Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Feb. 7, 2025, 2:10 p.m.	Feb. 7, 2025, 2:13 p.m.

Size	360.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`e1408abc6c49f68336e45550423f847e`
SHA256	`03a154ff5dd6c2e783a72c63f515e8a656e50958d31a0ee5c3cf61f31c5433f1`
CRC32	`8DCFE9C3`
ssdeep	`6144:k9VsrW7h+j50ksBez8l7cziNfupNJYqJwbrt17UQDYYzWhAlAFPi+WXwdcWhxALt:kJsjSszBOcJJ27UQDY7AKI9wRhegi`
Yara	PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) IsPE32 - (no description)

pure.exe "C:\Users\test22\AppData\Local\Temp\pure.exe"
1648

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
198.135.53.180	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (12 events)

Time & API	Arguments	Status	Return
GetComputerNameW Feb. 7, 2025, 2:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 7, 2025, 2:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 7, 2025, 2:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 7, 2025, 2:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 7, 2025, 2:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 7, 2025, 2:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 7, 2025, 2:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 7, 2025, 2:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 7, 2025, 2:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 7, 2025, 2:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 7, 2025, 2:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Feb. 7, 2025, 2:11 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 7, 2025, 2:10 p.m.			0	0
IsDebuggerPresent Feb. 7, 2025, 2:10 p.m.			0	0

Uses Windows APIs to generate a cryptographic key (5 events)

Time & API	Arguments	Status	Return
CryptExportKey Feb. 7, 2025, 2:10 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00415d70 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptExportKey Feb. 7, 2025, 2:10 p.m.	buffer: f îR ÿ0)a)'XQÚN×ÛûÜ¿31Ú <ÔZ crypto_handle: 0x00415d70 flags: 0 crypto_export_handle: 0x00000000 blob_type: 8	1	1
CryptExportKey Feb. 7, 2025, 2:11 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00415db0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Feb. 7, 2025, 2:11 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00415db0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Feb. 7, 2025, 2:11 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00415ef0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Feb. 7, 2025, 2:10 p.m.		1	1	0

One or more processes crashed (9 events)

Time & API	Arguments	Status
__exception__ Feb. 7, 2025, 2:11 p.m.	stacktrace: 0x4ceb84d 0x5e7d3fb 0x5e77a4e mscorlib+0xa3aba7 @ 0x72ffaba7 mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f mscorlib+0xa34d2d @ 0x72ff4d2d mscorlib+0xa362f1 @ 0x72ff62f1 mscorlib+0xa35383 @ 0x72ff5383 mscorlib+0xa3506f @ 0x72ff506f 0x5e77753 0x5fad84c mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f 0x5fad054 0x5fa8d54 0x5fa8b7c 0x5e7758d 0x4cef522 0x4cef47c mscorlib+0x34c181 @ 0x7290c181 mscorlib+0x34b466 @ 0x7290b466 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x34b13b @ 0x7290b13b mscorlib+0x30d3a5 @ 0x728cd3a5 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x4a153 CorDllMainForThunk-0x423a8 clr+0x10f1cc @ 0x7403f1cc LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x73fa7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x73fa7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x73fa7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x73f3c3bf DllGetClassObjectInternal+0x4a0eb CorDllMainForThunk-0x42410 clr+0x10f164 @ 0x7403f164 DllGetClassObjectInternal+0x2a4d4 CorDllMainForThunk-0x62027 clr+0xef54d @ 0x7401f54d DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x7404a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 01 8b 40 28 8b 00 6a 00 6a 00 6a 01 50 e8 01 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xae625b registers.esp: 104327696 registers.edi: 39041356 registers.eax: 38639192 registers.ebp: 104327708 registers.edx: 0 registers.ebx: 38864940 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 7, 2025, 2:11 p.m.	stacktrace: 0x4ceb84d 0x5e7d3fb 0x5e77a4e mscorlib+0xa3aba7 @ 0x72ffaba7 mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f mscorlib+0xa34d2d @ 0x72ff4d2d mscorlib+0xa362f1 @ 0x72ff62f1 mscorlib+0xa35383 @ 0x72ff5383 mscorlib+0xa3506f @ 0x72ff506f 0x5e77753 0x5fad84c mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0x34b4f2 @ 0x7290b4f2 mscorlib+0x34b466 @ 0x7290b466 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x34b13b @ 0x7290b13b mscorlib+0x30d3a5 @ 0x728cd3a5 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x4a153 CorDllMainForThunk-0x423a8 clr+0x10f1cc @ 0x7403f1cc LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x73fa7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x73fa7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x73fa7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x73f3c3bf DllGetClassObjectInternal+0x4a0eb CorDllMainForThunk-0x42410 clr+0x10f164 @ 0x7403f164 DllGetClassObjectInternal+0x2a4d4 CorDllMainForThunk-0x62027 clr+0xef54d @ 0x7401f54d DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x7404a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 01 8b 40 28 8b 00 6a 00 6a 00 6a 01 50 e8 01 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xae625b registers.esp: 107934080 registers.edi: 39142444 registers.eax: 38639192 registers.ebp: 107934092 registers.edx: 0 registers.ebx: 38883780 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 7, 2025, 2:11 p.m.	stacktrace: 0x4ceb84d 0x5e7d3fb 0x5e77a4e mscorlib+0xa3aba7 @ 0x72ffaba7 mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f mscorlib+0xa34d2d @ 0x72ff4d2d mscorlib+0xa362f1 @ 0x72ff62f1 mscorlib+0xa35383 @ 0x72ff5383 mscorlib+0xa3506f @ 0x72ff506f 0x5e77753 0x5fad84c mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0x34b4f2 @ 0x7290b4f2 mscorlib+0x34b466 @ 0x7290b466 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x34b13b @ 0x7290b13b mscorlib+0x30d3a5 @ 0x728cd3a5 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x4a153 CorDllMainForThunk-0x423a8 clr+0x10f1cc @ 0x7403f1cc LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x73fa7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x73fa7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x73fa7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x73f3c3bf DllGetClassObjectInternal+0x4a0eb CorDllMainForThunk-0x42410 clr+0x10f164 @ 0x7403f164 DllGetClassObjectInternal+0x2a4d4 CorDllMainForThunk-0x62027 clr+0xef54d @ 0x7401f54d DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x7404a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 01 8b 40 28 8b 00 6a 00 6a 00 6a 01 50 e8 01 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xae625b registers.esp: 107934080 registers.edi: 39143336 registers.eax: 38639192 registers.ebp: 107934092 registers.edx: 0 registers.ebx: 38883780 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 7, 2025, 2:11 p.m.	stacktrace: 0x4ceb84d 0x5e7d3fb 0x5e77a4e mscorlib+0xa3aba7 @ 0x72ffaba7 mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f mscorlib+0xa34d2d @ 0x72ff4d2d mscorlib+0xa362f1 @ 0x72ff62f1 mscorlib+0xa35383 @ 0x72ff5383 mscorlib+0xa3506f @ 0x72ff506f 0x5e77753 0x5fad84c mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0x34b4f2 @ 0x7290b4f2 mscorlib+0x34b466 @ 0x7290b466 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x34b13b @ 0x7290b13b mscorlib+0x30d3a5 @ 0x728cd3a5 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x4a153 CorDllMainForThunk-0x423a8 clr+0x10f1cc @ 0x7403f1cc LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x73fa7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x73fa7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x73fa7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x73f3c3bf DllGetClassObjectInternal+0x4a0eb CorDllMainForThunk-0x42410 clr+0x10f164 @ 0x7403f164 DllGetClassObjectInternal+0x2a4d4 CorDllMainForThunk-0x62027 clr+0xef54d @ 0x7401f54d DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x7404a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 01 8b 40 28 8b 00 6a 00 6a 00 6a 01 50 e8 01 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xae625b registers.esp: 107934080 registers.edi: 39144100 registers.eax: 38639192 registers.ebp: 107934092 registers.edx: 0 registers.ebx: 38883780 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 7, 2025, 2:11 p.m.	stacktrace: 0x4ceb84d 0x5e7d3fb 0x5e77a4e mscorlib+0xa3aba7 @ 0x72ffaba7 mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f mscorlib+0xa34d2d @ 0x72ff4d2d mscorlib+0xa362f1 @ 0x72ff62f1 mscorlib+0xa35383 @ 0x72ff5383 mscorlib+0xa3506f @ 0x72ff506f 0x5e77753 0x5fad84c mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f 0x5fad054 0x5fa8d54 0x5fa8b7c 0x5e7758d 0x4cef522 0x4cef47c mscorlib+0x34c181 @ 0x7290c181 mscorlib+0x34b466 @ 0x7290b466 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x34b13b @ 0x7290b13b mscorlib+0x30d3a5 @ 0x728cd3a5 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x4a153 CorDllMainForThunk-0x423a8 clr+0x10f1cc @ 0x7403f1cc LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x73fa7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x73fa7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x73fa7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x73f3c3bf DllGetClassObjectInternal+0x4a0eb CorDllMainForThunk-0x42410 clr+0x10f164 @ 0x7403f164 DllGetClassObjectInternal+0x2a4d4 CorDllMainForThunk-0x62027 clr+0xef54d @ 0x7401f54d DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x7404a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 01 8b 40 28 8b 00 6a 00 6a 00 6a 01 50 e8 01 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xae625b registers.esp: 104327696 registers.edi: 39164800 registers.eax: 38639192 registers.ebp: 104327708 registers.edx: 0 registers.ebx: 38864940 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 7, 2025, 2:11 p.m.	stacktrace: 0x4ceb84d 0x5e7d3fb 0x5e77a4e mscorlib+0xa3aba7 @ 0x72ffaba7 mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f mscorlib+0xa34d2d @ 0x72ff4d2d mscorlib+0xa362f1 @ 0x72ff62f1 mscorlib+0xa35383 @ 0x72ff5383 mscorlib+0xa3506f @ 0x72ff506f 0x5e77753 0x5fad84c mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f 0x5fad054 0x5fa8d54 0x5fa8b7c 0x5e7758d 0x4cef522 0x4cef47c mscorlib+0x34c181 @ 0x7290c181 mscorlib+0x34b466 @ 0x7290b466 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x34b13b @ 0x7290b13b mscorlib+0x30d3a5 @ 0x728cd3a5 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x4a153 CorDllMainForThunk-0x423a8 clr+0x10f1cc @ 0x7403f1cc LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x73fa7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x73fa7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x73fa7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x73f3c3bf DllGetClassObjectInternal+0x4a0eb CorDllMainForThunk-0x42410 clr+0x10f164 @ 0x7403f164 DllGetClassObjectInternal+0x2a4d4 CorDllMainForThunk-0x62027 clr+0xef54d @ 0x7401f54d DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x7404a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 01 8b 40 28 8b 00 6a 00 6a 00 6a 01 50 e8 01 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xae625b registers.esp: 104327696 registers.edi: 39165776 registers.eax: 38639192 registers.ebp: 104327708 registers.edx: 0 registers.ebx: 38864940 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 7, 2025, 2:11 p.m.	stacktrace: 0x4ceb84d 0x5e7d3fb 0x5e77a4e mscorlib+0xa3aba7 @ 0x72ffaba7 mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f mscorlib+0xa34d2d @ 0x72ff4d2d mscorlib+0xa362f1 @ 0x72ff62f1 mscorlib+0xa35383 @ 0x72ff5383 mscorlib+0xa3506f @ 0x72ff506f 0x5e77753 0x5fad84c mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f 0x5fad054 0x5fa8d54 0x5fa8b7c 0x5e7758d 0x4cef522 0x4cef47c mscorlib+0x34c181 @ 0x7290c181 mscorlib+0x34b466 @ 0x7290b466 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x34b13b @ 0x7290b13b mscorlib+0x30d3a5 @ 0x728cd3a5 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x4a153 CorDllMainForThunk-0x423a8 clr+0x10f1cc @ 0x7403f1cc LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x73fa7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x73fa7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x73fa7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x73f3c3bf DllGetClassObjectInternal+0x4a0eb CorDllMainForThunk-0x42410 clr+0x10f164 @ 0x7403f164 DllGetClassObjectInternal+0x2a4d4 CorDllMainForThunk-0x62027 clr+0xef54d @ 0x7401f54d DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x7404a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 01 8b 40 28 8b 00 6a 00 6a 00 6a 01 50 e8 01 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xae625b registers.esp: 104327696 registers.edi: 39166504 registers.eax: 38639192 registers.ebp: 104327708 registers.edx: 0 registers.ebx: 38864940 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 7, 2025, 2:11 p.m.	stacktrace: 0x4ceb84d 0x5e7d3fb 0x5e77a4e mscorlib+0xa3aba7 @ 0x72ffaba7 mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f mscorlib+0xa34d2d @ 0x72ff4d2d mscorlib+0xa362f1 @ 0x72ff62f1 mscorlib+0xa35383 @ 0x72ff5383 mscorlib+0xa3506f @ 0x72ff506f 0x5e77753 0x5fad84c mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f 0x5fad054 0x5fa8d54 0x5fa8b7c 0x5e7758d 0x4cef522 0x4cef47c mscorlib+0x34c181 @ 0x7290c181 mscorlib+0x34b466 @ 0x7290b466 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x34b13b @ 0x7290b13b mscorlib+0x30d3a5 @ 0x728cd3a5 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x4a153 CorDllMainForThunk-0x423a8 clr+0x10f1cc @ 0x7403f1cc LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x73fa7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x73fa7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x73fa7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x73f3c3bf DllGetClassObjectInternal+0x4a0eb CorDllMainForThunk-0x42410 clr+0x10f164 @ 0x7403f164 DllGetClassObjectInternal+0x2a4d4 CorDllMainForThunk-0x62027 clr+0xef54d @ 0x7401f54d DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x7404a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 01 8b 40 28 8b 00 6a 00 6a 00 6a 01 50 e8 01 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xae625b registers.esp: 104327696 registers.edi: 39167232 registers.eax: 38639192 registers.ebp: 104327708 registers.edx: 0 registers.ebx: 38864940 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 7, 2025, 2:11 p.m.	stacktrace: 0x4ceb84d 0x5e7d3fb 0x5e77a4e mscorlib+0xa3aba7 @ 0x72ffaba7 mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f mscorlib+0xa34d2d @ 0x72ff4d2d mscorlib+0xa362f1 @ 0x72ff62f1 mscorlib+0xa35383 @ 0x72ff5383 mscorlib+0xa3506f @ 0x72ff506f 0x5e77753 0x5fad84c mscorlib+0x34b4fd @ 0x7290b4fd mscorlib+0xa2c7fa @ 0x72fec7fa mscorlib+0xb57e81 @ 0x73117e81 mscorlib+0xa2c5f8 @ 0x72fec5f8 mscorlib+0xd4c010 @ 0x7330c010 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x382cf2 @ 0x72942cf2 mscorlib+0x34c5a2 @ 0x7290c5a2 mscorlib+0xa2bd74 @ 0x72febd74 mscorlib+0xa2be6f @ 0x72febe6f 0x5fad054 0x5fa8d54 0x5fa8b7c 0x5e7758d 0x4cef522 0x4cef47c mscorlib+0x34c181 @ 0x7290c181 mscorlib+0x34b466 @ 0x7290b466 mscorlib+0x34b429 @ 0x7290b429 mscorlib+0x3022a6 @ 0x728c22a6 mscorlib+0x34b2d2 @ 0x7290b2d2 mscorlib+0x34b1f7 @ 0x7290b1f7 mscorlib+0x34b13b @ 0x7290b13b mscorlib+0x30d3a5 @ 0x728cd3a5 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73f4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73f42e95 DllGetClassObjectInternal+0x4a153 CorDllMainForThunk-0x423a8 clr+0x10f1cc @ 0x7403f1cc LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x73fa7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x73fa7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x73fa7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x73f3c3bf DllGetClassObjectInternal+0x4a0eb CorDllMainForThunk-0x42410 clr+0x10f164 @ 0x7403f164 DllGetClassObjectInternal+0x2a4d4 CorDllMainForThunk-0x62027 clr+0xef54d @ 0x7401f54d DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x7404a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x757f33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 01 8b 40 28 8b 00 6a 00 6a 00 6a 01 50 e8 01 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xae625b registers.esp: 104327696 registers.edi: 39167980 registers.eax: 38639192 registers.ebp: 104327708 registers.edx: 0 registers.ebx: 38864940 registers.esi: 0 registers.ecx: 0	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 140 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 2097152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00740000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00900000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f32000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 262144 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00580000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00580000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00512000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00545000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0054b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00547000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00536000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0051a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0053a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00537000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 28672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008e1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008e9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008ea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008eb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00aef000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ae0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008ec000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ef0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 61440 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04ef1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bc1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bc2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bc3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bc4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bc5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bc6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bc7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ae1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:10 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bc8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:11 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bc9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:11 p.m.	process_identifier: 1648 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bca000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:11 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:11 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bce000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:11 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bcf000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:11 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:11 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d91000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:11 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d92000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:11 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d93000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:11 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d94000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:11 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 7, 2025, 2:11 p.m.	process_identifier: 1648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0051c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Steals private information from local Internet browsers (50 out of 113 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 39
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 38
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 35
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 34
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 37
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 36
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 31
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 30
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 33
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 32
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 28
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 29
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 22
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 23
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 20
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 21
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 26
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 27
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 24
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 25
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 59
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 58
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 53
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 52
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 51
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 50
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 57
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 56
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 55
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 54
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 3
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 2
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 1
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 0
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 7
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 6
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 5
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 4
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 9
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 8
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 48
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 49
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 40
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 41
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Profile 42

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Feb. 7, 2025, 2:11 p.m.	flags: 1158 family: 0	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00059600', u'virtual_address': u'0x00002000', u'entropy': 7.996420987461994, u'name': u'.text', u'virtual_size': u'0x000594b4'}

entropy

7.99642098746

description

A section with a high entropy has been found

entropy

0.994436717663

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Feb. 7, 2025, 2:10 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Communicates with host for which no DNS query was performed (1 event)

host

198.135.53.180

Attempts to identify installed AV products by installation directory (2 events)

file	C:\Users\test22\AppData\Local\AVAST Software\Browser\User Data
file	C:\Users\test22\AppData\Local\AVG\Browser\User Data

A process attempted to delay the analysis task. (1 event)

description

pure.exe tried to sleep 2728163 seconds, actually delayed analysis time by 2728163 seconds

Attempts to access Bitcoin/ALTCoin wallets (2 events)

file	C:\Users\test22\AppData\Roaming\Electrum\config
file	C:\Users\test22\AppData\Roaming\Electrum\wallets

Appends a known CryptoMix ransomware file extension to files that have been encrypted (1 event)

file	C:\Users\test22\AppData\Roaming\Exodus\exodus.wallet

File has been identified by 46 AntiVirus engines on VirusTotal as malicious (46 events)

Bkav	W32.AIDetectMalware.CS
Lionic	Trojan.Win32.Generic.4!c
tehtris	Generic.Malware
CAT-QuickHeal	cld.trojan.msil
Skyhigh	BehavesLike.Win32.Generic.fc
ALYac	Gen:Trojan.Mardom.MN.9
Cylance	Unsafe
VIPRE	Gen:Trojan.Mardom.MN.9
CrowdStrike	win/malicious_confidence_100% (W)
BitDefender	Gen:Trojan.Mardom.MN.9
K7GW	Trojan ( 005c0eb21 )
Arcabit	Trojan.Mardom.MN.9
VirIT	Trojan.Win32.MSIL_Heur.A
Symantec	Downloader
Elastic	malicious (high confidence)
ESET-NOD32	a variant of MSIL/GenKryptik.HGBG
APEX	Malicious
Avast	Win32:PWSX-gen [Trj]
Kaspersky	HEUR:Backdoor.MSIL.NanoBot.gen
Alibaba	Trojan:MSIL/GenKryptik.97f9951f
MicroWorld-eScan	Gen:Trojan.Mardom.MN.9
Rising	Malware.Obfus/MSIL@AI.100 (RDM.MSIL2:TaoLI+M3XJSQN3YGyNp43Q)
Emsisoft	Gen:Trojan.Mardom.MN.9 (B)
F-Secure	Trojan.TR/Dropper.Gen
McAfeeD	Real Protect-LS!E1408ABC6C49
Trapmine	malicious.moderate.ml.score
CTX	exe.trojan.msil
Sophos	Mal/Generic-S
SentinelOne	Static AI - Malicious PE
FireEye	Generic.mg.e1408abc6c49f683
Google	Detected
Avira	TR/Dropper.Gen
Kingsoft	MSIL.Trojan.Exnet.gen
Gridinsoft	Trojan.Win32.Kryptik.sa
Microsoft	PWS:MSIL/Dcstl!rfn
GData	Gen:Trojan.Mardom.MN.9
Varist	W32/MSIL_Kryptik.LYU.gen!Eldorado
AhnLab-V3	Trojan/Win.Leonem.C5727655
McAfee	Artemis!E1408ABC6C49
Malwarebytes	Trojan.Downloader
Ikarus	Trojan-Spy.MSIL.Agent
Tencent	Win32.Trojan.Dropper.Nzfl
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.AFN!tr
AVG	Win32:PWSX-gen [Trj]
alibabacloud	Trojan[dropper]:MSIL/Wacapew.C9nj

pure.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All