Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	April 20, 2021, 9:29 a.m.	April 20, 2021, 9:34 a.m.

Size	242.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`d4d8ef44275700e1b44a4c82fa18a7e7`
SHA256	`a77a3638d5c7d0c986f01af3db3f8e92b0acb6c8311c9c20bcca49658c09c975`
CRC32	`AF5671B1`
ssdeep	`6144:EAfqML/kp+seIlgCoSe0cqsEG48ETb/cjMiTqjCQ:GM47eCoH0cR5sb/cjMiTq`
Yara	Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT PE_Header_Zero - PE File Signature Zero IsPE32 - (no description) IsNET_EXE - (no description) IsWindowsGUI - (no description) IsPacked - Entropy Check

Uekonhzz.pdf "C:\Users\test22\AppData\Local\Temp\Uekonhzz.pdf"
4208
- Uekonhzz.pdf C:\Users\test22\AppData\Local\Temp\Uekonhzz.pdf
  4848

Name	Response	Post-Analysis Lookup
www.yoursite.com	A 104.21.14.15 A 172.67.133.191	172.67.133.191
yoursite.com	A 104.21.14.15 A 172.67.133.191	104.21.14.15
checkip.dyndns.org	A 131.186.161.70 A 216.146.43.70 A 216.146.43.71 CNAME checkip.dyndns.com A 131.186.113.70 A 162.88.193.70	131.186.161.70
freegeoip.app	A 104.21.19.200 A 172.67.188.154	172.67.188.154

IP Address	Status	Action
104.21.14.15	Active	Moloch
104.21.19.200	Active	Moloch
164.124.101.2	Active	Moloch
172.217.25.14	Active	Moloch
172.67.133.191	Active	Moloch
216.146.43.70	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.102:49806 -> 172.67.133.191:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.102:54660 -> 164.124.101.2:53	2012758	ET INFO DYNAMIC_DNS Query to *.dyndns. Domain	Misc activity
TCP 192.168.56.102:49816 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49813 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49816	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49820 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49822 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49820	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49822	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49825 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49828 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49813	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49828	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49815 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49830 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49815	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49830	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49819 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49832 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49819	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49832	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49824 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49833 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49824	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49833	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49812 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49834 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49812	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49834	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49825	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49814 -> 104.21.19.200:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49831 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49831	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49817 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49817	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49808 -> 104.21.14.15:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.102:49821 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49821	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49826 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49826	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49818 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49818	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49823 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49823	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49827 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49827	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected
TCP 192.168.56.102:49829 -> 216.146.43.70:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 216.146.43.70:80 -> 192.168.56.102:49829	2014932	ET POLICY DynDNS CheckIp External IP Address Server Response	Device Retrieving External IP Address Detected

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.102:49806 172.67.133.191:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	97:38:3d:17:60:cf:37:5f:32:f8:a8:d4:38:b0:95:2f:df:2d:6a:93
TLSv1 192.168.56.102:49814 104.21.19.200:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	a1:b3:fe:fd:e8:05:d5:f2:ad:ee:b3:5b:8c:5f:ae:4f:43:52:5e:89
TLSv1 192.168.56.102:49808 104.21.14.15:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	97:38:3d:17:60:cf:37:5f:32:f8:a8:d4:38:b0:95:2f:df:2d:6a:93

Queries for the computername (13 events)

Time & API	Arguments	Status	Return
GetComputerNameW April 20, 2021, 9:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 20, 2021, 9:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 20, 2021, 9:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 20, 2021, 9:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 20, 2021, 9:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 20, 2021, 9:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 20, 2021, 9:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 20, 2021, 9:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 20, 2021, 9:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 20, 2021, 9:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 20, 2021, 9:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 20, 2021, 9:30 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW April 20, 2021, 9:30 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (4 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent April 20, 2021, 9:29 a.m.			0	0
IsDebuggerPresent April 20, 2021, 9:29 a.m.			0	0
IsDebuggerPresent April 20, 2021, 9:30 a.m.			0	0
IsDebuggerPresent April 20, 2021, 9:30 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (6 events)

Time & API	Arguments	Status	Return
CryptExportKey April 20, 2021, 9:30 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00843498 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 20, 2021, 9:30 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008434d8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 20, 2021, 9:30 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008434d8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 20, 2021, 9:30 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x05cf25e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 20, 2021, 9:30 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x05cf25e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey April 20, 2021, 9:30 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x05cf2368 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx April 20, 2021, 9:29 a.m.		1	1	0

One or more processes crashed (50 out of 343 events)

Time & API	Arguments	Status
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x648b75 0x64731c 0x64547b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6fc21838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6fc21737 mscorlib+0x2d36ad @ 0x6eeb36ad mscorlib+0x308f2d @ 0x6eee8f2d mscorlib+0x3135ed @ 0x6eef35ed 0x641925 0x640e77 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 3598784 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 3598988 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x648b75 0x64731c 0x64547b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6fc21838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6fc21737 mscorlib+0x2d36ad @ 0x6eeb36ad mscorlib+0x308f2d @ 0x6eee8f2d mscorlib+0x3135ed @ 0x6eef35ed 0x641925 0x640e77 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 3598784 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 3598988 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x648b75 0x64731c 0x64547b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6fc21838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6fc21737 mscorlib+0x2d36ad @ 0x6eeb36ad mscorlib+0x308f2d @ 0x6eee8f2d mscorlib+0x3135ed @ 0x6eef35ed 0x641925 0x640e77 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 3598784 registers.edi: 1990713288 registers.eax: 19464192 registers.ebp: 3598988 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x648b75 0x64731c 0x64547b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6fc21838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6fc21737 mscorlib+0x2d36ad @ 0x6eeb36ad mscorlib+0x308f2d @ 0x6eee8f2d mscorlib+0x3135ed @ 0x6eef35ed 0x641925 0x640e77 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 3598784 registers.edi: 1990713288 registers.eax: 3604480 registers.ebp: 3598988 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: 0x7232c4 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 39 09 e8 62 bb 6f 64 8b c8 8b 01 8b 40 28 ff 10 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x724fcf registers.esp: 3273024 registers.edi: 3273128 registers.eax: 37753384 registers.ebp: 3273144 registers.edx: 37753384 registers.ebx: 3273356 registers.esi: 38685228 registers.ecx: 0	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x725596 0x7232ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726296 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 38692028 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38692028 registers.ecx: 38650892	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x725596 0x7232ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7262b7 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38692028 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x725596 0x7232ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726344 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38692028 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x725596 0x7232ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7263e7 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38692028 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x725596 0x7232ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 9c c8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726412 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38692028 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x725596 0x7232ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726444 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38692028 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x725596 0x7232ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7265bd registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38696060 registers.ecx: 1888166576	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x725596 0x7232ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726638 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38696060 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72691a 0x7232d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726296 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 38698756 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38698756 registers.ecx: 38650892	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72691a 0x7232d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7262b7 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38698756 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72691a 0x7232d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726344 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38698756 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72691a 0x7232d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7263e7 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38698756 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72691a 0x7232d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 9c c8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726412 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38698756 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72691a 0x7232d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726444 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38698756 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72691a 0x7232d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7265bd registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38701256 registers.ecx: 38701256	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72691a 0x7232d0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726638 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38701256 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x727112 0x7232d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726296 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 38703956 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38703956 registers.ecx: 38650892	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x727112 0x7232d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7262b7 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38703956 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x727112 0x7232d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726344 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38703956 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x727112 0x7232d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7263e7 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38703956 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x727112 0x7232d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 9c c8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726412 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38703956 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x727112 0x7232d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726444 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38703956 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x727112 0x7232d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7265bd registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38706460 registers.ecx: 38706460	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x727112 0x7232d6 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726638 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38706460 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72790a 0x7232dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726296 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 38709172 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38709172 registers.ecx: 38650892	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72790a 0x7232dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7262b7 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38709172 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72790a 0x7232dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726344 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38709172 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72790a 0x7232dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 78 03 00 00 89 55 c8 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7263e7 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38709172 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72790a 0x7232dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 55 03 00 00 8b 4c 82 0c e8 9c c8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726412 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38709172 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72790a 0x7232dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 03 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726444 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38709172 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72790a 0x7232dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 aa 01 00 00 8b 5c 82 0c ff 15 b8 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7265bd registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38711680 registers.ecx: 38711680	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72790a 0x7232dc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 2f 01 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726638 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 38711680 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: 0x72667f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x728102 0x7232e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 7a 12 00 00 83 c2 01 0f exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x72d280 registers.esp: 3270328 registers.edi: 39100556 registers.eax: 0 registers.ebp: 3271632 registers.edx: 39099836 registers.ebx: 39099844 registers.esi: 39100632 registers.ecx: 1694156656	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: 0x72667f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x728102 0x7232e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 50 04 83 c2 ff 0f 80 3a 12 00 00 89 55 94 33 exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x72d2c0 registers.esp: 3270328 registers.edi: 39100556 registers.eax: 0 registers.ebp: 3271632 registers.edx: 0 registers.ebx: 39099844 registers.esi: 39100632 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: 0x72667f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x728102 0x7232e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 12 12 00 00 c1 e0 04 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x72d2f0 registers.esp: 3270328 registers.edi: 39100556 registers.eax: 0 registers.ebp: 3271632 registers.edx: 0 registers.ebx: 39099844 registers.esi: 39100632 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: 0x72667f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x728102 0x7232e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 dc 11 00 00 c1 e0 04 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x72d326 registers.esp: 3270328 registers.edi: 39100556 registers.eax: 0 registers.ebp: 3271632 registers.edx: 0 registers.ebx: 39099844 registers.esi: 39100632 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: 0x72667f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x728102 0x7232e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 c3 0f 00 00 c1 e0 04 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x72d53f registers.esp: 3270324 registers.edi: 3270528 registers.eax: 0 registers.ebp: 3271632 registers.edx: 0 registers.ebx: 38924280 registers.esi: 0 registers.ecx: 1900501568	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: 0x72667f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x728102 0x7232e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 4b 04 0f 83 30 07 00 00 c1 e1 04 8d 4c 0b 08 exception.instruction: cmp ecx, dword ptr [ebx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x72ddd2 registers.esp: 3270328 registers.edi: 3270528 registers.eax: 0 registers.ebp: 3271632 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: 0x72ead1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f05f @ 0x708bf05f microsoft+0x3e4d4 @ 0x708be4d4 0x7281fd 0x7232e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 3b 55 08 7f 11 c7 45 d0 06 00 00 00 33 exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x72ec64 registers.esp: 3271664 registers.edi: 3271704 registers.eax: 0 registers.ebp: 3271720 registers.edx: 0 registers.ebx: 3272412 registers.esi: 38714416 registers.ecx: 0	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: 0x72ead1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f05f @ 0x708bf05f microsoft+0x3e4d4 @ 0x708be4d4 0x7282ea 0x7232e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 3b 55 08 7f 11 c7 45 d0 06 00 00 00 33 exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x72ec64 registers.esp: 3271664 registers.edi: 3271704 registers.eax: 0 registers.ebp: 3271720 registers.edx: 0 registers.ebx: 3272412 registers.esi: 38714416 registers.ecx: 0	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: 0x72ead1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f05f @ 0x708bf05f microsoft+0x3e4d4 @ 0x708be4d4 0x7283d7 0x7232e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 3b 55 08 7f 11 c7 45 d0 06 00 00 00 33 exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x72ec64 registers.esp: 3271664 registers.edi: 3271704 registers.eax: 0 registers.ebp: 3271720 registers.edx: 0 registers.ebx: 3272412 registers.esi: 38714416 registers.ecx: 0	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: 0x728445 0x7232e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 38 01 6a 03 6a 00 33 d2 e8 3f 56 77 64 8b f0 ff exception.instruction: cmp byte ptr [ecx], al exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x72ee54 registers.esp: 3272988 registers.edi: 39107092 registers.eax: 7532112 registers.ebp: 3272992 registers.edx: 0 registers.ebx: 0 registers.esi: 0 registers.ecx: 0	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72ef1a 0x7232e8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 52 04 89 55 cc 33 d2 89 55 d4 83 7d cc 00 7c exception.instruction: mov edx, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726296 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 39110804 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 39110804 registers.ecx: 38650892	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72ef1a 0x7232e8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 b0 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7262b7 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 39110804 registers.ecx: 8481660	1
__exception__ April 20, 2021, 9:30 a.m.	stacktrace: DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d microsoft+0x50c17 @ 0x708d0c17 microsoft+0x3f33f @ 0x708bf33f microsoft+0x3edf8 @ 0x708bedf8 microsoft+0x3e3b9 @ 0x708be3b9 0x72ef1a 0x7232e8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7387f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 3b 42 04 0f 83 23 04 00 00 c1 e0 05 8d 44 02 08 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x726344 registers.esp: 3271648 registers.edi: 3271736 registers.eax: 0 registers.ebp: 3271752 registers.edx: 0 registers.ebx: 3272364 registers.esi: 39110804 registers.ecx: 8481660	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (3 events)

suspicious_features	GET method with no useragent header	suspicious_request	GET https://www.yoursite.com/
suspicious_features	GET method with no useragent header	suspicious_request	GET https://yoursite.com/
suspicious_features	GET method with no useragent header	suspicious_request	GET https://freegeoip.app/xml/175.208.134.150

Connects to a Dynamic DNS Domain (1 event)

domain

checkip.dyndns.org

Performs some HTTP requests (4 events)

request	GET http://checkip.dyndns.org/
request	GET https://www.yoursite.com/
request	GET https://yoursite.com/
request	GET https://freegeoip.app/xml/175.208.134.150

Allocates read-write-execute memory (usually to unpack itself) (50 out of 79 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 1114112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00490000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6fba1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6fba2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 262144 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00402000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00640000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00435000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0043b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00437000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00426000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0040a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00427000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00641000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0042b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0041a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00642000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00643000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:29 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00645000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00646000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4208 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00647000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4208 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00649000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 1507328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008f0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6f501000 process_handle: 0xffffffff	1
NtProtectVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6f502000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 1441792 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02180000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x022a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003f2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00720000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0049b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00497000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003fa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00721000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00495000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00487000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00722000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00486000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x003fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00723000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00724000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00725000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Steals private information from local Internet browsers (7 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file	C:\Users\test22\AppData\Roaming\Opera\Opera\profile\wand.dat
file	C:\Users\test22\AppData\Local\Chromium\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Nichrome\User Data\Default\Login Data

Looks up the external IP address (1 event)

domain

checkip.dyndns.org

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses April 20, 2021, 9:29 a.m.	flags: 15 family: 0		111	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00037e00', u'virtual_address': u'0x00002000', u'entropy': 7.974455722035127, u'name': u'.text', u'virtual_size': u'0x00037ca4'}

entropy

7.97445572204

description

A section with a high entropy has been found

entropy

0.923553719008

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 events)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW April 20, 2021, 9:30 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0
LookupPrivilegeValueW April 20, 2021, 9:30 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (13 events)

description	Listen for incoming communication	rule	network_tcp_listen
description	Communications smtp	rule	network_smtp_dotNet
description	Run a keylogger	rule	keylogger
description	Affect private profile	rule	win_files_operation
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

Allocates execute permission to another process indicative of possible code injection (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000005ec	1	0	0

Attempts to identify installed AV products by installation directory (1 event)

file	C:\Users\test22\AppData\Local\AVAST Software\Browser\User Data\Default\Login Data

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

reg_value

explorer.exe,"C:\Users\test22\AppData\Local\.notepad.exe",

Harvests credentials from local FTP client softwares (1 event)

file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Harvests information related to installed instant messenger clients (1 event)

file	C:\Users\test22\AppData\Roaming\.purple\accounts.xml

Potential code injection by writing to the memory of another process (4 events)

Time & API	Arguments	Status	Return
WriteProcessMemory April 20, 2021, 9:30 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL8I`à(nG `@ @GW`Ø H.textt' ( `.rsrcØ`*@@.reloc0@B base_address: 0x00400000 process_identifier: 4848 process_handle: 0x000005ec	1	1
WriteProcessMemory April 20, 2021, 9:30 a.m.	buffer: P8h `LìbêL4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°¬StringFileInfo000004b0,FileDescription 0FileVersion0.0.0.0< InternalNameSY8BOT3H.exe(LegalCopyright D OriginalFilenameSY8BOT3H.exe4ProductVersion0.0.0.08Assembly Version0.0.0.0ï»¿<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly> base_address: 0x00466000 process_identifier: 4848 process_handle: 0x000005ec	1	1
WriteProcessMemory April 20, 2021, 9:30 a.m.	buffer: @p756416cb61c332785ac7596bf2df6e9c2 base_address: 0x00468000 process_identifier: 4848 process_handle: 0x000005ec	1	1
WriteProcessMemory April 20, 2021, 9:30 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 4848 process_handle: 0x000005ec	1	1

Code injection by writing an executable or DLL to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory April 20, 2021, 9:30 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL8I`à(nG `@ @GW`Ø H.textt' ( `.rsrcØ`*@@.reloc0@B base_address: 0x00400000 process_identifier: 4848 process_handle: 0x000005ec	1	1	0

Harvests credentials from local email clients (3 events)

registry	HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry	HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
registry	HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 4208 called NtSetContextThread to modify thread in remote process 4848
NtSetContextThread April 20, 2021, 9:30 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4605806 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000005e8 process_identifier: 4848	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 4208 resumed a thread in remote process 4848
NtResumeThread April 20, 2021, 9:30 a.m.	thread_handle: 0x000005e8 suspend_count: 1 process_identifier: 4848	1	0	0

Executed a process and injected code into it, probably while unpacking (19 events)

Time & API	Arguments	Status	Return
NtResumeThread April 20, 2021, 9:29 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 4208	1	0
NtResumeThread April 20, 2021, 9:29 a.m.	thread_handle: 0x0000014c suspend_count: 1 process_identifier: 4208	1	0
NtResumeThread April 20, 2021, 9:29 a.m.	thread_handle: 0x000001c0 suspend_count: 1 process_identifier: 4208	1	0
NtResumeThread April 20, 2021, 9:29 a.m.	thread_handle: 0x0000034c suspend_count: 1 process_identifier: 4208	1	0
NtResumeThread April 20, 2021, 9:30 a.m.	thread_handle: 0x000005d4 suspend_count: 1 process_identifier: 4208	1	0
CreateProcessInternalW April 20, 2021, 9:30 a.m.	thread_identifier: 668 thread_handle: 0x000005e8 process_identifier: 4848 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Uekonhzz.pdf filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000005ec	1	1
NtGetContextThread April 20, 2021, 9:30 a.m.	thread_handle: 0x000005e8	1	0
NtAllocateVirtualMemory April 20, 2021, 9:30 a.m.	process_identifier: 4848 region_size: 434176 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000005ec	1	0
WriteProcessMemory April 20, 2021, 9:30 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL8I`à(nG `@ @GW`Ø H.textt' ( `.rsrcØ`*@@.reloc0@B base_address: 0x00400000 process_identifier: 4848 process_handle: 0x000005ec	1	1
WriteProcessMemory April 20, 2021, 9:30 a.m.	buffer: base_address: 0x00402000 process_identifier: 4848 process_handle: 0x000005ec	1	1
WriteProcessMemory April 20, 2021, 9:30 a.m.	buffer: P8h `LìbêL4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°¬StringFileInfo000004b0,FileDescription 0FileVersion0.0.0.0< InternalNameSY8BOT3H.exe(LegalCopyright D OriginalFilenameSY8BOT3H.exe4ProductVersion0.0.0.08Assembly Version0.0.0.0ï»¿<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly> base_address: 0x00466000 process_identifier: 4848 process_handle: 0x000005ec	1	1
WriteProcessMemory April 20, 2021, 9:30 a.m.	buffer: @p756416cb61c332785ac7596bf2df6e9c2 base_address: 0x00468000 process_identifier: 4848 process_handle: 0x000005ec	1	1
WriteProcessMemory April 20, 2021, 9:30 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 4848 process_handle: 0x000005ec	1	1
NtSetContextThread April 20, 2021, 9:30 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4605806 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000005e8 process_identifier: 4848	1	0
NtResumeThread April 20, 2021, 9:30 a.m.	thread_handle: 0x000005e8 suspend_count: 1 process_identifier: 4848	1	0
NtResumeThread April 20, 2021, 9:30 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 4848	1	0
NtResumeThread April 20, 2021, 9:30 a.m.	thread_handle: 0x00000154 suspend_count: 1 process_identifier: 4848	1	0
NtResumeThread April 20, 2021, 9:30 a.m.	thread_handle: 0x00000194 suspend_count: 1 process_identifier: 4848	1	0
NtResumeThread April 20, 2021, 9:30 a.m.	thread_handle: 0x000003b0 suspend_count: 1 process_identifier: 4848	1	0

File has been identified by 30 AntiVirus engines on VirusTotal as malicious (30 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.46130235
McAfee	Artemis!D4D8EF442757
Cylance	Unsafe
Sangfor	Trojan.Win32.Wacatac.B
CrowdStrike	win/malicious_confidence_100% (W)
BitDefenderTheta	Gen:NN.ZemsilF.34678.pm0@aa8fCdp
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	MSIL/Spy.Agent.AES
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Backdoor.MSIL.Androm.gen
BitDefender	Trojan.GenericKD.46130235
Ad-Aware	Trojan.GenericKD.46130235
McAfee-GW-Edition	BehavesLike.Win32.Generic.dc
FireEye	Generic.mg.d4d8ef44275700e1
Ikarus	Trojan.MSIL.Inject
MaxSecure	Trojan.Malware.300983.susgen
Kingsoft	Win32.Hack.Undef.(kcloud)
Microsoft	Trojan:Win32/Woreflint.A!cl
AegisLab	Trojan.MSIL.Androm.m!c
GData	Trojan.GenericKD.46130235
Cynet	Malicious (score: 100)
MAX	malware (ai score=81)
Malwarebytes	Trojan.Crypt.MSIL
Fortinet	PossibleThreat.PALLASNET.H
Webroot	W32.Trojan.Gen
AVG	Win32:MalwareX-gen [Trj]
Cybereason	malicious.26a0b2
Avast	Win32:MalwareX-gen [Trj]

Uekonhzz.pdf

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All