Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Feb. 10, 2025, 4:13 p.m.	Feb. 10, 2025, 4:17 p.m.

Size	1.7MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`0f2e0a4daa819b94536f513d8bb3bfe2`
SHA256	`8afc16be658f69754cc0654864ffed46c97a7558db0c39e0f2d5b870c1ff6e39`
CRC32	`63C081D0`
ssdeep	`49152:kvigLTTxYy9dxaAc73z4PQqLiy1jhDMBhKwnq2:kvi6hYy7YAI3ziLZA6wq`
Yara	themida_packer - themida packer PE_Header_Zero - PE File Signature IsPE32 - (no description) UPX_Zero - UPX packed file

Bjkm5hE.exe "C:\Users\test22\AppData\Local\Temp\Bjkm5hE.exe"
1028

Name	Response	Post-Analysis Lookup
t.me	A 149.154.167.99	149.154.167.99
steamcommunity.com	A 104.75.33.105	104.76.74.15

IP Address	Status	Action
104.75.33.105	Active	Moloch
149.154.167.99	Active	Moloch
164.124.101.2	Active	Moloch
95.217.25.45	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 95.217.25.45:443 -> 192.168.56.103:49171	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49165	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 95.217.25.45:443 -> 192.168.56.103:49192	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49176	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49164 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49164 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49194 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49194 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49162 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49162 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49194 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49162 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49174 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49174 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49164 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49174 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49198 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49198 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49198 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49175 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49175 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49175 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49185 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49185 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49185 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 149.154.167.99:443 -> 192.168.56.103:49200	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49186 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49186 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49186 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49178 -> 104.75.33.105:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49189 -> 104.75.33.105:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49211 -> 104.75.33.105:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49167 -> 104.75.33.105:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 95.217.25.45:443 -> 192.168.56.103:49182	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49187	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49196	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.103:49209	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 95.217.25.45:443 -> 192.168.56.103:49205	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.103:49208 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49208 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49208 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49195 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49195 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49195 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49199 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49199 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49199 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49202 -> 104.75.33.105:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49207 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49207 -> 149.154.167.99:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49207 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49164 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49198 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49194 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49208 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49174 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49186 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49185 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49175 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49195 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49207 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49199 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity
TCP 192.168.56.103:49162 -> 149.154.167.99:443	2041933	ET INFO Observed Telegram Domain (t .me in TLS SNI)	Misc activity

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49178 104.75.33.105:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49189 104.75.33.105:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49211 104.75.33.105:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49167 104.75.33.105:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83
TLSv1 192.168.56.103:49202 104.75.33.105:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	unknown=US, unknown=Washington, unknown=Private Organization, serialNumber=602 290 773, C=US, ST=Washington, L=Bellevue, O=Valve Corp, CN=store.steampowered.com	83:75:0b:54:d5:9e:34:40:6f:c2:2c:fc:be:5f:db:00:04:0d:d6:83

Queries for the computername (1 event)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameW Feb. 9, 2025, 1 p.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (50 out of 59 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Feb. 9, 2025, 1 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:01 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0
IsDebuggerPresent Feb. 9, 2025, 1:02 p.m.			0	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (6 events)

section	\x00
section	.idata
section
section	gfrqabhk
section	clsldkbz
section	.taggant

One or more processes crashed (50 out of 126 events)

Time & API	Arguments	Status
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: fb e9 4e 01 00 00 60 8b 74 24 24 8b 7c 24 28 fc exception.symbol: _UnhandledExceptionFilter@4+0x2acc2f bjkm5he+0x2bc0b9 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2867385 exception.address: 0x6bc0b9 registers.esp: 1638276 registers.edi: 0 registers.eax: 1 registers.ebp: 1638292 registers.edx: 8761344 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb e9 2f 02 00 00 2d 5b 0f 6e 7f e9 cd fc ff ff exception.symbol: _UnhandledExceptionFilter@4+0x1526c bjkm5he+0x246f6 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 149238 exception.address: 0x4246f6 registers.esp: 1638240 registers.edi: 4341102 registers.eax: 29811 registers.ebp: 3994361876 registers.edx: 4194304 registers.ebx: 4194554 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 52 c7 04 24 92 47 bd 75 e9 1d 07 00 00 5c 89 exception.symbol: _UnhandledExceptionFilter@4+0x14c94 bjkm5he+0x2411e exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 147742 exception.address: 0x42411e registers.esp: 1638244 registers.edi: 4370913 registers.eax: 29811 registers.ebp: 3994361876 registers.edx: 4194304 registers.ebx: 4194554 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb e9 3f 07 00 00 2d e6 57 75 3e 35 ca 04 47 90 exception.symbol: _UnhandledExceptionFilter@4+0x14a8c bjkm5he+0x23f16 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 147222 exception.address: 0x423f16 registers.esp: 1638244 registers.edi: 4370913 registers.eax: 3344061013 registers.ebp: 3994361876 registers.edx: 4194304 registers.ebx: 4294940604 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 1c 24 50 89 3c 24 bf 5b exception.symbol: _UnhandledExceptionFilter@4+0x15e4d bjkm5he+0x252d7 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 152279 exception.address: 0x4252d7 registers.esp: 1638240 registers.edi: 4370913 registers.eax: 27921 registers.ebp: 3994361876 registers.edx: 4344627 registers.ebx: 4294940604 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 57 e9 45 00 00 00 41 49 e9 b0 04 00 00 81 c2 exception.symbol: _UnhandledExceptionFilter@4+0x1578c bjkm5he+0x24c16 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 150550 exception.address: 0x424c16 registers.esp: 1638244 registers.edi: 4370913 registers.eax: 27921 registers.ebp: 3994361876 registers.edx: 4372548 registers.ebx: 4294940604 registers.esi: 3 registers.ecx: 1971388416	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 51 54 e9 18 fa ff ff 41 81 f1 09 e4 90 64 09 exception.symbol: _UnhandledExceptionFilter@4+0x15f87 bjkm5he+0x25411 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 152593 exception.address: 0x425411 registers.esp: 1638244 registers.edi: 4370913 registers.eax: 27921 registers.ebp: 3994361876 registers.edx: 4347372 registers.ebx: 4294940604 registers.esi: 0 registers.ecx: 240873	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 68 00 e2 ff 1b 89 14 24 ba 2d 9f f5 3f 81 ee exception.symbol: _UnhandledExceptionFilter@4+0x18f104 bjkm5he+0x19e58e exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1697166 exception.address: 0x59e58e registers.esp: 1638240 registers.edi: 4380965 registers.eax: 29311 registers.ebp: 3994361876 registers.edx: 4337005 registers.ebx: 126976 registers.esi: 5888929 registers.ecx: 1361969152	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 55 e9 ec fe ff ff 29 fd 8b 3c 24 81 c4 04 00 exception.symbol: _UnhandledExceptionFilter@4+0x18e9f8 bjkm5he+0x19de82 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1695362 exception.address: 0x59de82 registers.esp: 1638244 registers.edi: 4380965 registers.eax: 4294941348 registers.ebp: 3994361876 registers.edx: 4337005 registers.ebx: 604292951 registers.esi: 5918240 registers.ecx: 1361969152	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb e9 b8 00 00 00 81 f2 f3 5e ff 5f 01 d5 5a e9 exception.symbol: _UnhandledExceptionFilter@4+0x195471 bjkm5he+0x1a48fb exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1722619 exception.address: 0x5a48fb registers.esp: 1638244 registers.edi: 0 registers.eax: 134889 registers.ebp: 3994361876 registers.edx: 1944477567 registers.ebx: 5942261 registers.esi: 4294943580 registers.ecx: 95	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 81 ec 04 00 00 00 89 14 24 50 b8 c0 2f b9 4d exception.symbol: _UnhandledExceptionFilter@4+0x19c1e0 bjkm5he+0x1ab66a exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1750634 exception.address: 0x5ab66a registers.esp: 1638240 registers.edi: 0 registers.eax: 32600 registers.ebp: 3994361876 registers.edx: 427284595 registers.ebx: 35910662 registers.esi: 5942371 registers.ecx: 35910662	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb e9 27 00 00 00 01 c8 e9 9e 00 00 00 89 04 24 exception.symbol: _UnhandledExceptionFilter@4+0x19b892 bjkm5he+0x1aad1c exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1748252 exception.address: 0x5aad1c registers.esp: 1638244 registers.edi: 0 registers.eax: 0 registers.ebp: 3994361876 registers.edx: 202985 registers.ebx: 35910662 registers.esi: 5945551 registers.ecx: 35910662	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 ec 04 e9 00 00 00 00 exception.symbol: _UnhandledExceptionFilter@4+0x1a3a86 bjkm5he+0x1b2f10 exception.instruction: in eax, dx exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1781520 exception.address: 0x5b2f10 registers.esp: 1638236 registers.edi: 13250177 registers.eax: 1447909480 registers.ebp: 3994361876 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 5951916 registers.ecx: 20	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: 0f 3f 07 0b 64 8f 05 00 00 00 00 83 c4 04 83 fb exception.symbol: _UnhandledExceptionFilter@4+0x19e92e bjkm5he+0x1addb8 exception.address: 0x5addb8 exception.module: Bjkm5hE.exe exception.exception_code: 0xc000001d exception.offset: 1760696 registers.esp: 1638236 registers.edi: 13250177 registers.eax: 1 registers.ebp: 3994361876 registers.edx: 22104 registers.ebx: 0 registers.esi: 5951916 registers.ecx: 20	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: ed 81 fb 68 58 4d 56 75 0a c7 85 55 36 2d 12 01 exception.symbol: _UnhandledExceptionFilter@4+0x1a2cd9 bjkm5he+0x1b2163 exception.instruction: in eax, dx exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1778019 exception.address: 0x5b2163 registers.esp: 1638236 registers.edi: 13250177 registers.eax: 1447909480 registers.ebp: 3994361876 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 5951916 registers.ecx: 10	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 50 b8 d5 ab ff 39 2d 86 40 7d 6b e9 cf 01 00 exception.symbol: _UnhandledExceptionFilter@4+0x1a6689 bjkm5he+0x1b5b13 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1792787 exception.address: 0x5b5b13 registers.esp: 1638240 registers.edi: 13250177 registers.eax: 30366 registers.ebp: 3994361876 registers.edx: 2130566132 registers.ebx: 57715046 registers.esi: 10 registers.ecx: 5986047	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 56 81 ec 04 00 00 00 89 2c 24 c7 04 24 46 24 exception.symbol: _UnhandledExceptionFilter@4+0x1a6616 bjkm5he+0x1b5aa0 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1792672 exception.address: 0x5b5aa0 registers.esp: 1638244 registers.edi: 13250177 registers.eax: 30366 registers.ebp: 3994361876 registers.edx: 1392536160 registers.ebx: 57715046 registers.esi: 4294939980 registers.ecx: 6016413	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: cd 01 eb 00 0f 87 02 00 00 00 8b d7 8a d3 0f b7 exception.symbol: _UnhandledExceptionFilter@4+0x1a70b6 bjkm5he+0x1b6540 exception.instruction: int 1 exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000005 exception.offset: 1795392 exception.address: 0x5b6540 registers.esp: 1638204 registers.edi: 0 registers.eax: 1638204 registers.ebp: 3994361876 registers.edx: 1465659563 registers.ebx: 5989969 registers.esi: 3085908022 registers.ecx: 1673969170	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 55 c7 04 24 31 6c d7 5f f7 14 24 e9 9a 03 00 exception.symbol: _UnhandledExceptionFilter@4+0x1b6be6 bjkm5he+0x1c6070 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1859696 exception.address: 0x5c6070 registers.esp: 1638244 registers.edi: 8448343 registers.eax: 27446 registers.ebp: 3994361876 registers.edx: 6 registers.ebx: 6080356 registers.esi: 4294942760 registers.ecx: 0	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb e9 c8 fb ff ff 2d f1 ec dc 63 ff 34 24 e9 36 exception.symbol: _UnhandledExceptionFilter@4+0x1b7b48 bjkm5he+0x1c6fd2 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1863634 exception.address: 0x5c6fd2 registers.esp: 1638244 registers.edi: 8448343 registers.eax: 0 registers.ebp: 3994361876 registers.edx: 6059379 registers.ebx: 295304193 registers.esi: 1179202795 registers.ecx: 0	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 50 b8 c0 a9 70 47 01 c3 58 81 eb fc 2b bf 5f exception.symbol: _UnhandledExceptionFilter@4+0x1bcacf bjkm5he+0x1cbf59 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1883993 exception.address: 0x5cbf59 registers.esp: 1638232 registers.edi: 8448343 registers.eax: 32849 registers.ebp: 3994361876 registers.edx: 6059379 registers.ebx: 6076186 registers.esi: 1179202795 registers.ecx: 1475868015	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 50 52 e9 b6 06 00 00 f7 d6 81 f6 07 83 44 a3 exception.symbol: _UnhandledExceptionFilter@4+0x1bc452 bjkm5he+0x1cb8dc exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1882332 exception.address: 0x5cb8dc registers.esp: 1638236 registers.edi: 867049 registers.eax: 32849 registers.ebp: 3994361876 registers.edx: 0 registers.ebx: 6079315 registers.esi: 1179202795 registers.ecx: 1475868015	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 31 d2 ff 34 02 e9 f8 04 00 00 5c bb bc 1d 79 exception.symbol: _UnhandledExceptionFilter@4+0x1c1cb4 bjkm5he+0x1d113e exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1904958 exception.address: 0x5d113e registers.esp: 1638236 registers.edi: 867049 registers.eax: 6128052 registers.ebp: 3994361876 registers.edx: 2130566132 registers.ebx: 6079315 registers.esi: 1179202795 registers.ecx: 1361969152	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb e9 59 03 00 00 ff 34 24 8b 04 24 e9 1c 00 00 exception.symbol: _UnhandledExceptionFilter@4+0x1c1d21 bjkm5he+0x1d11ab exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1905067 exception.address: 0x5d11ab registers.esp: 1638236 registers.edi: 867049 registers.eax: 6128052 registers.ebp: 3994361876 registers.edx: 4294940684 registers.ebx: 84201 registers.esi: 1179202795 registers.ecx: 1361969152	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 31 d2 ff 34 16 ff 34 24 8b 3c 24 50 68 86 9a exception.symbol: _UnhandledExceptionFilter@4+0x1e0136 bjkm5he+0x1ef5c0 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2028992 exception.address: 0x5ef5c0 registers.esp: 1638204 registers.edi: 1971419604 registers.eax: 27155 registers.ebp: 3994361876 registers.edx: 2130566132 registers.ebx: 6218356 registers.esi: 6249739 registers.ecx: 1361969152	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 51 c7 04 24 41 d9 28 73 e9 11 01 00 00 8f 04 exception.symbol: _UnhandledExceptionFilter@4+0x1e01b7 bjkm5he+0x1ef641 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2029121 exception.address: 0x5ef641 registers.esp: 1638204 registers.edi: 76239952 registers.eax: 27155 registers.ebp: 3994361876 registers.edx: 4294942560 registers.ebx: 6218356 registers.esi: 6249739 registers.ecx: 1361969152	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 57 89 2c 24 c7 04 24 f9 21 fe 66 68 e1 51 95 exception.symbol: _UnhandledExceptionFilter@4+0x1e11c6 bjkm5he+0x1f0650 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2033232 exception.address: 0x5f0650 registers.esp: 1638204 registers.edi: 76239952 registers.eax: 6252732 registers.ebp: 3994361876 registers.edx: 1606799179 registers.ebx: 6218356 registers.esi: 6249739 registers.ecx: 1362773609	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 57 bf 1e 15 fe 3f e9 cd 01 00 00 ff 34 24 e9 exception.symbol: _UnhandledExceptionFilter@4+0x1e0f50 bjkm5he+0x1f03da exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2032602 exception.address: 0x5f03da registers.esp: 1638204 registers.edi: 0 registers.eax: 6228568 registers.ebp: 3994361876 registers.edx: 322689 registers.ebx: 6218356 registers.esi: 6249739 registers.ecx: 1362773609	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb e9 82 ff ff ff 89 04 24 89 e0 e9 34 05 00 00 exception.symbol: _UnhandledExceptionFilter@4+0x1e190a bjkm5he+0x1f0d94 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2035092 exception.address: 0x5f0d94 registers.esp: 1638200 registers.edi: 0 registers.eax: 6228941 registers.ebp: 3994361876 registers.edx: 322689 registers.ebx: 425936572 registers.esi: 6249739 registers.ecx: 1568017051	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb e9 90 00 00 00 29 da 51 89 04 24 52 ba 2a d8 exception.symbol: _UnhandledExceptionFilter@4+0x1e1c27 bjkm5he+0x1f10b1 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2035889 exception.address: 0x5f10b1 registers.esp: 1638204 registers.edi: 4294939396 registers.eax: 6259466 registers.ebp: 3994361876 registers.edx: 982329696 registers.ebx: 425936572 registers.esi: 6249739 registers.ecx: 1568017051	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 81 c1 5c 7c d0 1f e9 67 01 00 00 54 8f 04 24 exception.symbol: _UnhandledExceptionFilter@4+0x1e29b1 bjkm5he+0x1f1e3b exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2039355 exception.address: 0x5f1e3b registers.esp: 1638200 registers.edi: 4294939396 registers.eax: 30468 registers.ebp: 3994361876 registers.edx: 1035219247 registers.ebx: 304878366 registers.esi: 6249739 registers.ecx: 6233387	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 68 c4 d6 94 2a 89 34 24 53 89 24 24 83 04 24 exception.symbol: _UnhandledExceptionFilter@4+0x1e2ff9 bjkm5he+0x1f2483 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2040963 exception.address: 0x5f2483 registers.esp: 1638204 registers.edi: 4294939396 registers.eax: 30468 registers.ebp: 3994361876 registers.edx: 1035219247 registers.ebx: 304878366 registers.esi: 6249739 registers.ecx: 6263855	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 04 24 68 00 d5 bd 7f ff 34 24 e9 exception.symbol: _UnhandledExceptionFilter@4+0x1e340e bjkm5he+0x1f2898 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2042008 exception.address: 0x5f2898 registers.esp: 1638204 registers.edi: 4294939396 registers.eax: 4294939824 registers.ebp: 3994361876 registers.edx: 1459645024 registers.ebx: 304878366 registers.esi: 6249739 registers.ecx: 6263855	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 52 ba 39 94 5a 0b 81 c2 db 16 df 3f e9 e5 fa exception.symbol: _UnhandledExceptionFilter@4+0x1e7c1b bjkm5he+0x1f70a5 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2060453 exception.address: 0x5f70a5 registers.esp: 1638200 registers.edi: 6237174 registers.eax: 25914 registers.ebp: 3994361876 registers.edx: 6251973 registers.ebx: 6252904 registers.esi: 6236414 registers.ecx: 1969225870	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 31 c9 e9 0d 07 00 00 c1 e2 02 52 89 1c 24 51 exception.symbol: _UnhandledExceptionFilter@4+0x1e770a bjkm5he+0x1f6b94 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2059156 exception.address: 0x5f6b94 registers.esp: 1638204 registers.edi: 6237174 registers.eax: 25914 registers.ebp: 3994361876 registers.edx: 6251973 registers.ebx: 6278818 registers.esi: 6236414 registers.ecx: 1969225870	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 57 c7 04 24 0e 5a ae 47 e9 91 02 00 00 f7 d8 exception.symbol: _UnhandledExceptionFilter@4+0x1e799d bjkm5he+0x1f6e27 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2059815 exception.address: 0x5f6e27 registers.esp: 1638204 registers.edi: 4281631848 registers.eax: 25914 registers.ebp: 3994361876 registers.edx: 6251973 registers.ebx: 6278818 registers.esi: 6236414 registers.ecx: 4294944476	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 51 e9 79 00 00 00 52 89 e2 e9 d8 fe ff ff 29 exception.symbol: _UnhandledExceptionFilter@4+0x1e8962 bjkm5he+0x1f7dec exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2063852 exception.address: 0x5f7dec registers.esp: 1638200 registers.edi: 4281631848 registers.eax: 31056 registers.ebp: 3994361876 registers.edx: 811212438 registers.ebx: 6278818 registers.esi: 6256443 registers.ecx: 4294944476	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 52 c7 04 24 94 29 e7 2e e9 c6 f9 ff ff 51 b9 exception.symbol: _UnhandledExceptionFilter@4+0x1e8c85 bjkm5he+0x1f810f exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2064655 exception.address: 0x5f810f registers.esp: 1638204 registers.edi: 4294938976 registers.eax: 31056 registers.ebp: 3994361876 registers.edx: 811212438 registers.ebx: 24811 registers.esi: 6287499 registers.ecx: 4294944476	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 57 89 04 24 89 14 24 e9 4e 06 00 00 59 81 ec exception.symbol: _UnhandledExceptionFilter@4+0x1eb885 bjkm5he+0x1fad0f exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2075919 exception.address: 0x5fad0f registers.esp: 1638200 registers.edi: 4294938976 registers.eax: 6269468 registers.ebp: 3994361876 registers.edx: 2054696193 registers.ebx: 1883181312 registers.esi: 6287499 registers.ecx: 1146871569	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 51 e9 c2 00 00 00 89 3c 10 ff 34 24 8b 3c 24 exception.symbol: _UnhandledExceptionFilter@4+0x1eb938 bjkm5he+0x1fadc2 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2076098 exception.address: 0x5fadc2 registers.esp: 1638204 registers.edi: 4294938976 registers.eax: 6300082 registers.ebp: 3994361876 registers.edx: 4294939788 registers.ebx: 1883181312 registers.esi: 2419030 registers.ecx: 1146871569	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 51 57 53 c7 04 24 2b 07 dd 42 5f e9 28 00 00 exception.symbol: _UnhandledExceptionFilter@4+0x1ecf97 bjkm5he+0x1fc421 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2081825 exception.address: 0x5fc421 registers.esp: 1638204 registers.edi: 4294938976 registers.eax: 32145 registers.ebp: 3994361876 registers.edx: 6305183 registers.ebx: 1883181312 registers.esi: 2419030 registers.ecx: 1146871569	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 83 ec 04 89 34 24 89 2c 24 c7 04 24 b8 4a f2 exception.symbol: _UnhandledExceptionFilter@4+0x1ecf25 bjkm5he+0x1fc3af exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2081711 exception.address: 0x5fc3af registers.esp: 1638204 registers.edi: 4294938976 registers.eax: 32145 registers.ebp: 3994361876 registers.edx: 6276283 registers.ebx: 0 registers.esi: 2419030 registers.ecx: 3939837675	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 81 c2 16 a1 b7 67 81 ea 01 30 f7 4f 03 14 24 exception.symbol: _UnhandledExceptionFilter@4+0x1f3de5 bjkm5he+0x20326f exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2110063 exception.address: 0x60326f registers.esp: 1638200 registers.edi: 300600031 registers.eax: 28560 registers.ebp: 3994361876 registers.edx: 6304283 registers.ebx: 2147483650 registers.esi: 6284643 registers.ecx: 1361969152	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 29 db e9 00 00 00 00 ff 34 1a e9 52 fb ff ff exception.symbol: _UnhandledExceptionFilter@4+0x1f4791 bjkm5he+0x203c1b exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2112539 exception.address: 0x603c1b registers.esp: 1638204 registers.edi: 300600031 registers.eax: 28560 registers.ebp: 3994361876 registers.edx: 6332843 registers.ebx: 2147483650 registers.esi: 6284643 registers.ecx: 1361969152	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 68 bf df 28 5d 89 14 24 c7 04 24 60 5f ef 3f exception.symbol: _UnhandledExceptionFilter@4+0x1f3f64 bjkm5he+0x2033ee exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2110446 exception.address: 0x6033ee registers.esp: 1638204 registers.edi: 300600031 registers.eax: 28560 registers.ebp: 3994361876 registers.edx: 6332843 registers.ebx: 4294941308 registers.esi: 6284643 registers.ecx: 322689	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 68 ef 79 c8 45 89 1c 24 68 20 9c 6f 2b 5b 81 exception.symbol: _UnhandledExceptionFilter@4+0x207152 bjkm5he+0x2165dc exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2188764 exception.address: 0x6165dc registers.esp: 1638200 registers.edi: 6382136 registers.eax: 32739 registers.ebp: 3994361876 registers.edx: 2130566132 registers.ebx: 1969225702 registers.esi: 6308288 registers.ecx: 0	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb e9 7d f6 ff ff 31 c8 59 51 83 ec 04 89 14 24 exception.symbol: _UnhandledExceptionFilter@4+0x207985 bjkm5he+0x216e0f exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2190863 exception.address: 0x616e0f registers.esp: 1638204 registers.edi: 6385387 registers.eax: 32739 registers.ebp: 3994361876 registers.edx: 6089047 registers.ebx: 0 registers.esi: 6308288 registers.ecx: 0	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 53 bb fa 28 fc 7d 81 f3 0a 8b 3b 12 81 c2 d6 exception.symbol: _UnhandledExceptionFilter@4+0x2125a8 bjkm5he+0x221a32 exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2234930 exception.address: 0x621a32 registers.esp: 1638200 registers.edi: 6405859 registers.eax: 27714 registers.ebp: 3994361876 registers.edx: 6427095 registers.ebx: 6386894 registers.esi: 3784684 registers.ecx: 1361969152	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 29 ff e9 b6 ff ff ff 81 c6 54 c0 ff 7f 52 ba exception.symbol: _UnhandledExceptionFilter@4+0x212532 bjkm5he+0x2219bc exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2234812 exception.address: 0x6219bc registers.esp: 1638204 registers.edi: 6405859 registers.eax: 27714 registers.ebp: 3994361876 registers.edx: 6454809 registers.ebx: 6386894 registers.esi: 3784684 registers.ecx: 1361969152	1
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: fb 50 89 2c 24 57 89 14 24 53 bb 80 80 ff 7d ba exception.symbol: _UnhandledExceptionFilter@4+0x2125e1 bjkm5he+0x221a6b exception.instruction: sti exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 2234987 exception.address: 0x621a6b registers.esp: 1638204 registers.edi: 4294942140 registers.eax: 27714 registers.ebp: 3994361876 registers.edx: 6454809 registers.ebx: 322689 registers.esi: 3784684 registers.ecx: 1361969152	1

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

GET method with no useragent header

suspicious_request

GET https://steamcommunity.com/profiles/76561199824159981

Performs some HTTP requests (1 event)

request

GET https://steamcommunity.com/profiles/76561199824159981

Allocates read-write-execute memory (usually to unpack itself) (34 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7793f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x778b0000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 57344 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00401000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04370000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04380000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04390000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04400000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04410000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04420000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04430000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04480000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04490000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x044a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Feb. 9, 2025, 1 p.m.	process_identifier: 1028 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x043a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

A process attempted to delay the analysis task. (1 event)

description

Bjkm5hE.exe tried to sleep 1058 seconds, actually delayed analysis time by 1058 seconds

The binary likely contains encrypted or compressed data indicative of a packer (3 events)

section

{u'size_of_data': u'0x0000d800', u'virtual_address': u'0x00001000', u'entropy': 7.982406746704413, u'name': u' \\x00 ', u'virtual_size': u'0x0001f000'}

entropy

7.9824067467

description

A section with a high entropy has been found

section

{u'size_of_data': u'0x0019d600', u'virtual_address': u'0x002bc000', u'entropy': 7.9533685445578595, u'name': u'gfrqabhk', u'virtual_size': u'0x0019e000'}

entropy

7.95336854456

description

A section with a high entropy has been found

entropy

0.993310063991

description

Overall entropy of this PE file is high

Expresses interest in specific running processes (1 event)

process

system

Communicates with host for which no DNS query was performed (1 event)

host

95.217.25.45

Checks for the presence of known devices from debuggers and forensic tools (3 events)

file	\??\SICE
file	\??\SIWVID
file	\??\NTICE

Checks for the presence of known windows from debuggers and forensic tools (50 out of 341 events)

Time & API	Arguments	Status	Return	Repeated
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: RegmonClass window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: #0 window_name: Registry Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: FilemonClass window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: #0 window_name: File Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: #0 window_name: Process Monitor - Sysinternals: www.sysinternals.com		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 9, 2025, 1 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: 18467-41 window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: Filemonclass window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: PROCMON_WINDOW_CLASS window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: OLLYDBG window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: GBDYLLO window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: pediy06 window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: Regmonclass window_name:		0	0
FindWindowA Feb. 9, 2025, 1:01 p.m.	class_name: 18467-41 window_name:		0	0

Checks the version of Bios, possibly for anti-virtualization (2 events)

registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
registry	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

Network activity contains more than one unique useragent (2 events)

process	Bjkm5hE.exe				useragent
process	Bjkm5hE.exe				useragent	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:136.0) Gecko/20100101 Firefox/136.0

Detects VMWare through the in instruction feature (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ Feb. 9, 2025, 1 p.m.	stacktrace: exception.instruction_r: ed 64 8f 05 00 00 00 00 83 ec 04 e9 00 00 00 00 exception.symbol: _UnhandledExceptionFilter@4+0x1a3a86 bjkm5he+0x1b2f10 exception.instruction: in eax, dx exception.module: Bjkm5hE.exe exception.exception_code: 0xc0000096 exception.offset: 1781520 exception.address: 0x5b2f10 registers.esp: 1638236 registers.edi: 13250177 registers.eax: 1447909480 registers.ebp: 3994361876 registers.edx: 22104 registers.ebx: 1971327157 registers.esi: 5951916 registers.ecx: 20	1	0	0

File has been identified by 44 AntiVirus engines on VirusTotal as malicious (44 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Stealerc.1m!c
tehtris	Generic.Malware
CTX	exe.trojan.stealerc
Skyhigh	BehavesLike.Win32.Themida.tc
Cylance	Unsafe
VIPRE	Gen:Variant.Zusy.576277
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
K7GW	Trojan ( 00587f0f1 )
K7AntiVirus	Trojan ( 00587f0f1 )
Symantec	Trojan Horse
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.Themida.HZB
APEX	Malicious
Paloalto	generic.ml
Cynet	Malicious (score: 99)
Alibaba	TrojanPSW:Win32/Stealerc.fc6f667c
NANO-Antivirus	Trojan.Win32.Stealerc.kvnrcp
MicroWorld-eScan	Gen:Variant.Zusy.576277
Rising	Trojan.Agent!1.127DE (CLASSIC)
Emsisoft	Gen:Variant.Zusy.576277 (B)
F-Secure	Heuristic.HEUR/AGEN.1314794
DrWeb	Trojan.PWS.Stealer.42122
McAfeeD	Real Protect-LS!0F2E0A4DAA81
Trapmine	malicious.high.ml.score
Sophos	Mal/Stealc-B
SentinelOne	Static AI - Malicious PE
Avira	HEUR/AGEN.1314794
Antiy-AVL	Trojan[Packed]/Win32.Themida
Kingsoft	Win32.Trojan-PSW.Stealerc.gen
Gridinsoft	Spy.Win32.Vidar.tr
Xcitium	Malware@#2tzaiwlvvn9qy
Arcabit	Trojan.Zusy.D8CB15
ViRobot	Trojan.Win.Z.Zusy.1764352.B
Microsoft	Trojan:Win32/Vigorf.A
Google	Detected
AhnLab-V3	Trojan/Win.MalwareX-gen.R691620
Malwarebytes	Trojan.MalPack
Ikarus	Trojan.Crypt
Zoner	Probably Heur.ExeHeaderL
Tencent	Malware.Win32.Gencirc.1431aa4d
DeepInstinct	MALICIOUS
alibabacloud	Trojan[stealer]:Win/Stealerc.prQ

Bjkm5hE.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All