registers.ebx: 6495362 registers.esi: 13303278 registers.ecx: 6493687	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 57 bf e0 dd 2f 7e 51 e9 1a 00 00 00 bf d5 19 exception.symbol: _UnhandledExceptionFilter@4+0x20d820 random+0x232348 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2302792 exception.address: 0x632348 registers.esp: 1638204 registers.edi: 322689 registers.eax: 0 registers.ebp: 3994583060 registers.edx: 3903747176 registers.ebx: 6498229 registers.esi: 13303278 registers.ecx: 6493687	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 51 55 68 c9 47 ef 7f 5d 81 cd 98 55 fb 5f 53 exception.symbol: _UnhandledExceptionFilter@4+0x21764d random+0x23c175 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2343285 exception.address: 0x63c175 registers.esp: 1638200 registers.edi: 6535627 registers.eax: 26287 registers.ebp: 3994583060 registers.edx: 2130566132 registers.ebx: 2457844731 registers.esi: 2089385091 registers.ecx: 2137100005	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 0c 24 e9 fc fa ff ff 29 d1 5a 89 exception.symbol: _UnhandledExceptionFilter@4+0x2175f7 random+0x23c11f exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2343199 exception.address: 0x63c11f registers.esp: 1638204 registers.edi: 6538314 registers.eax: 26287 registers.ebp: 3994583060 registers.edx: 604292946 registers.ebx: 0 registers.esi: 2089385091 registers.ecx: 2137100005	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 0c 24 e9 8e fc ff ff 89 exception.symbol: _UnhandledExceptionFilter@4+0x2271ce random+0x24bcf6 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2407670 exception.address: 0x64bcf6 registers.esp: 1638204 registers.edi: 4001152816 registers.eax: 6628094 registers.ebp: 3994583060 registers.edx: 4294941840 registers.ebx: 32172368 registers.esi: 13139492 registers.ecx: 7180469	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 31 d2 e9 41 f7 ff ff 81 e9 da c3 c9 7f ff 34 exception.symbol: _UnhandledExceptionFilter@4+0x23aa62 random+0x25f58a exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2487690 exception.address: 0x65f58a registers.esp: 1638204 registers.edi: 6657461 registers.eax: 30183 registers.ebp: 3994583060 registers.edx: 582600 registers.ebx: 4007617201 registers.esi: 10666532 registers.ecx: 6709771	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 68 54 bf 1f 38 89 14 24 52 c7 04 24 00 2f a5 exception.symbol: _UnhandledExceptionFilter@4+0x23a9b6 random+0x25f4de exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2487518 exception.address: 0x65f4de registers.esp: 1638204 registers.edi: 6657461 registers.eax: 30183 registers.ebp: 3994583060 registers.edx: 4294939620 registers.ebx: 3924199766 registers.esi: 10666532 registers.ecx: 6709771	1
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: fb 81 c2 75 3e 97 7e 81 ea 3b 0f e3 7f e9 77 03 exception.symbol: _UnhandledExceptionFilter@4+0x24889d random+0x26d3c5 exception.instruction: sti exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 2544581 exception.address: 0x66d3c5 registers.esp: 1638200 registers.edi: 0 registers.eax: 28616 registers.ebp: 3994583060 registers.edx: 6738333 registers.ebx: 284651942 registers.esi: 182994529 registers.ecx: 109	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

GET method with no useragent header

suspicious_request

GET https://steamcommunity.com/profiles/76561199816275252

Performs some HTTP requests (2 events)

request	GET http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl
request	GET https://steamcommunity.com/profiles/76561199816275252

Allocates read-write-execute memory (usually to unpack itself) (38 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7793f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 167936 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04400000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04410000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04430000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04440000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04450000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04460000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04470000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04480000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04630000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04640000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04650000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04660000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04670000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04680000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04690000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 13, 2025, 2:59 p.m.	process_identifier: 1604 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

A process attempted to delay the analysis task. (1 event)

description

random.exe tried to sleep 720 seconds, actually delayed analysis time by 720 seconds

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x00028c00', u'virtual_address': u'0x00001000', u'entropy': 7.968257165152927, u'name': u' \\x00 ', u'virtual_size': u'0x00055000'}

entropy

7.96825716515

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x001a7e00', u'virtual_address': u'0x00325000', u'entropy': 7.955568964104242, u'name': u'gyqqudfz', u'virtual_size': u'0x001a8000'}

entropy

7.9555689641

description

A section with a high entropy has been found

entropy

0.994116073817

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Communicates with host for which no DNS query was performed (1 event)

host

49.12.115.0

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (50 out of 235 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Jan. 13, 2025, 2:59 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Jan. 13, 2025, 3 p.m.	class_name: pediy06 window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Network activity contains more than one unique useragent (2 events)

process	random.exe				useragent
process	random.exe				useragent	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:131.0) Gecko/20100101 Firefox/131.0

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Jan. 13, 2025, 2:59 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 53 89 e3 81 c3 04 00 00 exception.symbol: _UnhandledExceptionFilter@4+0x1bbc91 random+0x1e07b9 exception.instruction: in eax, dx exception.module: random.exe exception.exception_code: 0xc0000096 exception.offset: 1968057 exception.address: 0x5e07b9 registers.esp: 1638236 registers.edi: 10694264 registers.eax: 1447909480 registers.ebp: 3994583060 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 6149760 registers.ecx: 20	1	0	0

File has been identified by 35 AntiVirus engines on VirusTotal as malicious (35 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Themida.m!c
tehtris	Generic.Malware
Cynet	Malicious (score: 99)
CTX	exe.trojan.themida
CAT-QuickHeal	Trojan.Ghanarava.173671927199796a
Skyhigh	BehavesLike.Win32.Themida.tc
Cylance	Unsafe
CrowdStrike	win/malicious_confidence_90% (W)
Alibaba	Backdoor:Win32/VenomRAT.da6e919b
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Paloalto	generic.ml
Kaspersky	Backdoor.Win32.VenomRAT.u
Rising	Backdoor.VenomRAT!8.1866A (CLOUD)
F-Secure	Heuristic.HEUR/AGEN.1314794
McAfeeD	Real Protect-LS!38A3DB1B2362
Trapmine	malicious.high.ml.score
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.38a3db1b2362bfb8
Google	Detected
Avira	HEUR/AGEN.1314794
Kingsoft	Win32.Hack.VenomRAT.gen
Gridinsoft	Trojan.Heur!.038520A1
Microsoft	Trojan:Win32/Vidar!rfn
Varist	W32/Themida.CT.gen!Eldorado
DeepInstinct	MALICIOUS
Malwarebytes	Trojan.Amadey
Zoner	Probably Heur.ExeHeaderL
Tencent	Trojan-DL.Win32.Deyma.kh
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	W32/Themida.HZB!tr

random.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All