Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 22, 2021, 10:56 a.m.	July 22, 2021, 11 a.m.

Size	767.4KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`0ddeb0b17f45b044ca999164550dd25c`
SHA256	`3be492c34e92a83547b0d1656e21f2d8aed8f7448fcb9f720b401c9daa26fc61`
CRC32	`5EBEA76F`
ssdeep	`12288:t+vFWssZm5qy2FRbaX/2RSckcyeFtDBn/QlSrZiLIB/+ndJqu4mEMBYK7oE9afAo:kULRbkmScketDy4BBmdJimEVsTQA7TQ`
Yara	IsPE32 - (no description) Generic_Malware_Zero - Generic Malware anti_vm_detect - Possibly employs anti-virtualization techniques Is_DotNET_EXE - (no description) UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature NPKI_Zero - File included NPKI

csrss.exe "C:\Users\test22\AppData\Local\Temp\csrss.exe"
2072

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 22, 2021, 10:56 a.m.			0	0
IsDebuggerPresent July 22, 2021, 10:56 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (3 events)

Time & API	Arguments	Status	Return
CryptExportKey July 22, 2021, 10:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007f6730 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 22, 2021, 10:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007f65f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 22, 2021, 10:56 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007f65f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 22, 2021, 10:56 a.m.		1	1	0

One or more processes crashed (16 events)

Time & API	Arguments	Status
__exception__ July 22, 2021, 10:56 a.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x73c21194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x73af2ba1 mscorlib+0x32d2b1 @ 0x7222d2b1 mscorlib+0x32d233 @ 0x7222d233 mscorlib+0x32d12a @ 0x7222d12a 0x641db8 0x641c84 mscorlib+0x2d5861 @ 0x721d5861 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x357ee CorDllMainForThunk-0x56d0d clr+0xfa867 @ 0x73b6a867 DllGetClassObjectInternal+0x358c6 CorDllMainForThunk-0x56c35 clr+0xfa93f @ 0x73b6a93f PreBindAssemblyEx+0x107ff StrongNameSignatureVerification-0x174c clr+0x18836a @ 0x73bf836a CreateHistoryReader+0x48031 PostErrorVA-0x120f2e clr+0x257876 @ 0x73cc7876 CreateAssemblyNameObject+0x27e00 GetMetaDataInternalInterface-0x1066f clr+0x55299 @ 0x73ac5299 CreateAssemblyNameObject+0x27c6a GetMetaDataInternalInterface-0x10805 clr+0x55103 @ 0x73ac5103 CreateAssemblyNameObject+0x27e4b GetMetaDataInternalInterface-0x10624 clr+0x552e4 @ 0x73ac52e4 CoUninitializeEE+0x9986 CreateAssemblyNameObject-0x42cf clr+0x291ca @ 0x73a991ca CoUninitializeEE+0x1270 CreateAssemblyNameObject-0xc9e5 clr+0x20ab4 @ 0x73a90ab4 CreateAssemblyNameObject+0x8563 GetMetaDataInternalInterface-0x2ff0c clr+0x359fc @ 0x73aa59fc sxsJitStartup-0x537c5 clrjit+0x10cf @ 0x738a10cf sxsJitStartup-0x357e4 clrjit+0x1f0b0 @ 0x738bf0b0 sxsJitStartup-0x52e34 clrjit+0x1a60 @ 0x738a1a60 sxsJitStartup-0x52c52 clrjit+0x1c42 @ 0x738a1c42 sxsJitStartup-0x52447 clrjit+0x244d @ 0x738a244d sxsJitStartup-0x50878 clrjit+0x401c @ 0x738a401c sxsJitStartup-0x50762 clrjit+0x4132 @ 0x738a4132 sxsJitStartup-0x50612 clrjit+0x4282 @ 0x738a4282 sxsJitStartup-0x502ff clrjit+0x4595 @ 0x738a4595 CreateAssemblyNameObject+0x61d0 GetMetaDataInternalInterface-0x3229f clr+0x33669 @ 0x73aa3669 CreateAssemblyNameObject+0x6268 GetMetaDataInternalInterface-0x32207 clr+0x33701 @ 0x73aa3701 CreateAssemblyNameObject+0x62aa GetMetaDataInternalInterface-0x321c5 clr+0x33743 @ 0x73aa3743 CreateAssemblyNameObject+0x6503 GetMetaDataInternalInterface-0x31f6c clr+0x3399c @ 0x73aa399c CreateAssemblyNameObject+0x5ffd GetMetaDataInternalInterface-0x32472 clr+0x33496 @ 0x73aa3496 CreateAssemblyNameObject+0x6c42 GetMetaDataInternalInterface-0x3182d clr+0x340db @ 0x73aa40db DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x73a8bcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x73a72ae9 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x748ab727 registers.esp: 3649036 registers.edi: 0 registers.eax: 3649036 registers.ebp: 3649116 registers.edx: 0 registers.ebx: 8605624 registers.esi: 8150968 registers.ecx: 4156968545	1
__exception__ July 22, 2021, 10:56 a.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x73c21194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x73af2ba1 mscorlib+0x32d2b4 @ 0x7222d2b4 mscorlib+0x32d233 @ 0x7222d233 mscorlib+0x32d12a @ 0x7222d12a 0x641db8 0x641c84 mscorlib+0x2d5861 @ 0x721d5861 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x357ee CorDllMainForThunk-0x56d0d clr+0xfa867 @ 0x73b6a867 DllGetClassObjectInternal+0x358c6 CorDllMainForThunk-0x56c35 clr+0xfa93f @ 0x73b6a93f PreBindAssemblyEx+0x107ff StrongNameSignatureVerification-0x174c clr+0x18836a @ 0x73bf836a PreBindAssemblyEx+0x10899 StrongNameSignatureVerification-0x16b2 clr+0x188404 @ 0x73bf8404 CreateAssemblyNameObject+0x28676 GetMetaDataInternalInterface-0xfdf9 clr+0x55b0f @ 0x73ac5b0f GetPrivateContextsPerfCounters+0x13ac DllGetActivationFactoryImpl-0x134b9 clr+0x8932e @ 0x73af932e mscorlib+0x2d5eb7 @ 0x721d5eb7 mscorlib+0x2d5c33 @ 0x721d5c33 mscorlib+0x2d7894 @ 0x721d7894 mscorlib+0x2d74ff @ 0x721d74ff mscorlib+0x2d71c3 @ 0x721d71c3 mscorlib+0x2d48ea @ 0x721d48ea mscorlib+0x36990b @ 0x7226990b 0x64581b 0x642d4d 0x642bc4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x748ab727 registers.esp: 3657180 registers.edi: 0 registers.eax: 3657180 registers.ebp: 3657260 registers.edx: 0 registers.ebx: 8605624 registers.esi: 8150968 registers.ecx: 4156960177	1
__exception__ July 22, 2021, 10:56 a.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x73c21194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x73af2ba1 mscorlib+0x32d274 @ 0x7222d274 mscorlib+0x32d233 @ 0x7222d233 mscorlib+0x32d12a @ 0x7222d12a 0x641db8 0x641c84 mscorlib+0x2d5861 @ 0x721d5861 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x357ee CorDllMainForThunk-0x56d0d clr+0xfa867 @ 0x73b6a867 DllGetClassObjectInternal+0x358c6 CorDllMainForThunk-0x56c35 clr+0xfa93f @ 0x73b6a93f PreBindAssemblyEx+0x107ff StrongNameSignatureVerification-0x174c clr+0x18836a @ 0x73bf836a PreBindAssemblyEx+0x108ef StrongNameSignatureVerification-0x165c clr+0x18845a @ 0x73bf845a CreateAssemblyNameObject+0x28676 GetMetaDataInternalInterface-0xfdf9 clr+0x55b0f @ 0x73ac5b0f GetPrivateContextsPerfCounters+0x13ac DllGetActivationFactoryImpl-0x134b9 clr+0x8932e @ 0x73af932e mscorlib+0x2d5eb7 @ 0x721d5eb7 mscorlib+0x2d5c33 @ 0x721d5c33 mscorlib+0x2d7894 @ 0x721d7894 mscorlib+0x2d74ff @ 0x721d74ff mscorlib+0x2d71c3 @ 0x721d71c3 mscorlib+0x2d48ea @ 0x721d48ea mscorlib+0x36990b @ 0x7226990b 0x64581b 0x642d4d 0x642bc4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x748ab727 registers.esp: 3657180 registers.edi: 0 registers.eax: 3657180 registers.ebp: 3657260 registers.edx: 0 registers.ebx: 8605624 registers.esi: 8150968 registers.ecx: 4156960177	1
__exception__ July 22, 2021, 10:56 a.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x73c21194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x73af2ba1 mscorlib+0x32d2c3 @ 0x7222d2c3 mscorlib+0x32d233 @ 0x7222d233 mscorlib+0x32d12a @ 0x7222d12a 0x641db8 0x641c84 mscorlib+0x2d5861 @ 0x721d5861 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x357ee CorDllMainForThunk-0x56d0d clr+0xfa867 @ 0x73b6a867 DllGetClassObjectInternal+0x358c6 CorDllMainForThunk-0x56c35 clr+0xfa93f @ 0x73b6a93f PreBindAssemblyEx+0x107ff StrongNameSignatureVerification-0x174c clr+0x18836a @ 0x73bf836a PreBindAssemblyEx+0x10899 StrongNameSignatureVerification-0x16b2 clr+0x188404 @ 0x73bf8404 CreateAssemblyNameObject+0x28676 GetMetaDataInternalInterface-0xfdf9 clr+0x55b0f @ 0x73ac5b0f GetPrivateContextsPerfCounters+0x13ac DllGetActivationFactoryImpl-0x134b9 clr+0x8932e @ 0x73af932e mscorlib+0x2d5eb7 @ 0x721d5eb7 mscorlib+0x2d5c33 @ 0x721d5c33 mscorlib+0x2d7894 @ 0x721d7894 mscorlib+0x2d74ff @ 0x721d74ff mscorlib+0x2d71c3 @ 0x721d71c3 mscorlib+0x2d48ea @ 0x721d48ea mscorlib+0x36990b @ 0x7226990b 0x64581b 0x642d4d 0x642bc4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x748ab727 registers.esp: 3657180 registers.edi: 0 registers.eax: 3657180 registers.ebp: 3657260 registers.edx: 0 registers.ebx: 8605624 registers.esi: 8150968 registers.ecx: 4156960177	1
__exception__ July 22, 2021, 10:56 a.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x73c21194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x73af2ba1 mscorlib+0x32d2cd @ 0x7222d2cd mscorlib+0x32d233 @ 0x7222d233 mscorlib+0x32d12a @ 0x7222d12a 0x641db8 0x641c84 mscorlib+0x2d5861 @ 0x721d5861 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x357ee CorDllMainForThunk-0x56d0d clr+0xfa867 @ 0x73b6a867 DllGetClassObjectInternal+0x358c6 CorDllMainForThunk-0x56c35 clr+0xfa93f @ 0x73b6a93f PreBindAssemblyEx+0x107ff StrongNameSignatureVerification-0x174c clr+0x18836a @ 0x73bf836a PreBindAssemblyEx+0x108ef StrongNameSignatureVerification-0x165c clr+0x18845a @ 0x73bf845a CreateAssemblyNameObject+0x28676 GetMetaDataInternalInterface-0xfdf9 clr+0x55b0f @ 0x73ac5b0f GetPrivateContextsPerfCounters+0x13ac DllGetActivationFactoryImpl-0x134b9 clr+0x8932e @ 0x73af932e mscorlib+0x2d5eb7 @ 0x721d5eb7 mscorlib+0x2d5c33 @ 0x721d5c33 mscorlib+0x2d7894 @ 0x721d7894 mscorlib+0x2d74ff @ 0x721d74ff mscorlib+0x2d71c3 @ 0x721d71c3 mscorlib+0x2d48ea @ 0x721d48ea mscorlib+0x36990b @ 0x7226990b 0x64581b 0x642d4d 0x642bc4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x748ab727 registers.esp: 3657180 registers.edi: 0 registers.eax: 3657180 registers.ebp: 3657260 registers.edx: 0 registers.ebx: 8605624 registers.esi: 8150968 registers.ecx: 4156960177	1
__exception__ July 22, 2021, 10:57 a.m.	stacktrace: 0x64e93b 0x514060c 0x5020b37 system+0x1d3f63 @ 0x6ff83f63 0x642ba4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73bc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73bc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73bc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7411f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 39 09 e8 3b af 02 6d 8b c8 ff 15 f4 57 00 05 8b exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x514717a registers.esp: 3664472 registers.edi: 3664496 registers.eax: 42961688 registers.ebp: 3664512 registers.edx: 8150968 registers.ebx: 60159232 registers.esi: 42961688 registers.ecx: 0	1
__exception__ July 22, 2021, 10:57 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7509b37e 0x514addd 0x514ad52 0x5148359 0x5147aab 0x5140656 0x5020b37 system+0x1d3f63 @ 0x6ff83f63 0x642ba4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73bc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73bc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73bc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7411f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7509b479 registers.esp: 3663796 registers.edi: 1955258312 registers.eax: 3735552 registers.ebp: 3664000 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 22, 2021, 10:57 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7509b37e 0x514addd 0x514ad52 0x5148359 0x5147aab 0x5140656 0x5020b37 system+0x1d3f63 @ 0x6ff83f63 0x642ba4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73bc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73bc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73bc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7411f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7509b479 registers.esp: 3663796 registers.edi: 1955258312 registers.eax: 3735552 registers.ebp: 3664000 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 22, 2021, 10:57 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7509b37e 0x514addd 0x514ad52 0x5148359 0x5147aab 0x5140656 0x5020b37 system+0x1d3f63 @ 0x6ff83f63 0x642ba4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73bc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73bc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73bc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7411f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7509b479 registers.esp: 3663796 registers.edi: 1955258312 registers.eax: 3735552 registers.ebp: 3664000 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 22, 2021, 10:57 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7509b37e 0x514addd 0x514ad52 0x5148359 0x5147aab 0x5140656 0x5020b37 system+0x1d3f63 @ 0x6ff83f63 0x642ba4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73bc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73bc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73bc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7411f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7509b479 registers.esp: 3663796 registers.edi: 1955258312 registers.eax: 3735552 registers.ebp: 3664000 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 22, 2021, 10:57 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7509b37e 0x514addd 0x514ad52 0x5148359 0x5147aab 0x5140656 0x5020b37 system+0x1d3f63 @ 0x6ff83f63 0x642ba4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73bc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73bc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73bc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7411f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7509b479 registers.esp: 3663796 registers.edi: 1955258312 registers.eax: 3735552 registers.ebp: 3664000 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 22, 2021, 10:57 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7509b37e 0x514addd 0x514ad52 0x5148359 0x5147aab 0x5140656 0x5020b37 system+0x1d3f63 @ 0x6ff83f63 0x642ba4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73bc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73bc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73bc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7411f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7509b479 registers.esp: 3663796 registers.edi: 1955258312 registers.eax: 3735552 registers.ebp: 3664000 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 22, 2021, 10:57 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7509b37e 0x514addd 0x514ad52 0x5148359 0x5147aab 0x5140656 0x5020b37 system+0x1d3f63 @ 0x6ff83f63 0x642ba4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73bc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73bc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73bc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7411f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7509b479 registers.esp: 3663796 registers.edi: 1955258312 registers.eax: 3735552 registers.ebp: 3664000 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 22, 2021, 10:57 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7509b37e 0x514addd 0x514ad52 0x5148359 0x5147aab 0x5140656 0x5020b37 system+0x1d3f63 @ 0x6ff83f63 0x642ba4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73bc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73bc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73bc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7411f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7509b479 registers.esp: 3663796 registers.edi: 1955258312 registers.eax: 3735552 registers.ebp: 3664000 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 22, 2021, 10:57 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7509b37e 0x514addd 0x514ad52 0x5148359 0x5147aab 0x5140656 0x5020b37 system+0x1d3f63 @ 0x6ff83f63 0x642ba4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73bc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73bc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73bc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7411f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7509b479 registers.esp: 3663796 registers.edi: 1955258312 registers.eax: 3735552 registers.ebp: 3664000 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ July 22, 2021, 10:57 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7509b37e 0x514addd 0x514ad52 0x5148359 0x5147aab 0x5140656 0x5020b37 system+0x1d3f63 @ 0x6ff83f63 0x642ba4 0x641e96 system+0x19c522 @ 0x70afc522 system+0x19e920 @ 0x70afe920 system+0x19e803 @ 0x70afe803 0x641903 system+0x1f9799 @ 0x70b59799 system+0x1f92c8 @ 0x70b592c8 system+0x1eca74 @ 0x70b4ca74 system+0x1ec868 @ 0x70b4c868 system+0x1f82b8 @ 0x70b582b8 system+0x1ee54d @ 0x70b4e54d system+0x1f70ea @ 0x70b570ea system+0x1e56c0 @ 0x70b456c0 system+0x1f8215 @ 0x70b58215 system+0x1f6f75 @ 0x70b56f75 system+0x1ee251 @ 0x70b4e251 system+0x1ee229 @ 0x70b4e229 system+0x1ee170 @ 0x70b4e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x766b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x766b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x766b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x766b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x7717011a system+0x1ebc85 @ 0x70b4bc85 system+0x1f683b @ 0x70b5683b system+0x1a5e44 @ 0x70b05e44 system+0x1fd8a0 @ 0x70b5d8a0 system+0x1fd792 @ 0x70b5d792 system+0x1a14bd @ 0x70b014bd 0x64133f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73a72652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73a8264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73a82e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x73b374ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73b37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73bc1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73bc1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73bc1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73bc416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7411f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77199ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77199ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7509b479 registers.esp: 3663796 registers.edi: 1955258312 registers.eax: 3735552 registers.ebp: 3664000 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 54 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 1507328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008a0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x009d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73a71000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73a72000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00462000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00495000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0049b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00497000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00640000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00641000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00487000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x70832000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00486000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00642000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00643000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00644000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00645000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00646000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 28672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00647000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0064e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06480000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06481000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06485000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06486000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0502f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05020000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06487000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06d90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 57344 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06d91000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06d9f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05140000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05141000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05142000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05144000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05145000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05021000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05146000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 22, 2021, 10:56 a.m.	process_identifier: 2072 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05147000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x000bce00', u'virtual_address': u'0x00002000', u'entropy': 7.08416433014155, u'name': u'.text', u'virtual_size': u'0x000bccd4'}

entropy

7.08416433014

description

A section with a high entropy has been found

entropy

0.995388669302

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW July 22, 2021, 10:56 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Terminates another process (20 events)

Time & API	Arguments	Status
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2796 process_handle: 0x000002fc
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2796 process_handle: 0x000002fc	1
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2832 process_handle: 0x00000304
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2832 process_handle: 0x00000304	1
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2868 process_handle: 0x0000030c
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2868 process_handle: 0x0000030c	1
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2904 process_handle: 0x00000314
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2904 process_handle: 0x00000314	1
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2940 process_handle: 0x0000031c
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2940 process_handle: 0x0000031c	1
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2976 process_handle: 0x00000324
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2976 process_handle: 0x00000324	1
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 3012 process_handle: 0x0000032c
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 3012 process_handle: 0x0000032c	1
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 3048 process_handle: 0x00000334
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 3048 process_handle: 0x00000334	1
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 1892 process_handle: 0x0000033c
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 1892 process_handle: 0x0000033c	1
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2128 process_handle: 0x00000344
NtTerminateProcess July 22, 2021, 10:57 a.m.	status_code: 0xffffffff process_identifier: 2128 process_handle: 0x00000344	1

Allocates execute permission to another process indicative of possible code injection (10 events)

Time & API	Arguments	Return
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2796 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002f8	3221225496
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2832 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002f4	3221225496
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2868 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000300	3221225496
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2904 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000308	3221225496
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2940 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000310	3221225496
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2976 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000318	3221225496
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 3012 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000320	3221225496
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 3048 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000328	3221225496
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 1892 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000330	3221225496
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2128 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000338	3221225496

Manipulates memory of a non-child process indicative of process injection (20 events)

Time & API	Arguments	Return	Repeated
Process injection	Process 2072 manipulating memory of non-child process 2796
Process injection	Process 2072 manipulating memory of non-child process 2832
Process injection	Process 2072 manipulating memory of non-child process 2868
Process injection	Process 2072 manipulating memory of non-child process 2904
Process injection	Process 2072 manipulating memory of non-child process 2940
Process injection	Process 2072 manipulating memory of non-child process 2976
Process injection	Process 2072 manipulating memory of non-child process 3012
Process injection	Process 2072 manipulating memory of non-child process 3048
Process injection	Process 2072 manipulating memory of non-child process 1892
Process injection	Process 2072 manipulating memory of non-child process 2128
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2796 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002f8	3221225496	0
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2832 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002f4	3221225496	0
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2868 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000300	3221225496	0
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2904 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000308	3221225496	0
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2940 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000310	3221225496	0
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2976 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000318	3221225496	0
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 3012 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000320	3221225496	0
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 3048 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000328	3221225496	0
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 1892 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000330	3221225496	0
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2128 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000338	3221225496	0

Executed a process and injected code into it, probably while unpacking (50 out of 68 events)

Time & API	Arguments	Status	Return
NtResumeThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2072	1	0
NtResumeThread July 22, 2021, 10:56 a.m.	thread_handle: 0x00000150 suspend_count: 1 process_identifier: 2072	1	0
NtResumeThread July 22, 2021, 10:56 a.m.	thread_handle: 0x00000190 suspend_count: 1 process_identifier: 2072	1	0
NtResumeThread July 22, 2021, 10:56 a.m.	thread_handle: 0x00000260 suspend_count: 1 process_identifier: 2072	1	0
NtResumeThread July 22, 2021, 10:56 a.m.	thread_handle: 0x00000274 suspend_count: 1 process_identifier: 2072	1	0
NtResumeThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000002ac suspend_count: 1 process_identifier: 2072	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtSetContextThread July 22, 2021, 10:56 a.m.	registers.eip: 1940859780 registers.esp: 3649244 registers.edi: 58562494 registers.eax: 16759096 registers.ebp: 3649260 registers.edx: 31 registers.ebx: 60963200 registers.esi: 60023680 registers.ecx: -4638689 thread_handle: 0x000000e0 process_identifier: 2072	1	0
NtResumeThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 2072	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtSetContextThread July 22, 2021, 10:56 a.m.	registers.eip: 1940859780 registers.esp: 3657388 registers.edi: 63104741 registers.eax: 16754422 registers.ebp: 3657404 registers.edx: 63 registers.ebx: 63100480 registers.esi: 62053672 registers.ecx: -5835009 thread_handle: 0x000000e0 process_identifier: 2072	1	0
NtResumeThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 2072	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtSetContextThread July 22, 2021, 10:56 a.m.	registers.eip: 1940859780 registers.esp: 3657388 registers.edi: 63502913 registers.eax: 22 registers.ebp: 3657404 registers.edx: 22 registers.ebx: 62042328 registers.esi: 60999130 registers.ecx: 16342 thread_handle: 0x000000e0 process_identifier: 2072	1	0
NtResumeThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 2072	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtSetContextThread July 22, 2021, 10:56 a.m.	registers.eip: 1940859780 registers.esp: 3657388 registers.edi: 63905807 registers.eax: -45 registers.ebp: 3657404 registers.edx: 52 registers.ebx: 58631912 registers.esi: 57604926 registers.ecx: 1044486 thread_handle: 0x000000e0 process_identifier: 2072	1	0
NtResumeThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 2072	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtResumeThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 2072	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0	1	0
NtSetContextThread July 22, 2021, 10:56 a.m.	registers.eip: 1940859780 registers.esp: 3657388 registers.edi: 61440907 registers.eax: -40 registers.ebp: 3657404 registers.edx: 57 registers.ebx: 61367880 registers.esi: 60504448 registers.ecx: 66866294 thread_handle: 0x000000e0 process_identifier: 2072	1	0
NtResumeThread July 22, 2021, 10:56 a.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 2072	1	0
NtResumeThread July 22, 2021, 10:57 a.m.	thread_handle: 0x00000298 suspend_count: 1 process_identifier: 2072	1	0
NtGetContextThread July 22, 2021, 10:57 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread July 22, 2021, 10:57 a.m.	thread_handle: 0x000000e0	1	0
NtResumeThread July 22, 2021, 10:57 a.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 2072	1	0
CreateProcessInternalW July 22, 2021, 10:57 a.m.	thread_identifier: 2800 thread_handle: 0x000002ac process_identifier: 2796 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\csrss.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000002f8	1	1
NtGetContextThread July 22, 2021, 10:57 a.m.	thread_handle: 0x000002ac	1	0
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2796 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002f8		3221225496
CreateProcessInternalW July 22, 2021, 10:57 a.m.	thread_identifier: 2836 thread_handle: 0x000002fc process_identifier: 2832 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\csrss.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000002f4	1	1
NtGetContextThread July 22, 2021, 10:57 a.m.	thread_handle: 0x000002fc	1	0
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2832 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002f4		3221225496
CreateProcessInternalW July 22, 2021, 10:57 a.m.	thread_identifier: 2872 thread_handle: 0x00000304 process_identifier: 2868 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\csrss.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000300	1	1
NtGetContextThread July 22, 2021, 10:57 a.m.	thread_handle: 0x00000304	1	0
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2868 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000300		3221225496
CreateProcessInternalW July 22, 2021, 10:57 a.m.	thread_identifier: 2908 thread_handle: 0x0000030c process_identifier: 2904 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\csrss.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000308	1	1
NtGetContextThread July 22, 2021, 10:57 a.m.	thread_handle: 0x0000030c	1	0
NtAllocateVirtualMemory July 22, 2021, 10:57 a.m.	process_identifier: 2904 region_size: 163840 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000308		3221225496

File has been identified by 31 AntiVirus engines on VirusTotal as malicious (31 events)

MicroWorld-eScan	Gen:Variant.Bulz.569801
FireEye	Generic.mg.0ddeb0b17f45b044
Cylance	Unsafe
Sangfor	Trojan.MSIL.Kryptik.ACBM
Alibaba	Trojan:MSIL/Kryptik.a2c70deb
Cybereason	malicious.743624
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Kryptik.ACBM
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:Trojan-Spy.MSIL.Noon.gen
BitDefender	Gen:Variant.Bulz.569801
Avast	Win32:MalwareX-gen [Trj]
Ad-Aware	Gen:Variant.Bulz.569801
Sophos	ML/PE-A
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Gen:Variant.Bulz.569801 (B)
SentinelOne	Static AI - Malicious PE
eGambit	PE.Heur.InvalidSig
Microsoft	Trojan:Win32/AgentTesla!ml
GData	Gen:Variant.Bulz.569801
Cynet	Malicious (score: 100)
McAfee	PWS-FCXS!0DDEB0B17F45
MAX	malware (ai score=81)
TrendMicro-HouseCall	TROJ_GEN.R06CC0WGL21
Ikarus	Trojan.Inject
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.ACAE!tr
BitDefenderTheta	Gen:NN.ZemsilF.34050.Vm1@ayat2
AVG	Win32:MalwareX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

csrss.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All