Summary | ZeroBOX

Category	Machine	Started	Completed
URL	s1_win7_x6401	March 17, 2021, 9:14 a.m.	March 17, 2021, 9:16 a.m.

URL	http://lunasier.tistory.com/

iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" http://lunasier.tistory.com/
1556
- iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1556 CREDAT:145409
  584

Name	Response	Post-Analysis Lookup
cdn.cloudimagesb.com	A 213.174.135.2 A 213.174.135.1 CNAME cdn10236888.ahacdn.me	213.174.135.1
adro.pro	CNAME adserver-2084671375.us-east-1.elb.amazonaws.com A 18.205.91.216 A 52.201.162.15 A 52.203.234.71	52.201.162.15
www.googletagmanager.com	CNAME www-googletagmanager.l.google.com A 172.217.25.8	172.217.25.104
xml.pdn-1.com	A 173.239.53.32 CNAME adventurefeeds.xml.ak-is2.net	173.239.53.32
inflationbreedinghoax.com	A 192.243.59.12 A 192.243.59.20 A 192.243.59.13	192.243.59.20
rqhere2.com	A 167.99.3.175	167.99.3.175
www.google-analytics.com	CNAME www-google-analytics.l.google.com A 216.58.200.78	216.58.197.238
batteryfirmimage.com	A 192.243.59.12 A 192.243.59.20 A 192.243.59.13	192.243.59.12
lunasier.tistory.com	A 211.231.99.250	211.231.99.250
i1.daumcdn.net	A 211.231.100.117 A 203.217.238.37 A 203.217.238.40	203.217.238.37
www.displaynetworkprofit.com	A 192.243.59.12 A 192.243.59.20 A 192.243.59.13	192.243.59.20
tistory4.daumcdn.net	CNAME t1.int.daumcdn.net A 211.249.219.23 A 121.53.85.3 A 121.53.202.238 A 121.53.218.30 A 121.53.201.236 A 211.231.99.68	121.53.218.30
tsyndicate.com	A 136.243.80.153	136.243.46.156
developers.kakao.com	CNAME developers.gl.kakao.com A 121.53.104.157	121.53.104.157
webid.ad.daum.net	A 121.53.104.76	121.53.104.76
jamsoulsfriday.com	A 192.243.59.12 A 192.243.59.20 A 192.243.59.13	192.243.59.12
t1.daumcdn.net	A 121.53.218.30 CNAME t1-wg2vgaja.kgslb.com	23.211.117.43
search1.daumcdn.net	A 121.53.218.25 CNAME search-xi6mgp35.kgslb.com	121.53.206.166
www.displaycontentnetwork.com	A 192.243.59.12 A 192.243.59.20 A 192.243.59.13	192.243.59.20
adfpoint.com	A 159.89.235.229	159.89.235.229
risoskin.click	A 151.80.78.45	82.117.252.9
liberumo.com	A 5.45.76.15	5.45.76.15

IP Address	Status	Action
117.18.232.200	Active	Moloch
121.53.104.157	Active	Moloch
121.53.104.76	Active	Moloch
121.53.201.236	Active	Moloch
121.53.218.25	Active	Moloch
121.53.218.30	Active	Moloch
136.243.80.153	Active	Moloch
151.80.78.45	Active	Moloch
159.89.235.229	Active	Moloch
164.124.101.2	Active	Moloch
167.99.3.175	Active	Moloch
172.217.25.8	Active	Moloch
173.239.53.32	Active	Moloch
18.205.91.216	Active	Moloch
192.243.59.12	Active	Moloch
192.243.59.13	Active	Moloch
211.231.100.117	Active	Moloch
211.231.99.250	Active	Moloch
213.174.135.1	Active	Moloch
216.58.200.78	Active	Moloch
5.45.76.15	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49213 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49215 -> 121.53.201.236:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49206 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49216 -> 121.53.201.236:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49207 -> 172.217.25.8:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49222 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49219 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49209 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 211.231.99.250:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49214 -> 121.53.201.236:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49218 -> 121.53.104.157:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49210 -> 172.217.25.8:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49233 -> 216.58.200.78:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49230 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49211 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49228 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49224 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 121.53.104.157:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49229 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49225 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49212 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49234 -> 216.58.200.78:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49208 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49220 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49221 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49227 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49226 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49231 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49242 -> 211.231.100.117:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49243 -> 192.243.59.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49236 -> 211.231.100.117:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49240 -> 121.53.218.25:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49246 -> 211.231.100.117:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49247 -> 211.231.100.117:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49239 -> 211.231.100.117:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49249 -> 192.243.59.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49254 -> 192.243.59.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49255 -> 192.243.59.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49237 -> 211.231.100.117:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49241 -> 121.53.218.25:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49244 -> 192.243.59.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49257 -> 121.53.104.76:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49235 -> 211.231.100.117:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49238 -> 211.231.100.117:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49261 -> 213.174.135.1:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49245 -> 211.231.100.117:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49248 -> 192.243.59.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49281 -> 151.80.78.45:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49250 -> 192.243.59.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49280 -> 136.243.80.153:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49258 -> 121.53.104.76:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49282 -> 151.80.78.45:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49260 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49251 -> 192.243.59.12:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49262 -> 213.174.135.1:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49279 -> 136.243.80.153:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49264 -> 192.243.59.13:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49256 -> 211.231.99.250:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49259 -> 121.53.218.30:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49265 -> 192.243.59.13:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49269 -> 5.45.76.15:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49268 -> 5.45.76.15:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49286 -> 117.18.232.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49287 -> 117.18.232.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 117.18.232.200:443 -> 192.168.56.101:49288	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 211.231.99.250:80 -> 192.168.56.101:49204	2221010	SURICATA HTTP unable to match response to request	Generic Protocol Command Decode

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49213 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49215 121.53.201.236:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49216 121.53.201.236:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49206 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49207 172.217.25.8:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com	9f:79:af:78:51:20:cb:62:11:e2:84:23:17:87:b4:74:95:3d:ee:92
TLSv1 192.168.56.101:49222 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49219 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49209 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49205 211.231.99.250:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.tistory.com	dd:99:44:94:85:43:e9:97:1b:1b:68:34:44:68:07:fb:70:a4:c8:a5
TLSv1 192.168.56.101:49214 121.53.201.236:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49218 121.53.104.157:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.kakao.com	9d:35:ac:0f:7a:58:0e:f7:fb:a1:27:2d:52:d7:7a:36:b0:a6:f9:50
TLSv1 192.168.56.101:49210 172.217.25.8:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com	9f:79:af:78:51:20:cb:62:11:e2:84:23:17:87:b4:74:95:3d:ee:92
TLSv1 192.168.56.101:49233 216.58.200.78:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com	9f:79:af:78:51:20:cb:62:11:e2:84:23:17:87:b4:74:95:3d:ee:92
TLSv1 192.168.56.101:49230 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49211 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49228 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49224 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49217 121.53.104.157:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.kakao.com	9d:35:ac:0f:7a:58:0e:f7:fb:a1:27:2d:52:d7:7a:36:b0:a6:f9:50
TLSv1 192.168.56.101:49229 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49225 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49212 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49234 216.58.200.78:443	C=US, O=Google Trust Services, CN=GTS CA 1O1	C=US, ST=California, L=Mountain View, O=Google LLC, CN=*.google-analytics.com	9f:79:af:78:51:20:cb:62:11:e2:84:23:17:87:b4:74:95:3d:ee:92
TLSv1 192.168.56.101:49208 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49220 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49221 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49227 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49226 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49231 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49242 211.231.100.117:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49243 192.243.59.12:443	C=US, O=Let's Encrypt, CN=R3	CN=displaycontentnetwork.com	ba:ef:ca:60:76:b1:dc:3a:95:97:5b:ca:d6:60:d6:c9:69:13:38:e8
TLSv1 192.168.56.101:49236 211.231.100.117:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49240 121.53.218.25:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49246 211.231.100.117:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49247 211.231.100.117:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49239 211.231.100.117:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49249 192.243.59.12:443	C=US, O=Let's Encrypt, CN=R3	CN=batteryfirmimage.com	fb:67:8b:23:92:ff:f8:6a:5e:d8:ea:b5:a4:73:44:a5:4d:cd:ac:72
TLSv1 192.168.56.101:49254 192.243.59.12:443	C=US, O=Let's Encrypt, CN=R3	CN=jamsoulsfriday.com	6c:f7:24:34:14:3c:70:50:14:53:24:a7:4e:90:b2:e3:69:16:a2:92
TLSv1 192.168.56.101:49255 192.243.59.12:443	C=US, O=Let's Encrypt, CN=R3	CN=jamsoulsfriday.com	6c:f7:24:34:14:3c:70:50:14:53:24:a7:4e:90:b2:e3:69:16:a2:92
TLSv1 192.168.56.101:49237 211.231.100.117:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49241 121.53.218.25:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49244 192.243.59.12:443	C=US, O=Let's Encrypt, CN=R3	CN=displaycontentnetwork.com	ba:ef:ca:60:76:b1:dc:3a:95:97:5b:ca:d6:60:d6:c9:69:13:38:e8
TLSv1 192.168.56.101:49257 121.53.104.76:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=webid.kakao.com	cd:c3:bd:f5:8b:dc:27:3b:a4:60:3f:25:7d:be:69:79:c7:2f:4f:6d
TLSv1 192.168.56.101:49235 211.231.100.117:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49238 211.231.100.117:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49261 213.174.135.1:443	C=US, O=Let's Encrypt, CN=R3	CN=cdn.cloudimagesb.com	50:33:09:0c:93:44:23:e4:ec:7e:2e:61:3b:8e:3a:8b:79:58:c8:64
TLSv1 192.168.56.101:49245 211.231.100.117:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49248 192.243.59.12:443	C=US, O=Let's Encrypt, CN=R3	CN=batteryfirmimage.com	fb:67:8b:23:92:ff:f8:6a:5e:d8:ea:b5:a4:73:44:a5:4d:cd:ac:72
TLSv1 192.168.56.101:49281 151.80.78.45:443	C=US, O=Let's Encrypt, CN=R3	CN=risoskin.click	9f:7b:1e:10:22:a6:96:8f:ca:2e:23:7d:eb:aa:ce:da:da:df:04:2c
TLSv1 192.168.56.101:49250 192.243.59.12:443	C=US, O=Let's Encrypt, CN=R3	CN=displaynetworkprofit.com	a8:ec:51:3c:6c:3a:88:a4:57:09:53:01:4b:49:8a:bb:05:9e:43:a9
TLSv1 192.168.56.101:49280 136.243.80.153:443	C=US, O=Let's Encrypt, CN=R3	CN=tsyndicate.com	60:61:ec:c2:af:fa:7b:fe:eb:3a:33:91:0a:a5:09:69:e5:73:68:52
TLSv1 192.168.56.101:49258 121.53.104.76:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=webid.kakao.com	cd:c3:bd:f5:8b:dc:27:3b:a4:60:3f:25:7d:be:69:79:c7:2f:4f:6d
TLSv1 192.168.56.101:49282 151.80.78.45:443	C=US, O=Let's Encrypt, CN=R3	CN=risoskin.click	9f:7b:1e:10:22:a6:96:8f:ca:2e:23:7d:eb:aa:ce:da:da:df:04:2c
TLSv1 192.168.56.101:49260 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49251 192.243.59.12:443	C=US, O=Let's Encrypt, CN=R3	CN=displaynetworkprofit.com	a8:ec:51:3c:6c:3a:88:a4:57:09:53:01:4b:49:8a:bb:05:9e:43:a9
TLSv1 192.168.56.101:49262 213.174.135.1:443	C=US, O=Let's Encrypt, CN=R3	CN=cdn.cloudimagesb.com	50:33:09:0c:93:44:23:e4:ec:7e:2e:61:3b:8e:3a:8b:79:58:c8:64
TLSv1 192.168.56.101:49279 136.243.80.153:443	C=US, O=Let's Encrypt, CN=R3	CN=tsyndicate.com	60:61:ec:c2:af:fa:7b:fe:eb:3a:33:91:0a:a5:09:69:e5:73:68:52
TLSv1 192.168.56.101:49264 192.243.59.13:443	C=US, O=Let's Encrypt, CN=R3	CN=inflationbreedinghoax.com	b3:d8:2e:51:a1:ee:fd:7c:a0:23:b1:47:3f:21:38:ec:be:58:3c:e2
TLSv1 192.168.56.101:49256 211.231.99.250:443	None	None	None
TLSv1 192.168.56.101:49259 121.53.218.30:443	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	C=KR, ST=Jeju-do, L=Jeju-si, O=Kakao Corp., CN=*.daumcdn.net	8e:48:d9:fb:5c:0b:bf:8b:d6:4d:2b:c9:3c:12:e6:41:eb:2b:49:24
TLSv1 192.168.56.101:49265 192.243.59.13:443	C=US, O=Let's Encrypt, CN=R3	CN=inflationbreedinghoax.com	b3:d8:2e:51:a1:ee:fd:7c:a0:23:b1:47:3f:21:38:ec:be:58:3c:e2
TLSv1 192.168.56.101:49269 5.45.76.15:443	C=US, O=Let's Encrypt, CN=R3	CN=liberumo.com	bb:a5:df:ea:be:16:93:d0:34:b9:cc:11:d6:9c:58:cd:9f:d7:11:e9
TLSv1 192.168.56.101:49268 5.45.76.15:443	C=US, O=Let's Encrypt, CN=R3	CN=liberumo.com	bb:a5:df:ea:be:16:93:d0:34:b9:cc:11:d6:9c:58:cd:9f:d7:11:e9

One or more processes crashed (1 event)

Time & API	Arguments	Status	Return	Repeated
__exception__ March 17, 2021, 9:15 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd6da49d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff1673c3 ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7feff2c43bf IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7feff185295 I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7feff182799 Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7feff22af1e Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7feff22b76c NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7feff1848d6 CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7feff3f0883 CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7feff3f0ccd CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7feff3f0c43 CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7feff2aa4f0 GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7feff2bd551 CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7feff3f347e CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7feff3f122b CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7feff3f3542 GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7feff2bd42d GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7feff2bd1d6 TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x770d9bd1 TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x770d98da GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7feff2bd0ab CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7feff3e3e57 ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7feff290106 ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7feff290182 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 42141 exception.address: 0x7fefd6da49d registers.r14: 0 registers.r15: 0 registers.rcx: 103276992 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 103282944 registers.r11: 103278752 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1895841267 registers.r13: 0	1	0	0

Time & API

Arguments

Status

Return

Repeated

__exception__

March 17, 2021, 9:15 a.m.

stacktrace:

RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd6da49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff1673c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7feff2c43bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7feff185295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7feff182799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7feff22af1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7feff22b76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7feff1848d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7feff3f0883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7feff3f0ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7feff3f0c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7feff2aa4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7feff2bd551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7feff3f347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7feff3f122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7feff3f3542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7feff2bd42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7feff2bd1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x770d9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x770d98da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7feff2bd0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7feff3e3e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7feff290106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7feff290182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00
exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 42141
exception.address: 0x7fefd6da49d
registers.r14: 0
registers.r15: 0
registers.rcx: 103276992
registers.rsi: 0
registers.r10: 0
registers.rbx: 0
registers.rsp: 103282944
registers.r11: 103278752
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1895841267
registers.r13: 0

Performs some HTTP requests (50 out of 74 events)

request	GET http://lunasier.tistory.com/
request	GET http://adfpoint.com/api/v1/cs?authkey=ZP9Zi0ySu5HhKn&subid=151840150094332&kw=pop&ref=https://www.trafficmanagersystem.com/
request	GET http://adfpoint.com/favicon.ico
request	GET http://rqhere2.com/api/v1/cscheck?impId=f4e902de6434542943bec69fe280a2bda1280ea7
request	GET http://xml.pdn-1.com/redirect?feed=278636&auth=WTnlA6&subid=filkif&query=filkif
request	GET http://adro.pro/ad/ad?p=198473&w=579437&d=5cb4b26fd7c8ead93fd2-1596098535579437&s=289937.131542
request	GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
request	GET https://lunasier.tistory.com/
request	GET https://t1.daumcdn.net/tistory_admin/lib/lightbox/css/lightbox.min.css
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/style/content/content.css?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://tistory4.daumcdn.net/tistory/1764101/skin/style.css?_T_=1614007273
request	GET https://tistory4.daumcdn.net/tistory/1764101/skin/images/font.css
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/plugins/A_ShareEntryWithSNS/css/shareEntryWithSNS.css?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://developers.kakao.com/sdk/js/kakao.min.js
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/script/reaction/reaction-button-container.min.js?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/style/content/font.css?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/plugins/TistoryProfileLayer/style.css?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/script/_/base.js?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/plugins/TistoryProfileLayer/profile.js?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://t1.daumcdn.net/tistory_admin/lib/jquery/jquery-3.2.1.min.js
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/style/dialog.css?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://t1.daumcdn.net/tistory_admin/lib/lightbox/js/lightbox-plus-jquery.min.js
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/style/postBtn.css?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://t1.daumcdn.net/tistory_admin/www/style/top/font.css
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/style/component/tistory.css?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/script/blog/common.js?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://t1.daumcdn.net/tistory_admin/static/manage/images/r3/default_L.png
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/plugins/A_ShareEntryWithSNS/script/shareEntryWithSNS.js?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://www.google-analytics.com/analytics.js
request	GET https://t1.daumcdn.net/tistory_admin/static/font/notokr-regular.woff
request	GET https://t1.daumcdn.net/tistory_admin/static/font/notokr-demilight.woff
request	GET https://t1.daumcdn.net/tistory_admin/static/font/notokr-bold.woff
request	GET https://tistory4.daumcdn.net/tistory/1764101/skin/images/script.js
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/plugins/PreventCopyContents/js/functions.js?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://t1.daumcdn.net/tiara/js/v1/tiara.min.js
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/script/tiara/tiara.min.js?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://t1.daumcdn.net/midas/rt/dk_bt/roosevelt_dk_bt.js
request	GET https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/script/menubar.min.js?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/bFXdKP/btqzkapnRPa/FDz4gMa6CWWC5aVmQefIqK/img.jpg
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/ba2XgH/btqzk7dUBcT/Q74CxuAxdGQ3TXQJy6UEzK/img.jpg
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/CjJ87/btqzkRbi3sh/dx4iIMU5WKzfl1kr7DrgRK/img.jpg
request	GET https://search1.daumcdn.net/search/statics/common/js/g/search_dragselection.min.js
request	GET https://tistory4.daumcdn.net/tistory/1764101/skin/images/ico_skin.gif
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/mJlIz/btqzkCyFZE5/ByZYT0GG5gHDWYyEvKyRz0/img.jpg
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/ywmPk/btqzkCk9U4G/71DM6RbXPbMkdTGETMHxV0/img.jpg
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/cpH90o/btqzkPq2goA/wAq9sMhxCLgc4KKQQpH7O1/img.jpg
request	GET https://www.displaycontentnetwork.com/b7a617d584d3e0d6a3d2687143bc217d/invoke.js
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/cbrADS/btqzlkD8JcB/WFosqzKikgGKjpDupBOu8k/img.jpg
request	GET https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/bEAS4d/btqzl5GtXWe/9nDyJsdbfwKBlsKDkNvW01/img.png
request	GET https://batteryfirmimage.com/watch.702052560357?key=b7a617d584d3e0d6a3d2687143bc217d&kw=%5B%22classic%22%2C%22music%22%2C%22blog%22%5D&refer=https%3A%2F%2Flunasier.tistory.com%2F&tz=9&dev=r&res=11.0&uuid=

Allocates read-write-execute memory (usually to unpack itself) (50 out of 55 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 region_size: 2887680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002b30000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002df0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077131000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077131000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077131000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077131000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077131000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077131000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000770dd000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077102000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000770e4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077102000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefc135000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefc135000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefdda4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefda01000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000770ca000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002da0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000735bc000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:15 a.m.	process_identifier: 1556 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000073e23000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 region_size: 3739648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000003130000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000034c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077131000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077131000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077131000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077131000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077131000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077131000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000770dd000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077102000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000770e4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077102000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefc135000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefc135000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefdda4000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefda01000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000770ca000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000770cf000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000770cd000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000770cb000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e56000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000077206000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000076e51000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000770d0000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000770ca000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000771df000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000771eb000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007feff3d7000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefdd44000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fefdd41000 process_handle: 0xffffffffffffffff	1

An application raised an exception which may be indicative of an exploit crash (2 events)

Time & API	Arguments	Status	Return	Repeated
Application Crash	Process iexplore.exe with pid 1556 crashed
__exception__ March 17, 2021, 9:15 a.m.	stacktrace: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd6da49d RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff1673c3 ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7feff2c43bf IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7feff185295 I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7feff182799 Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7feff22af1e Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7feff22b76c NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7feff1848d6 CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7feff3f0883 CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7feff3f0ccd CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7feff3f0c43 CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7feff2aa4f0 GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7feff2bd551 CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7feff3f347e CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7feff3f122b CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7feff3f3542 GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7feff2bd42d GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7feff2bd1d6 TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x770d9bd1 TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x770d98da GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7feff2bd0ab CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7feff3e3e57 ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7feff290106 ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7feff290182 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 48 81 c4 c8 00 00 00 c3 48 85 f6 74 08 83 3b 00 exception.symbol: RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d exception.instruction: add rsp, 0xc8 exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 42141 exception.address: 0x7fefd6da49d registers.r14: 0 registers.r15: 0 registers.rcx: 103276992 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 103282944 registers.r11: 103278752 registers.r8: 0 registers.r9: 0 registers.rdx: 1 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 1895841267 registers.r13: 0	1	0	0

Application Crash

Process iexplore.exe with pid 1556 crashed

Time & API

Arguments

Status

Return

Repeated

__exception__

March 17, 2021, 9:15 a.m.

stacktrace:

RaiseException+0x3d FreeEnvironmentStringsW-0x373 kernelbase+0xa49d @ 0x7fefd6da49d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff1673c3
ObjectStublessClient32+0x8bf CoDisconnectContext-0x107b9 ole32+0x443bf @ 0x7feff2c43bf
IUnknown_AddRef_Proxy+0x1f5 NdrFixedArrayBufferSize-0xeb rpcrt4+0x35295 @ 0x7feff185295
I_RpcFreeBuffer+0x1b9 NdrRangeUnmarshall-0x5a7 rpcrt4+0x32799 @ 0x7feff182799
Ndr64AsyncServerCallAll+0xa9e Ndr64AsyncClientCall-0xf42 rpcrt4+0xdaf1e @ 0x7feff22af1e
Ndr64AsyncServerCallAll+0x12ec Ndr64AsyncClientCall-0x6f4 rpcrt4+0xdb76c @ 0x7feff22b76c
NdrStubCall3+0xc6 NdrOleAllocate-0x3ea rpcrt4+0x348d6 @ 0x7feff1848d6
CoGetInstanceFromFile+0x4cd3 HACCEL_UserFree-0x70fd ole32+0x170883 @ 0x7feff3f0883
CoGetInstanceFromFile+0x511d HACCEL_UserFree-0x6cb3 ole32+0x170ccd @ 0x7feff3f0ccd
CoGetInstanceFromFile+0x5093 HACCEL_UserFree-0x6d3d ole32+0x170c43 @ 0x7feff3f0c43
CoSetState+0x1450 DcomChannelSetHResult-0x34c ole32+0x2a4f0 @ 0x7feff2aa4f0
GetErrorInfo+0x599 ObjectStublessClient7-0xb1f ole32+0x3d551 @ 0x7feff2bd551
CoGetInstanceFromFile+0x78ce HACCEL_UserFree-0x4502 ole32+0x17347e @ 0x7feff3f347e
CoGetInstanceFromFile+0x567b HACCEL_UserFree-0x6755 ole32+0x17122b @ 0x7feff3f122b
CoGetInstanceFromFile+0x7992 HACCEL_UserFree-0x443e ole32+0x173542 @ 0x7feff3f3542
GetErrorInfo+0x475 ObjectStublessClient7-0xc43 ole32+0x3d42d @ 0x7feff2bd42d
GetErrorInfo+0x21e ObjectStublessClient7-0xe9a ole32+0x3d1d6 @ 0x7feff2bd1d6
TranslateMessageEx+0x2a1 IntersectRect-0x11f user32+0x19bd1 @ 0x770d9bd1
TranslateMessage+0x1ea DispatchMessageW-0x42 user32+0x198da @ 0x770d98da
GetErrorInfo+0xf3 ObjectStublessClient7-0xfc5 ole32+0x3d0ab @ 0x7feff2bd0ab
CoUnloadingWOW+0x117 OleCreateFromFileEx-0x1829 ole32+0x163e57 @ 0x7feff3e3e57
ObjectStublessClient24+0x1876 CLSIDFromString-0x57a ole32+0x10106 @ 0x7feff290106
ObjectStublessClient24+0x18f2 CLSIDFromString-0x4fe ole32+0x10182 @ 0x7feff290182
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521

Creates executable files on the filesystem (17 events)

file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\analytics[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\reaction-button-container.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\search_dragselection.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\script[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\tiara.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\shareEntryWithSNS[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\tiara.min[2].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\functions[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\menubar.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\js[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\base[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VKMIWH9C\roosevelt_dk_bt[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\profile[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTDTA402\lightbox-plus-jquery.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZTY94C7J\jquery-3.2.1.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\kakao.min[1].js
file	C:\Users\test22\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYECVYBT\common[1].js

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory March 17, 2021, 9:14 a.m.	process_identifier: 584 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x000007fffef60000 process_handle: 0xffffffffffffffff	1	0	0

Potentially malicious URLs were found in the process memory dump (50 out of 1583 events)

url	https://ssl.pstatic.net/tveta/libs/1287/1287046/6df1cc02334922baa2d4_20200806172035021.jpg
url	https://ssl.pstatic.net/static/pwe/common/img_use_mobile_version.png
url	http://uk.ask.com/favicon.ico
url	https://fonts.gstatic.com/s/lato/v16/S6uyw4BMUTPHjx4wWA.woff
url	http://crl.identrust.com/DSTROOTCAX3CRL.crl0
url	http://www.cnet.com/favicon.ico
url	https://track.tiara.daum.net
url	https://castbox.shopping.naver.com/js/lazyload.js
url	https://s.pstatic.net/shopping.phinf/20200729_1/2931dd60-1842-4048-a39c-1e3389db4a0e.jpg
url	http://search.hanafos.com/favicon.ico
url	https://ssl.pstatic.net/tveta/libs/1298/1298853/743c01d46e807a376d99_20200730182507675.png
url	https://s.pstatic.net/static/newsstand/2020/logo/light/0604/820.png
url	https://file-examples-com.github.io/uploads/2017/02/file-sample_1MB.doc
url	http://blogimgs.naver.com/nblog/skins/happybean/bg-head.gif
url	http://www.amazon.co.jp/
url	http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
url	http://yellowpages.superpages.com/
url	https://www.naver.com
url	https://s.pstatic.net/shopping.phinf/20200806_26/3cad46ab-3fa4-4756-9e01-d61372890bd0.jpg
url	https://s.pstatic.net/dthumb.phinf/?src=%22http%3A%2F%2Fstatic.naver.net%2Fwww%2Fmobile%2Fedit%2F2020%2F0804%2Fmobile_212629657646c.jpg%22
url	https://my.sendinblue.com/public/theme/version4/assets/images/loader_sblue.gif
url	https://ssl.pstatic.net/static/pwe/nm/sp_mail_setup_140716.png
url	https://s.pstatic.net/shopping.phinf/20180206_26/7e09abe6-c90b-4dc0-b6ef-e8ab8e8c4967.jpg
url	http://search.sify.com/
url	https://s.pstatic.net/static/newsstand/2020/logo/light/0604/410.png
url	http://search.msn.com/results.aspx?q=
url	https://s.pstatic.net/shopping.phinf/20200731_21/4628ed28-27dc-4586-871c-f7f22524da89.jpg?type=f214_292
url	https://s.pstatic.net/imgshopping/static/sb/js/sb/nclktagS01_v1.js?v=2020080314
url	https://ssl.pstatic.net/tveta/libs/1299/1299024/c033376e145702a0a471_20200806171156016.jpg
url	https://fonts.googleapis.com/css?family=Open
url	https://t1.daumcdn.net/tistory_admin/lib/lightbox/css/lightbox.min.css
url	https://t1.daumcdn.net/tistory_admin/assets/blog/tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a/blogs/plugins/TistoryProfileLayer/profile.js?_version_=tistory-0a7992ffde7ccd5778a90843d8728cf62eb7f48a
url	http://si.wikipedia.org/w/api.php?action=opensearch
url	https://i1.daumcdn.net/thumb/C148x148/?fname=https://blog.kakaocdn.net/dn/bEAS4d/btqzl5GtXWe/9nDyJsdbfwKBlsKDkNvW01/img.png
url	https://developers.kakao.com/sdk/js/kakao.min.js
url	http://search.ebay.fr/
url	https://s.pstatic.net/static/newsstand/2020/logo/light/0604/921.png
url	https://t1.daumcdn.net/tistory_admin/lib/lightbox/images/next.png
url	https://file-examples.com/wp-content/themes/file-examples/vendor/font-awesome/fonts/fontawesome-webfont.eot?
url	https://s.pstatic.net/shopping.phinf/20200603_16/34b72b79-bb6a-40b2-b35d-ae82e0ee5115.jpg
url	http://it.wikipedia.org/favicon.ico
url	http://uk.ask.com/
url	https://fonts.gstatic.com/s/muli/v22/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30e4.woff
url	https://kauth.kakao.com/public/widget/login/kakaoLoginWidget.html
url	https://stat.tiara.kakaofriends.com/track
url	https://s.pstatic.net/static/www/img/uit/2020/sp_shop.4e0461.png
url	http://blogimgs.naver.com/blog20/blog/layout_photo/viewer2/btn_right.gif
url	http://www.google.cz/
url	http://search.ebay.co.uk/
url	https://nid.naver.com/login/ext/deviceConfirm.nhn?svctype=1

Yara rule detected in process memory (50 out of 80 events)

description	Affect system registries	rule	win_registry
description	Affect system token	rule	win_token
description	Affect private profile	rule	win_files_operation
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Listen for incoming communication	rule	network_tcp_listen
description	Communications over HTTP	rule	network_http
description	File downloader/dropper	rule	network_dropper
description	Communications over RAW socket	rule	network_tcp_socket
description	Communications use DNS	rule	network_dns
description	Communication using dga	rule	network_dga
description	Take screenshot	rule	screenshot
description	Run a keylogger	rule	keylogger
description	Record Audio	rule	sniff_audio
description	APC queue tasks migration	rule	migrate_apc
description	Create or check mutex	rule	win_mutex
description	Affect system registries	rule	win_registry
description	Affect system token	rule	win_token
description	Affect private profile	rule	win_files_operation
description	Match Winsock 2 API library declaration	rule	Str_Win32_Winsock2_Library
description	Match Windows Inet API library declaration	rule	Str_Win32_Wininet_Library
description	Match Windows Inet API call	rule	Str_Win32_Internet_API
description	Match Windows Http API call	rule	Str_Win32_Http_API
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	Possibly employs anti-virtualization techniques	rule	vmdetect
description	Checks if being debugged	rule	anti_dbg
description	Anti-Sandbox checks for ThreatExpert	rule	antisb_threatExpert
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook
description	Code injection with CreateRemoteThread in a remote process	rule	inject_thread
description	Hijack network configuration	rule	hijack_network
description	Create a windows service	rule	create_service
description	Create a COM server	rule	create_com_service
description	Communications over UDP network	rule	network_udp_sock
description	Listen for incoming communication	rule	network_tcp_listen
description	Communications over Toredo network	rule	network_toredo
description	Communications over P2P network	rule	network_p2p_win
description	Communications over HTTP	rule	network_http
description	File downloader/dropper	rule	network_dropper
description	Communications over FTP	rule	network_ftp
description	Communications over RAW socket	rule	network_tcp_socket
description	Communications use DNS	rule	network_dns
description	Communication using dga	rule	network_dga
description	Escalade priviledges	rule	escalate_priv

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1556 CREDAT:145409

Communicates with host for which no DNS query was performed (1 event)

host

117.18.232.200

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 1556 resumed a thread in remote process 584
NtResumeThread March 17, 2021, 9:14 a.m.	thread_handle: 0x0000000000000338 suspend_count: 1 process_identifier: 584	1	0	0

http://lunasier.tistory.com/

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All