Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 7, 2021, 10:52 a.m.	July 7, 2021, 11 a.m.

Size	527.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`db6d1eadf3bfc69ac72965056c2c742c`
SHA256	`6eed5350c18b26f6aadaf28e5ceb48ca742db7fbee28fbe9aa7f3c552651e048`
CRC32	`180D622F`
ssdeep	`6144:4YzOX6+Z9dREWqp1e0yq4OOsXsdTRF9TfNOip4hximOtIUzoqh8yNjYDcp1bc/:Pzy9dR0i0yboITRTpOA4h4GUvjScp2`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) IsPE32 - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT

microa.exe "C:\Users\test22\AppData\Local\Temp\microa.exe"
4564
- microa.exe C:\Users\test22\AppData\Local\Temp\microa.exe
  2228
  - wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\install.vbs"
    4408
    - cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
      4848
      - remcos.exe C:\Users\test22\AppData\Roaming\Remcos\remcos.exe
        6696
        
        remcos.exe C:\Users\test22\AppData\Local\Temp\remcos.exe
        4764
        
        wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\install.vbs"
        6440
        
        cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
        8700
        
        remcos.exe C:\Users\test22\AppData\Roaming\Remcos\remcos.exe
        4804
        
        remcos.exe C:\Users\test22\AppData\Local\Temp\remcos.exe
        884
        
        wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\install.vbs"
        6684
        
        cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
        6124
        
        remcos.exe C:\Users\test22\AppData\Roaming\Remcos\remcos.exe
        6188
        
        remcos.exe C:\Users\test22\AppData\Local\Temp\remcos.exe
        6368
        
        wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\install.vbs"
        1308
        
        cmd.exe "C:\Windows\System32\cmd.exe" /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
        4264
        
        remcos.exe C:\Users\test22\AppData\Roaming\Remcos\remcos.exe
        8776

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
172.217.25.14	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (10 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 7, 2021, 10:52 a.m.			0	0
IsDebuggerPresent July 7, 2021, 10:52 a.m.			0	0
IsDebuggerPresent July 7, 2021, 10:53 a.m.			0	0
IsDebuggerPresent July 7, 2021, 10:53 a.m.			0	0
IsDebuggerPresent July 7, 2021, 10:53 a.m.			0	0
IsDebuggerPresent July 7, 2021, 10:53 a.m.			0	0
IsDebuggerPresent July 7, 2021, 10:53 a.m.			0	0
IsDebuggerPresent July 7, 2021, 10:53 a.m.			0	0
IsDebuggerPresent July 7, 2021, 10:54 a.m.			0	0
IsDebuggerPresent July 7, 2021, 10:54 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (12 events)

Time & API	Arguments	Status	Return
CryptExportKey July 7, 2021, 10:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0059adf0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 7, 2021, 10:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0059a970 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 7, 2021, 10:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0059a970 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 7, 2021, 10:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0073fe40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 7, 2021, 10:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00740340 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 7, 2021, 10:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00740340 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 7, 2021, 10:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003a1290 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 7, 2021, 10:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003a1790 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 7, 2021, 10:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003a1790 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 7, 2021, 10:54 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0033fe00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 7, 2021, 10:54 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00340300 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 7, 2021, 10:54 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00340300 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 7, 2021, 10:52 a.m.		1	1	0

One or more processes crashed (33 events)

Time & API	Arguments	Status
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5dc2bdd 0x5dc2b52 0x5dc0a6a 0x665fdc3 0x7dea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6fc21838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6fc21737 mscorlib+0x2d36ad @ 0x6eeb36ad mscorlib+0x308f2d @ 0x6eee8f2d mscorlib+0x3135ed @ 0x6eef35ed 0x7d16f3 0x7d15e6 0x7d151b 0x7d0de1 system+0x1f9799 @ 0x647c9799 system+0x1f92c8 @ 0x647c92c8 system+0x1eca74 @ 0x647bca74 system+0x1ec868 @ 0x647bc868 system+0x1f82b8 @ 0x647c82b8 system+0x1ee54d @ 0x647be54d system+0x1f70ea @ 0x647c70ea system+0x1e56c0 @ 0x647b56c0 system+0x1f8215 @ 0x647c8215 system+0x1f6f75 @ 0x647c6f75 system+0x1ee251 @ 0x647be251 system+0x1ee229 @ 0x647be229 system+0x1ee170 @ 0x647be170 0x46a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x647bbc85 system+0x1f683b @ 0x647c683b system+0x1a5e44 @ 0x64775e44 system+0x1fd8a0 @ 0x647cd8a0 system+0x1fd792 @ 0x647cd792 system+0x1a14bd @ 0x647714bd 0x7d007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4186176 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 4186380 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5dc2bdd 0x5dc2b52 0x5dc0a6a 0x665fdc3 0x7dea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6fc21838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6fc21737 mscorlib+0x2d36ad @ 0x6eeb36ad mscorlib+0x308f2d @ 0x6eee8f2d mscorlib+0x3135ed @ 0x6eef35ed 0x7d16f3 0x7d15e6 0x7d151b 0x7d0de1 system+0x1f9799 @ 0x647c9799 system+0x1f92c8 @ 0x647c92c8 system+0x1eca74 @ 0x647bca74 system+0x1ec868 @ 0x647bc868 system+0x1f82b8 @ 0x647c82b8 system+0x1ee54d @ 0x647be54d system+0x1f70ea @ 0x647c70ea system+0x1e56c0 @ 0x647b56c0 system+0x1f8215 @ 0x647c8215 system+0x1f6f75 @ 0x647c6f75 system+0x1ee251 @ 0x647be251 system+0x1ee229 @ 0x647be229 system+0x1ee170 @ 0x647be170 0x46a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x647bbc85 system+0x1f683b @ 0x647c683b system+0x1a5e44 @ 0x64775e44 system+0x1fd8a0 @ 0x647cd8a0 system+0x1fd792 @ 0x647cd792 system+0x1a14bd @ 0x647714bd 0x7d007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4186176 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 4186380 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5dc2bdd 0x5dc2b52 0x5dc0a6a 0x665fdc3 0x7dea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6fc21838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6fc21737 mscorlib+0x2d36ad @ 0x6eeb36ad mscorlib+0x308f2d @ 0x6eee8f2d mscorlib+0x3135ed @ 0x6eef35ed 0x7d16f3 0x7d15e6 0x7d151b 0x7d0de1 system+0x1f9799 @ 0x647c9799 system+0x1f92c8 @ 0x647c92c8 system+0x1eca74 @ 0x647bca74 system+0x1ec868 @ 0x647bc868 system+0x1f82b8 @ 0x647c82b8 system+0x1ee54d @ 0x647be54d system+0x1f70ea @ 0x647c70ea system+0x1e56c0 @ 0x647b56c0 system+0x1f8215 @ 0x647c8215 system+0x1f6f75 @ 0x647c6f75 system+0x1ee251 @ 0x647be251 system+0x1ee229 @ 0x647be229 system+0x1ee170 @ 0x647be170 0x46a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x647bbc85 system+0x1f683b @ 0x647c683b system+0x1a5e44 @ 0x64775e44 system+0x1fd8a0 @ 0x647cd8a0 system+0x1fd792 @ 0x647cd792 system+0x1a14bd @ 0x647714bd 0x7d007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4186176 registers.edi: 1990713288 registers.eax: 19464192 registers.ebp: 4186380 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5dc2bdd 0x5dc2b52 0x5dc0a6a 0x665fdc3 0x7dea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6fc21838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6fc21737 mscorlib+0x2d36ad @ 0x6eeb36ad mscorlib+0x308f2d @ 0x6eee8f2d mscorlib+0x3135ed @ 0x6eef35ed 0x7d16f3 0x7d15e6 0x7d151b 0x7d0de1 system+0x1f9799 @ 0x647c9799 system+0x1f92c8 @ 0x647c92c8 system+0x1eca74 @ 0x647bca74 system+0x1ec868 @ 0x647bc868 system+0x1f82b8 @ 0x647c82b8 system+0x1ee54d @ 0x647be54d system+0x1f70ea @ 0x647c70ea system+0x1e56c0 @ 0x647b56c0 system+0x1f8215 @ 0x647c8215 system+0x1f6f75 @ 0x647c6f75 system+0x1ee251 @ 0x647be251 system+0x1ee229 @ 0x647be229 system+0x1ee170 @ 0x647be170 0x46a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x647bbc85 system+0x1f683b @ 0x647c683b system+0x1a5e44 @ 0x64775e44 system+0x1fd8a0 @ 0x647cd8a0 system+0x1fd792 @ 0x647cd792 system+0x1a14bd @ 0x647714bd 0x7d007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4186176 registers.edi: 1990713288 registers.eax: 9240576 registers.ebp: 4186380 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5dc2bdd 0x5dc2b52 0x5dc0a6a 0x665fdc3 0x7dea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6fc21838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6fc21737 mscorlib+0x2d36ad @ 0x6eeb36ad mscorlib+0x308f2d @ 0x6eee8f2d mscorlib+0x3135ed @ 0x6eef35ed 0x7d16f3 0x7d15e6 0x7d151b 0x7d0de1 system+0x1f9799 @ 0x647c9799 system+0x1f92c8 @ 0x647c92c8 system+0x1eca74 @ 0x647bca74 system+0x1ec868 @ 0x647bc868 system+0x1f82b8 @ 0x647c82b8 system+0x1ee54d @ 0x647be54d system+0x1f70ea @ 0x647c70ea system+0x1e56c0 @ 0x647b56c0 system+0x1f8215 @ 0x647c8215 system+0x1f6f75 @ 0x647c6f75 system+0x1ee251 @ 0x647be251 system+0x1ee229 @ 0x647be229 system+0x1ee170 @ 0x647be170 0x46a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x647bbc85 system+0x1f683b @ 0x647c683b system+0x1a5e44 @ 0x64775e44 system+0x1fd8a0 @ 0x647cd8a0 system+0x1fd792 @ 0x647cd792 system+0x1a14bd @ 0x647714bd 0x7d007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4186176 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 4186380 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5dc2bdd 0x5dc2b52 0x5dc0a6a 0x665fdc3 0x7dea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6fc21838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6fc21737 mscorlib+0x2d36ad @ 0x6eeb36ad mscorlib+0x308f2d @ 0x6eee8f2d mscorlib+0x3135ed @ 0x6eef35ed 0x7d16f3 0x7d15e6 0x7d151b 0x7d0de1 system+0x1f9799 @ 0x647c9799 system+0x1f92c8 @ 0x647c92c8 system+0x1eca74 @ 0x647bca74 system+0x1ec868 @ 0x647bc868 system+0x1f82b8 @ 0x647c82b8 system+0x1ee54d @ 0x647be54d system+0x1f70ea @ 0x647c70ea system+0x1e56c0 @ 0x647b56c0 system+0x1f8215 @ 0x647c8215 system+0x1f6f75 @ 0x647c6f75 system+0x1ee251 @ 0x647be251 system+0x1ee229 @ 0x647be229 system+0x1ee170 @ 0x647be170 0x46a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x647bbc85 system+0x1f683b @ 0x647c683b system+0x1a5e44 @ 0x64775e44 system+0x1fd8a0 @ 0x647cd8a0 system+0x1fd792 @ 0x647cd792 system+0x1a14bd @ 0x647714bd 0x7d007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4186176 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 4186380 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5dc2bdd 0x5dc2b52 0x5dc0a6a 0x665fdc3 0x7dea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6fc21838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6fc21737 mscorlib+0x2d36ad @ 0x6eeb36ad mscorlib+0x308f2d @ 0x6eee8f2d mscorlib+0x3135ed @ 0x6eef35ed 0x7d16f3 0x7d15e6 0x7d151b 0x7d0de1 system+0x1f9799 @ 0x647c9799 system+0x1f92c8 @ 0x647c92c8 system+0x1eca74 @ 0x647bca74 system+0x1ec868 @ 0x647bc868 system+0x1f82b8 @ 0x647c82b8 system+0x1ee54d @ 0x647be54d system+0x1f70ea @ 0x647c70ea system+0x1e56c0 @ 0x647b56c0 system+0x1f8215 @ 0x647c8215 system+0x1f6f75 @ 0x647c6f75 system+0x1ee251 @ 0x647be251 system+0x1ee229 @ 0x647be229 system+0x1ee170 @ 0x647be170 0x46a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x647bbc85 system+0x1f683b @ 0x647c683b system+0x1a5e44 @ 0x64775e44 system+0x1fd8a0 @ 0x647cd8a0 system+0x1fd792 @ 0x647cd792 system+0x1a14bd @ 0x647714bd 0x7d007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4186176 registers.edi: 1990713288 registers.eax: 19464192 registers.ebp: 4186380 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5dc2bdd 0x5dc2b52 0x5dc0a6a 0x665fdc3 0x7dea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6fc21838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6fc21737 mscorlib+0x2d36ad @ 0x6eeb36ad mscorlib+0x308f2d @ 0x6eee8f2d mscorlib+0x3135ed @ 0x6eef35ed 0x7d16f3 0x7d15e6 0x7d151b 0x7d0de1 system+0x1f9799 @ 0x647c9799 system+0x1f92c8 @ 0x647c92c8 system+0x1eca74 @ 0x647bca74 system+0x1ec868 @ 0x647bc868 system+0x1f82b8 @ 0x647c82b8 system+0x1ee54d @ 0x647be54d system+0x1f70ea @ 0x647c70ea system+0x1e56c0 @ 0x647b56c0 system+0x1f8215 @ 0x647c8215 system+0x1f6f75 @ 0x647c6f75 system+0x1ee251 @ 0x647be251 system+0x1ee229 @ 0x647be229 system+0x1ee170 @ 0x647be170 0x46a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x647bbc85 system+0x1f683b @ 0x647c683b system+0x1a5e44 @ 0x64775e44 system+0x1fd8a0 @ 0x647cd8a0 system+0x1fd792 @ 0x647cd792 system+0x1a14bd @ 0x647714bd 0x7d007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6fba2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fbb264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fbb2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6fc674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6fc67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6fcf1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6fcf1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6fcf1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6fcf416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7443f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x744b7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x744b4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4186176 registers.edi: 1990713288 registers.eax: 9240576 registers.ebp: 4186380 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6322bdd 0x6322b52 0x6320a6a 0x664fdc3 0x64ea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x6416f3 0x6415e6 0x64151b 0x640de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x2ea08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x64007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4318736 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 4318940 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6322bdd 0x6322b52 0x6320a6a 0x664fdc3 0x64ea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x6416f3 0x6415e6 0x64151b 0x640de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x2ea08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x64007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4318736 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 4318940 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6322bdd 0x6322b52 0x6320a6a 0x664fdc3 0x64ea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x6416f3 0x6415e6 0x64151b 0x640de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x2ea08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x64007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4318736 registers.edi: 1990713288 registers.eax: 19464192 registers.ebp: 4318940 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6322bdd 0x6322b52 0x6320a6a 0x664fdc3 0x64ea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x6416f3 0x6415e6 0x64151b 0x640de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x2ea08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x64007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4318736 registers.edi: 1990713288 registers.eax: 1244200960 registers.ebp: 4318940 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6322bdd 0x6322b52 0x6320a6a 0x664fdc3 0x64ea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x6416f3 0x6415e6 0x64151b 0x640de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x2ea08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x64007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4318736 registers.edi: 1990713288 registers.eax: 8650752 registers.ebp: 4318940 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6322bdd 0x6322b52 0x6320a6a 0x664fdc3 0x64ea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x6416f3 0x6415e6 0x64151b 0x640de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x2ea08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x64007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4318736 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 4318940 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6322bdd 0x6322b52 0x6320a6a 0x664fdc3 0x64ea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x6416f3 0x6415e6 0x64151b 0x640de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x2ea08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x64007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4318736 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 4318940 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6322bdd 0x6322b52 0x6320a6a 0x664fdc3 0x64ea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x6416f3 0x6415e6 0x64151b 0x640de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x2ea08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x64007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4318736 registers.edi: 1990713288 registers.eax: 19464192 registers.ebp: 4318940 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6322bdd 0x6322b52 0x6320a6a 0x664fdc3 0x64ea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x6416f3 0x6415e6 0x64151b 0x640de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x2ea08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x64007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4318736 registers.edi: 1990713288 registers.eax: 1244200960 registers.ebp: 4318940 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6322bdd 0x6322b52 0x6320a6a 0x664fdc3 0x64ea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x6416f3 0x6415e6 0x64151b 0x640de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x2ea08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x64007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 4318736 registers.edi: 1990713288 registers.eax: 8650752 registers.ebp: 4318940 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6332bdd 0x6332b52 0x6330a6a 0x665fdc3 0x9dea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x9d16f3 0x9d15e6 0x9d151b 0x9d0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x57a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x9d007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 1500672 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 1500876 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6332bdd 0x6332b52 0x6330a6a 0x665fdc3 0x9dea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x9d16f3 0x9d15e6 0x9d151b 0x9d0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x57a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x9d007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 1500672 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 1500876 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6332bdd 0x6332b52 0x6330a6a 0x665fdc3 0x9dea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x9d16f3 0x9d15e6 0x9d151b 0x9d0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x57a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x9d007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 1500672 registers.edi: 1990713288 registers.eax: 19464192 registers.ebp: 1500876 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6332bdd 0x6332b52 0x6330a6a 0x665fdc3 0x9dea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x9d16f3 0x9d15e6 0x9d151b 0x9d0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x57a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x9d007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 1500672 registers.edi: 1990713288 registers.eax: 1243086848 registers.ebp: 1500876 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x6332bdd 0x6332b52 0x6330a6a 0x665fdc3 0x9dea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x9d16f3 0x9d15e6 0x9d151b 0x9d0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x57a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x9d007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x743ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74467f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74464de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 1500672 registers.edi: 1990713288 registers.eax: 16908288 registers.ebp: 1500876 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:54 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5e22bdd 0x5e22b52 0x5e20a6a 0x664fdc3 0x8eea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x8e16f3 0x8e15e6 0x8e151b 0x8e0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x53a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x8e007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x737ff5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74437f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74434de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 2024576 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 2024780 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:54 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5e22bdd 0x5e22b52 0x5e20a6a 0x664fdc3 0x8eea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x8e16f3 0x8e15e6 0x8e151b 0x8e0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x53a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x8e007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x737ff5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74437f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74434de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 2024576 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 2024780 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:54 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5e22bdd 0x5e22b52 0x5e20a6a 0x664fdc3 0x8eea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x8e16f3 0x8e15e6 0x8e151b 0x8e0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x53a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x8e007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x737ff5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74437f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74434de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 2024576 registers.edi: 1990713288 registers.eax: 19464192 registers.ebp: 2024780 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:54 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5e22bdd 0x5e22b52 0x5e20a6a 0x664fdc3 0x8eea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x8e16f3 0x8e15e6 0x8e151b 0x8e0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x53a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x8e007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x737ff5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74437f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74434de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 2024576 registers.edi: 1990713288 registers.eax: 1250492416 registers.ebp: 2024780 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:54 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5e22bdd 0x5e22b52 0x5e20a6a 0x664fdc3 0x8eea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x8e16f3 0x8e15e6 0x8e151b 0x8e0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x53a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x8e007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x737ff5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74437f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74434de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 2024576 registers.edi: 1990713288 registers.eax: 14942208 registers.ebp: 2024780 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:54 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5e22bdd 0x5e22b52 0x5e20a6a 0x664fdc3 0x8eea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x8e16f3 0x8e15e6 0x8e151b 0x8e0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x53a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x8e007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x737ff5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74437f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74434de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 2024576 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 2024780 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:54 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5e22bdd 0x5e22b52 0x5e20a6a 0x664fdc3 0x8eea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x8e16f3 0x8e15e6 0x8e151b 0x8e0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x53a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x8e007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x737ff5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74437f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74434de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 2024576 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 2024780 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:54 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5e22bdd 0x5e22b52 0x5e20a6a 0x664fdc3 0x8eea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x8e16f3 0x8e15e6 0x8e151b 0x8e0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x53a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x8e007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x737ff5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74437f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74434de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 2024576 registers.edi: 1990713288 registers.eax: 19464192 registers.ebp: 2024780 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:54 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5e22bdd 0x5e22b52 0x5e20a6a 0x664fdc3 0x8eea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x8e16f3 0x8e15e6 0x8e151b 0x8e0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x53a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x8e007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x737ff5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74437f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74434de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 2024576 registers.edi: 1990713288 registers.eax: 1250492416 registers.ebp: 2024780 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 7, 2021, 10:54 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x5e22bdd 0x5e22b52 0x5e20a6a 0x664fdc3 0x8eea41 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x6f581838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x6f581737 mscorlib+0x2d36ad @ 0x64e836ad mscorlib+0x308f2d @ 0x64eb8f2d mscorlib+0x3135ed @ 0x64ec35ed 0x8e16f3 0x8e15e6 0x8e151b 0x8e0de1 system+0x1f9799 @ 0x64189799 system+0x1f92c8 @ 0x641892c8 system+0x1eca74 @ 0x6417ca74 system+0x1ec868 @ 0x6417c868 system+0x1f82b8 @ 0x641882b8 system+0x1ee54d @ 0x6417e54d system+0x1f70ea @ 0x641870ea system+0x1e56c0 @ 0x641756c0 system+0x1f8215 @ 0x64188215 system+0x1f6f75 @ 0x64186f75 system+0x1ee251 @ 0x6417e251 system+0x1ee229 @ 0x6417e229 system+0x1ee170 @ 0x6417e170 0x53a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6417bc85 system+0x1f683b @ 0x6418683b system+0x1a5e44 @ 0x64135e44 system+0x1fd8a0 @ 0x6418d8a0 system+0x1fd792 @ 0x6418d792 system+0x1a14bd @ 0x641314bd 0x8e007a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x6f502652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6f51264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6f512e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6f5c74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6f5c7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6f651dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6f651e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6f651f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6f65416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x737ff5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74437f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74434de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 2024576 registers.edi: 1990713288 registers.eax: 14942208 registers.ebp: 2024780 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 214 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 1114112 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00660000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00730000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6fba1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6fba2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 1966080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02080000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02220000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00452000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00485000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00487000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00477000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:52 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00476000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007d1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0045c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0228f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02280000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00731000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 69632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00735000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 28672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007d2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007d9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007da000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007db000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007df000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06340000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06341000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06342000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06343000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06344000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06650000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 49152 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06651000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0665d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0665e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0665f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02281000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05dc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05dc1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05dc2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4564 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05dc3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4408 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73772000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 6696 region_size: 262144 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00230000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1

Creates executable files on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\install.vbs

Creates a suspicious process (1 event)

cmdline

"C:\Windows\System32\cmd.exe" /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"

Drops a binary and executes it (1 event)

file	C:\Users\test22\AppData\Local\Temp\install.vbs

A process created a hidden window (8 events)

Time & API	Arguments	Status	Return
ShellExecuteExW July 7, 2021, 10:53 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\install.vbs parameters: filepath: C:\Users\test22\AppData\Local\Temp\install.vbs	1	1
ShellExecuteExW July 7, 2021, 10:53 a.m.	show_type: 0 filepath_r: cmd parameters: /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe" filepath: cmd	1	1
ShellExecuteExW July 7, 2021, 10:53 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\install.vbs parameters: filepath: C:\Users\test22\AppData\Local\Temp\install.vbs	1	1
ShellExecuteExW July 7, 2021, 10:53 a.m.	show_type: 0 filepath_r: cmd parameters: /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe" filepath: cmd	1	1
ShellExecuteExW July 7, 2021, 10:53 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\install.vbs parameters: filepath: C:\Users\test22\AppData\Local\Temp\install.vbs	1	1
ShellExecuteExW July 7, 2021, 10:53 a.m.	show_type: 0 filepath_r: cmd parameters: /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe" filepath: cmd	1	1
ShellExecuteExW July 7, 2021, 10:54 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\install.vbs parameters: filepath: C:\Users\test22\AppData\Local\Temp\install.vbs	1	1
ShellExecuteExW July 7, 2021, 10:54 a.m.	show_type: 0 filepath_r: cmd parameters: /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe" filepath: cmd	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00072800', u'virtual_address': u'0x00002000', u'entropy': 7.989497833131233, u'name': u'.text', u'virtual_size': u'0x000727f4'}

entropy

7.98949783313

description

A section with a high entropy has been found

entropy

0.869895536562

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (4 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW July 7, 2021, 10:53 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 7, 2021, 10:53 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 7, 2021, 10:53 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 7, 2021, 10:54 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Yara rule detected in process memory (50 out of 76 events)

description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Create a windows service	rule	Create_Service
description	Record Audio	rule	Sniff_Audio
description	Escalate priviledges	rule	Escalate_priviledges
description	Run a KeyLogger	rule	KeyLogger
description	Win.Trojan.agentTesla	rule	Win_Trojan_agentTesla_Zero
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	Google Chrome User Data Check	rule	Chrome_User_Data_Check_Zero
description	browser info stealer	rule	infoStealer_browser_Zero
description	File Downloader	rule	Network_Downloader
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook
description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Create a windows service	rule	Create_Service
description	Record Audio	rule	Sniff_Audio
description	Escalate priviledges	rule	Escalate_priviledges
description	Run a KeyLogger	rule	KeyLogger
description	Win.Trojan.agentTesla	rule	Win_Trojan_agentTesla_Zero
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	Google Chrome User Data Check	rule	Chrome_User_Data_Check_Zero
description	browser info stealer	rule	infoStealer_browser_Zero
description	File Downloader	rule	Network_Downloader
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook
description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Create a windows service	rule	Create_Service
description	Record Audio	rule	Sniff_Audio
description	Escalate priviledges	rule	Escalate_priviledges
description	Run a KeyLogger	rule	KeyLogger
description	Win.Trojan.agentTesla	rule	Win_Trojan_agentTesla_Zero
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	Google Chrome User Data Check	rule	Chrome_User_Data_Check_Zero
description	browser info stealer	rule	infoStealer_browser_Zero
description	File Downloader	rule	Network_Downloader
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo

Terminates another process (6 events)

Time & API	Arguments	Status
NtTerminateProcess July 7, 2021, 10:53 a.m.	status_code: 0xffffffff process_identifier: 8948 process_handle: 0x00000360
NtTerminateProcess July 7, 2021, 10:53 a.m.	status_code: 0xffffffff process_identifier: 8948 process_handle: 0x00000360	1
NtTerminateProcess July 7, 2021, 10:53 a.m.	status_code: 0xffffffff process_identifier: 2648 process_handle: 0x00000350
NtTerminateProcess July 7, 2021, 10:53 a.m.	status_code: 0xffffffff process_identifier: 2648 process_handle: 0x00000350	1
NtTerminateProcess July 7, 2021, 10:54 a.m.	status_code: 0xffffffff process_identifier: 3596 process_handle: 0x00000334
NtTerminateProcess July 7, 2021, 10:54 a.m.	status_code: 0xffffffff process_identifier: 3596 process_handle: 0x00000334	1

Communicates with host for which no DNS query was performed (1 event)

host

172.217.25.14

Allocates execute permission to another process indicative of possible code injection (7 events)

Time & API	Arguments	Status	Return
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 8948 region_size: 495616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000350		3221225496
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 2228 region_size: 495616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000368	1	0
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 2648 region_size: 495616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000358		3221225496
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 4764 region_size: 495616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000354	1	0
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 884 region_size: 495616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000368	1	0
NtAllocateVirtualMemory July 7, 2021, 10:54 a.m.	process_identifier: 3596 region_size: 495616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000033c		3221225496
NtAllocateVirtualMemory July 7, 2021, 10:54 a.m.	process_identifier: 6368 region_size: 495616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000338	1	0

Installs itself for autorun at Windows startup (4 events)

reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Remcos	reg_value	"C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Remcos	reg_value	"C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Remcos	reg_value	"C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
reg_key	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Remcos	reg_value	"C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"

Deletes executed files from disk (1 event)

file	C:\Users\test22\AppData\Local\Temp\install.vbs

Manipulates memory of a non-child process indicative of process injection (6 events)

Time & API	Arguments	Return	Repeated
Process injection	Process 4564 manipulating memory of non-child process 8948
Process injection	Process 6696 manipulating memory of non-child process 2648
Process injection	Process 6188 manipulating memory of non-child process 3596
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 8948 region_size: 495616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000350	3221225496	0
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 2648 region_size: 495616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000358	3221225496	0
NtAllocateVirtualMemory July 7, 2021, 10:54 a.m.	process_identifier: 3596 region_size: 495616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000033c	3221225496	0

Potential code injection by writing to the memory of another process (20 events)

Time & API	Arguments	Status	Return
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $IýÓÁ(Á(Á(u´bÓ(u´`a(u´aß(Ã(À(_TÃ(úvÛ(úvû(úvã(ÈPÒ(Á(Ý)Vv(SvlÀ(VvÀ(RichÁ(PELvDË`à uð0@ØÜÔKP,8ðk8l(l@0l.textÌ `.rdata"o0p@@.dataD= @À.tls à@À.gfids0ð@@.rsrcÔKL@@.reloc,8P:æ@B base_address: 0x00400000 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: ÿÿÿÿ±¿DNæ@»ÿÿÿÿ Copyright (c) by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.ÿÿÿÿ ¤tE¨wE¢tE..¡FL¶FL¶FL¶FL¶FL¶FL¶FL¶FL¶FL¶F¡FP¶FP¶FP¶FP¶FP¶FP¶FP¶F¡Fÿÿÿÿ¨wE¨¢F¨¢F¨¢F¨¢F¨¢F¡F(zE¨{EEè¡F§FCPSTPDT°¢Fð¢Fÿÿÿÿÿÿÿÿÿÿÿÿ ¤`y!¦ß¡¥àü@~ü¨Á£Ú£ þ@þµÁ£Ú£ þAþ¶Ï¢ä¢å¢è¢[þ@~¡þQQÚ^Ú _ÚjÚ2ÓØÞàù1~þ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ§Fþÿÿÿþÿÿÿu0Ï!tåa¾e¸Â¢z»^ âÈ¨3$6E.?AVtype_info@@$6E.?AVbad_alloc@std@@$6E.?AVbad_array_new_length@std@@$6E.?AVlogic_error@std@@$6E.?AVlength_error@std@@$6E.?AVout_of_range@std@@$6E.?AV_Facet_base@std@@$6E.?AV_Locimp@locale@std@@$6E.?AVfacet@locale@std@@$6E.?AU_Crt_new_delete@std@@$6E.?AVcodecvt_base@std@@$6E.?AUctype_base@std@@$6E.?AV?$ctype@D@std@@$6E.?AV?$codecvt@DDU_Mbstatet@@@std@@$6E.?AVbad_exception@std@@$6E.H$6E.?AVfailure@ios_base@std@@$6E.?AVruntime_error@std@@$6E.?AVsystem_error@std@@$6E.?AVbad_cast@std@@$6E.?AV_System_error@std@@$6E.?AVexception@std@@ base_address: 0x0046a000 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: base_address: 0x0046e000 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: ZÀ?Àd?´ÄÎÄd?Åd?^d?:a!2!§ { Åi}iÝ-Ýd?d?ÌÖÄ¢Ä~Ux0t<â,á,á]Íb¥cU'Ë¼¦óC×î®*Æ,ú b Er4NPNWN]TUZ[ äøää äö_^îØØäüûüû í9<8;ú` ¢§µ¶³´±²¯°¸ Y base_address: 0x0046f000 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $IýÓÁ(Á(Á(u´bÓ(u´`a(u´aß(Ã(À(_TÃ(úvÛ(úvû(úvã(ÈPÒ(Á(Ý)Vv(SvlÀ(VvÀ(RichÁ(PELvDË`à uð0@ØÜÔKP,8ðk8l(l@0l.textÌ `.rdata"o0p@@.dataD= @À.tls à@À.gfids0ð@@.rsrcÔKL@@.reloc,8P:æ@B base_address: 0x00400000 process_identifier: 4764 process_handle: 0x00000354	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: ÿÿÿÿ±¿DNæ@»ÿÿÿÿ Copyright (c) by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.ÿÿÿÿ ¤tE¨wE¢tE..¡FL¶FL¶FL¶FL¶FL¶FL¶FL¶FL¶FL¶F¡FP¶FP¶FP¶FP¶FP¶FP¶FP¶F¡Fÿÿÿÿ¨wE¨¢F¨¢F¨¢F¨¢F¨¢F¡F(zE¨{EEè¡F§FCPSTPDT°¢Fð¢Fÿÿÿÿÿÿÿÿÿÿÿÿ ¤`y!¦ß¡¥àü@~ü¨Á£Ú£ þ@þµÁ£Ú£ þAþ¶Ï¢ä¢å¢è¢[þ@~¡þQQÚ^Ú _ÚjÚ2ÓØÞàù1~þ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ§Fþÿÿÿþÿÿÿu0Ï!tåa¾e¸Â¢z»^ âÈ¨3$6E.?AVtype_info@@$6E.?AVbad_alloc@std@@$6E.?AVbad_array_new_length@std@@$6E.?AVlogic_error@std@@$6E.?AVlength_error@std@@$6E.?AVout_of_range@std@@$6E.?AV_Facet_base@std@@$6E.?AV_Locimp@locale@std@@$6E.?AVfacet@locale@std@@$6E.?AU_Crt_new_delete@std@@$6E.?AVcodecvt_base@std@@$6E.?AUctype_base@std@@$6E.?AV?$ctype@D@std@@$6E.?AV?$codecvt@DDU_Mbstatet@@@std@@$6E.?AVbad_exception@std@@$6E.H$6E.?AVfailure@ios_base@std@@$6E.?AVruntime_error@std@@$6E.?AVsystem_error@std@@$6E.?AVbad_cast@std@@$6E.?AV_System_error@std@@$6E.?AVexception@std@@ base_address: 0x0046a000 process_identifier: 4764 process_handle: 0x00000354	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: base_address: 0x0046e000 process_identifier: 4764 process_handle: 0x00000354	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: ZÀ?Àd?´ÄÎÄd?Åd?^d?:a!2!§ { Åi}iÝ-Ýd?d?ÌÖÄ¢Ä~Ux0t<â,á,á]Íb¥cU'Ë¼¦óC×î®*Æ,ú b Er4NPNWN]TUZ[ äøää äö_^îØØäüûüû í9<8;ú` ¢§µ¶³´±²¯°¸ Y base_address: 0x0046f000 process_identifier: 4764 process_handle: 0x00000354	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 4764 process_handle: 0x00000354	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $IýÓÁ(Á(Á(u´bÓ(u´`a(u´aß(Ã(À(_TÃ(úvÛ(úvû(úvã(ÈPÒ(Á(Ý)Vv(SvlÀ(VvÀ(RichÁ(PELvDË`à uð0@ØÜÔKP,8ðk8l(l@0l.textÌ `.rdata"o0p@@.dataD= @À.tls à@À.gfids0ð@@.rsrcÔKL@@.reloc,8P:æ@B base_address: 0x00400000 process_identifier: 884 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: ÿÿÿÿ±¿DNæ@»ÿÿÿÿ Copyright (c) by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.ÿÿÿÿ ¤tE¨wE¢tE..¡FL¶FL¶FL¶FL¶FL¶FL¶FL¶FL¶FL¶F¡FP¶FP¶FP¶FP¶FP¶FP¶FP¶F¡Fÿÿÿÿ¨wE¨¢F¨¢F¨¢F¨¢F¨¢F¡F(zE¨{EEè¡F§FCPSTPDT°¢Fð¢Fÿÿÿÿÿÿÿÿÿÿÿÿ ¤`y!¦ß¡¥àü@~ü¨Á£Ú£ þ@þµÁ£Ú£ þAþ¶Ï¢ä¢å¢è¢[þ@~¡þQQÚ^Ú _ÚjÚ2ÓØÞàù1~þ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ§Fþÿÿÿþÿÿÿu0Ï!tåa¾e¸Â¢z»^ âÈ¨3$6E.?AVtype_info@@$6E.?AVbad_alloc@std@@$6E.?AVbad_array_new_length@std@@$6E.?AVlogic_error@std@@$6E.?AVlength_error@std@@$6E.?AVout_of_range@std@@$6E.?AV_Facet_base@std@@$6E.?AV_Locimp@locale@std@@$6E.?AVfacet@locale@std@@$6E.?AU_Crt_new_delete@std@@$6E.?AVcodecvt_base@std@@$6E.?AUctype_base@std@@$6E.?AV?$ctype@D@std@@$6E.?AV?$codecvt@DDU_Mbstatet@@@std@@$6E.?AVbad_exception@std@@$6E.H$6E.?AVfailure@ios_base@std@@$6E.?AVruntime_error@std@@$6E.?AVsystem_error@std@@$6E.?AVbad_cast@std@@$6E.?AV_System_error@std@@$6E.?AVexception@std@@ base_address: 0x0046a000 process_identifier: 884 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: base_address: 0x0046e000 process_identifier: 884 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: ZÀ?Àd?´ÄÎÄd?Åd?^d?:a!2!§ { Åi}iÝ-Ýd?d?ÌÖÄ¢Ä~Ux0t<â,á,á]Íb¥cU'Ë¼¦óC×î®*Æ,ú b Er4NPNWN]TUZ[ äøää äö_^îØØäüûüû í9<8;ú` ¢§µ¶³´±²¯°¸ Y base_address: 0x0046f000 process_identifier: 884 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 884 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:54 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $IýÓÁ(Á(Á(u´bÓ(u´`a(u´aß(Ã(À(_TÃ(úvÛ(úvû(úvã(ÈPÒ(Á(Ý)Vv(SvlÀ(VvÀ(RichÁ(PELvDË`à uð0@ØÜÔKP,8ðk8l(l@0l.textÌ `.rdata"o0p@@.dataD= @À.tls à@À.gfids0ð@@.rsrcÔKL@@.reloc,8P:æ@B base_address: 0x00400000 process_identifier: 6368 process_handle: 0x00000338	1	1
WriteProcessMemory July 7, 2021, 10:54 a.m.	buffer: ÿÿÿÿ±¿DNæ@»ÿÿÿÿ Copyright (c) by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.ÿÿÿÿ ¤tE¨wE¢tE..¡FL¶FL¶FL¶FL¶FL¶FL¶FL¶FL¶FL¶F¡FP¶FP¶FP¶FP¶FP¶FP¶FP¶F¡Fÿÿÿÿ¨wE¨¢F¨¢F¨¢F¨¢F¨¢F¡F(zE¨{EEè¡F§FCPSTPDT°¢Fð¢Fÿÿÿÿÿÿÿÿÿÿÿÿ ¤`y!¦ß¡¥àü@~ü¨Á£Ú£ þ@þµÁ£Ú£ þAþ¶Ï¢ä¢å¢è¢[þ@~¡þQQÚ^Ú _ÚjÚ2ÓØÞàù1~þ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ§Fþÿÿÿþÿÿÿu0Ï!tåa¾e¸Â¢z»^ âÈ¨3$6E.?AVtype_info@@$6E.?AVbad_alloc@std@@$6E.?AVbad_array_new_length@std@@$6E.?AVlogic_error@std@@$6E.?AVlength_error@std@@$6E.?AVout_of_range@std@@$6E.?AV_Facet_base@std@@$6E.?AV_Locimp@locale@std@@$6E.?AVfacet@locale@std@@$6E.?AU_Crt_new_delete@std@@$6E.?AVcodecvt_base@std@@$6E.?AUctype_base@std@@$6E.?AV?$ctype@D@std@@$6E.?AV?$codecvt@DDU_Mbstatet@@@std@@$6E.?AVbad_exception@std@@$6E.H$6E.?AVfailure@ios_base@std@@$6E.?AVruntime_error@std@@$6E.?AVsystem_error@std@@$6E.?AVbad_cast@std@@$6E.?AV_System_error@std@@$6E.?AVexception@std@@ base_address: 0x0046a000 process_identifier: 6368 process_handle: 0x00000338	1	1
WriteProcessMemory July 7, 2021, 10:54 a.m.	buffer: base_address: 0x0046e000 process_identifier: 6368 process_handle: 0x00000338	1	1
WriteProcessMemory July 7, 2021, 10:54 a.m.	buffer: ZÀ?Àd?´ÄÎÄd?Åd?^d?:a!2!§ { Åi}iÝ-Ýd?d?ÌÖÄ¢Ä~Ux0t<â,á,á]Íb¥cU'Ë¼¦óC×î®*Æ,ú b Er4NPNWN]TUZ[ äøää äö_^îØØäüûüû í9<8;ú` ¢§µ¶³´±²¯°¸ Y base_address: 0x0046f000 process_identifier: 6368 process_handle: 0x00000338	1	1
WriteProcessMemory July 7, 2021, 10:54 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 6368 process_handle: 0x00000338	1	1

Code injection by writing an executable or DLL to the memory of another process (4 events)

Time & API	Arguments	Status	Return
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $IýÓÁ(Á(Á(u´bÓ(u´`a(u´aß(Ã(À(_TÃ(úvÛ(úvû(úvã(ÈPÒ(Á(Ý)Vv(SvlÀ(VvÀ(RichÁ(PELvDË`à uð0@ØÜÔKP,8ðk8l(l@0l.textÌ `.rdata"o0p@@.dataD= @À.tls à@À.gfids0ð@@.rsrcÔKL@@.reloc,8P:æ@B base_address: 0x00400000 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $IýÓÁ(Á(Á(u´bÓ(u´`a(u´aß(Ã(À(_TÃ(úvÛ(úvû(úvã(ÈPÒ(Á(Ý)Vv(SvlÀ(VvÀ(RichÁ(PELvDË`à uð0@ØÜÔKP,8ðk8l(l@0l.textÌ `.rdata"o0p@@.dataD= @À.tls à@À.gfids0ð@@.rsrcÔKL@@.reloc,8P:æ@B base_address: 0x00400000 process_identifier: 4764 process_handle: 0x00000354	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $IýÓÁ(Á(Á(u´bÓ(u´`a(u´aß(Ã(À(_TÃ(úvÛ(úvû(úvã(ÈPÒ(Á(Ý)Vv(SvlÀ(VvÀ(RichÁ(PELvDË`à uð0@ØÜÔKP,8ðk8l(l@0l.textÌ `.rdata"o0p@@.dataD= @À.tls à@À.gfids0ð@@.rsrcÔKL@@.reloc,8P:æ@B base_address: 0x00400000 process_identifier: 884 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:54 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $IýÓÁ(Á(Á(u´bÓ(u´`a(u´aß(Ã(À(_TÃ(úvÛ(úvû(úvã(ÈPÒ(Á(Ý)Vv(SvlÀ(VvÀ(RichÁ(PELvDË`à uð0@ØÜÔKP,8ðk8l(l@0l.textÌ `.rdata"o0p@@.dataD= @À.tls à@À.gfids0ð@@.rsrcÔKL@@.reloc,8P:æ@B base_address: 0x00400000 process_identifier: 6368 process_handle: 0x00000338	1	1

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (8 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 4564 called NtSetContextThread to modify thread in remote process 2228
Process injection	Process 6696 called NtSetContextThread to modify thread in remote process 4764
Process injection	Process 4804 called NtSetContextThread to modify thread in remote process 884
Process injection	Process 6188 called NtSetContextThread to modify thread in remote process 6368
NtSetContextThread July 7, 2021, 10:53 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4386933 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000360 process_identifier: 2228	1	0	0
NtSetContextThread July 7, 2021, 10:53 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4386933 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000350 process_identifier: 4764	1	0	0
NtSetContextThread July 7, 2021, 10:53 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4386933 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x0000033c process_identifier: 884	1	0	0
NtSetContextThread July 7, 2021, 10:54 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4386933 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000334 process_identifier: 6368	1	0	0

One or more non-whitelisted processes were created (8 events)

parent_process	wscript.exe	martian_process	cmd /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
parent_process	wscript.exe	martian_process	"C:\Windows\System32\cmd.exe" /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
parent_process	wscript.exe	martian_process	cmd /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
parent_process	wscript.exe	martian_process	"C:\Windows\System32\cmd.exe" /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
parent_process	wscript.exe	martian_process	cmd /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
parent_process	wscript.exe	martian_process	"C:\Windows\System32\cmd.exe" /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
parent_process	wscript.exe	martian_process	cmd /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"
parent_process	wscript.exe	martian_process	"C:\Windows\System32\cmd.exe" /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe"

Resumed a suspended thread in a remote process potentially indicative of process injection (8 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 4564 resumed a thread in remote process 2228
Process injection	Process 6696 resumed a thread in remote process 4764
Process injection	Process 4804 resumed a thread in remote process 884
Process injection	Process 6188 resumed a thread in remote process 6368
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000360 suspend_count: 1 process_identifier: 2228	1	0	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000350 suspend_count: 1 process_identifier: 4764	1	0	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x0000033c suspend_count: 1 process_identifier: 884	1	0	0
NtResumeThread July 7, 2021, 10:54 a.m.	thread_handle: 0x00000334 suspend_count: 1 process_identifier: 6368	1	0	0

Executed a process and injected code into it, probably while unpacking (50 out of 143 events)

Time & API	Arguments	Status	Return
NtResumeThread July 7, 2021, 10:52 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 4564	1	0
NtResumeThread July 7, 2021, 10:52 a.m.	thread_handle: 0x00000150 suspend_count: 1 process_identifier: 4564	1	0
NtResumeThread July 7, 2021, 10:52 a.m.	thread_handle: 0x00000198 suspend_count: 1 process_identifier: 4564	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000260 suspend_count: 1 process_identifier: 4564	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000278 suspend_count: 1 process_identifier: 4564	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000290 suspend_count: 1 process_identifier: 4564	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x000002bc suspend_count: 1 process_identifier: 4564	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x000002d4 suspend_count: 1 process_identifier: 4564	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x000002ec suspend_count: 1 process_identifier: 4564	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000304 suspend_count: 1 process_identifier: 4564	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x0000031c suspend_count: 1 process_identifier: 4564	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000334 suspend_count: 1 process_identifier: 4564	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x0000034c suspend_count: 1 process_identifier: 4564	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000364 suspend_count: 1 process_identifier: 4564	1	0
CreateProcessInternalW July 7, 2021, 10:53 a.m.	thread_identifier: 4960 thread_handle: 0x00000338 process_identifier: 8948 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\microa.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000350	1	1
NtGetContextThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000338	1	0
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 8948 region_size: 495616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000350		3221225496
CreateProcessInternalW July 7, 2021, 10:53 a.m.	thread_identifier: 1160 thread_handle: 0x00000360 process_identifier: 2228 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\microa.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000368	1	1
NtGetContextThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000360	1	0
NtAllocateVirtualMemory July 7, 2021, 10:53 a.m.	process_identifier: 2228 region_size: 495616 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000368	1	0
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $IýÓÁ(Á(Á(u´bÓ(u´`a(u´aß(Ã(À(_TÃ(úvÛ(úvû(úvã(ÈPÒ(Á(Ý)Vv(SvlÀ(VvÀ(RichÁ(PELvDË`à uð0@ØÜÔKP,8ðk8l(l@0l.textÌ `.rdata"o0p@@.dataD= @À.tls à@À.gfids0ð@@.rsrcÔKL@@.reloc,8P:æ@B base_address: 0x00400000 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: base_address: 0x00401000 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: base_address: 0x00453000 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: ÿÿÿÿ±¿DNæ@»ÿÿÿÿ Copyright (c) by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.ÿÿÿÿ ¤tE¨wE¢tE..¡FL¶FL¶FL¶FL¶FL¶FL¶FL¶FL¶FL¶F¡FP¶FP¶FP¶FP¶FP¶FP¶FP¶F¡Fÿÿÿÿ¨wE¨¢F¨¢F¨¢F¨¢F¨¢F¡F(zE¨{EEè¡F§FCPSTPDT°¢Fð¢Fÿÿÿÿÿÿÿÿÿÿÿÿ ¤`y!¦ß¡¥àü@~ü¨Á£Ú£ þ@þµÁ£Ú£ þAþ¶Ï¢ä¢å¢è¢[þ@~¡þQQÚ^Ú _ÚjÚ2ÓØÞàù1~þ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ§Fþÿÿÿþÿÿÿu0Ï!tåa¾e¸Â¢z»^ âÈ¨3$6E.?AVtype_info@@$6E.?AVbad_alloc@std@@$6E.?AVbad_array_new_length@std@@$6E.?AVlogic_error@std@@$6E.?AVlength_error@std@@$6E.?AVout_of_range@std@@$6E.?AV_Facet_base@std@@$6E.?AV_Locimp@locale@std@@$6E.?AVfacet@locale@std@@$6E.?AU_Crt_new_delete@std@@$6E.?AVcodecvt_base@std@@$6E.?AUctype_base@std@@$6E.?AV?$ctype@D@std@@$6E.?AV?$codecvt@DDU_Mbstatet@@@std@@$6E.?AVbad_exception@std@@$6E.H$6E.?AVfailure@ios_base@std@@$6E.?AVruntime_error@std@@$6E.?AVsystem_error@std@@$6E.?AVbad_cast@std@@$6E.?AV_System_error@std@@$6E.?AVexception@std@@ base_address: 0x0046a000 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: base_address: 0x0046e000 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: ZÀ?Àd?´ÄÎÄd?Åd?^d?:a!2!§ { Åi}iÝ-Ýd?d?ÌÖÄ¢Ä~Ux0t<â,á,á]Íb¥cU'Ë¼¦óC×î®*Æ,ú b Er4NPNWN]TUZ[ äøää äö_^îØØäüûüû í9<8;ú` ¢§µ¶³´±²¯°¸ Y base_address: 0x0046f000 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: base_address: 0x00470000 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: base_address: 0x00475000 process_identifier: 2228 process_handle: 0x00000368	1	1
WriteProcessMemory July 7, 2021, 10:53 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2228 process_handle: 0x00000368	1	1
NtSetContextThread July 7, 2021, 10:53 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4386933 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000360 process_identifier: 2228	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000360 suspend_count: 1 process_identifier: 2228	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000278 suspend_count: 1 process_identifier: 2228	1	0
CreateProcessInternalW July 7, 2021, 10:53 a.m.	thread_identifier: 2120 thread_handle: 0x00000290 process_identifier: 4408 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\wscript.exe track: 1 command_line: "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\install.vbs" filepath_r: C:\Windows\System32\WScript.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x00000284	1	1
CreateProcessInternalW July 7, 2021, 10:53 a.m.	thread_identifier: 668 thread_handle: 0x000002ec process_identifier: 4848 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\cmd.exe track: 1 command_line: "C:\Windows\System32\cmd.exe" /c "C:\Users\test22\AppData\Roaming\Remcos\remcos.exe" filepath_r: C:\Windows\System32\cmd.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000002f4	1	1
CreateProcessInternalW July 7, 2021, 10:53 a.m.	thread_identifier: 3916 thread_handle: 0x00000084 process_identifier: 6696 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Roaming\Remcos\remcos.exe track: 1 command_line: C:\Users\test22\AppData\Roaming\Remcos\remcos.exe filepath_r: C:\Users\test22\AppData\Roaming\Remcos\remcos.exe stack_pivoted: 0 creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 1 process_handle: 0x00000088	1	1
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 6696	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x0000014c suspend_count: 1 process_identifier: 6696	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x000001bc suspend_count: 1 process_identifier: 6696	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000258 suspend_count: 1 process_identifier: 6696	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000270 suspend_count: 1 process_identifier: 6696	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x0000028c suspend_count: 1 process_identifier: 6696	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x000002b8 suspend_count: 1 process_identifier: 6696	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x000002d0 suspend_count: 1 process_identifier: 6696	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x000002e8 suspend_count: 1 process_identifier: 6696	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000300 suspend_count: 1 process_identifier: 6696	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000318 suspend_count: 1 process_identifier: 6696	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000330 suspend_count: 1 process_identifier: 6696	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000348 suspend_count: 1 process_identifier: 6696	1	0
NtResumeThread July 7, 2021, 10:53 a.m.	thread_handle: 0x00000360 suspend_count: 1 process_identifier: 6696	1	0
CreateProcessInternalW July 7, 2021, 10:53 a.m.	thread_identifier: 3968 thread_handle: 0x0000035c process_identifier: 2648 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\remcos.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000358	1	1

File has been identified by 30 AntiVirus engines on VirusTotal as malicious (30 events)

FireEye	Generic.mg.db6d1eadf3bfc69a
McAfee	RDN/Generic.cf
Cylance	Unsafe
Sangfor	Trojan.Win32.Save.a
Cybereason	malicious.3257e1
Cyren	W32/MSIL_Dropper.A.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/GenKryptik.FHGZ
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:DangerousObject.Multi.Generic
Avast	Win32:TrojanX-gen [Trj]
Tencent	Win32.Backdoor.Remcos.Auto
TrendMicro	TROJ_GEN.R002C0DG621
McAfee-GW-Edition	BehavesLike.Win32.Generic.hc
Sophos	Mal/Generic-S
Ikarus	Trojan.Inject
Kingsoft	Win32.Troj.Generic_a.a.(kcloud)
Microsoft	Trojan:MSIL/AgentTesla.CJ!MTB
GData	Win32.Backdoor.Remcos.Q80AMR
Cynet	Malicious (score: 100)
BitDefenderTheta	Gen:NN.ZemsilF.34790.Gm0@audK2gi
Malwarebytes	Malware.AI.50156795
TrendMicro-HouseCall	TROJ_GEN.R002C0DG621
SentinelOne	Static AI - Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	MSIL/Kryptik.ABUB!tr
AVG	Win32:TrojanX-gen [Trj]
CrowdStrike	win/malicious_confidence_90% (W)
Qihoo-360	Win32/Trojan.Generic.HgIASX4A

The process wscript.exe wrote an executable file to disk which it then attempted to execute (2 events)

file	C:\Windows\SysWOW64\wscript.exe
file	C:\Windows\System32\cmd.exe

microa.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All