Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 14, 2021, 9:53 a.m.	Sept. 14, 2021, 10:04 a.m.

Size	1.1MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`9721889aa569e1cfd50d9578572d514c`
SHA256	`65c1dafe3221a730febd5044e75f1a54f63e7a0e7db0d2d59047f27aafa2b9c5`
CRC32	`1F18983C`
ssdeep	`24576:1DNgWUB2AkeKyZoPWwu4c3TzDMW1oR9qOCd0Joy1d3:1BgWUB2AkexoPW3TMWSR9qO+0`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware Is_DotNET_EXE - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT IsPE32 - (no description) Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult

New_592108806100xls.exe "C:\Users\test22\AppData\Local\Temp\New_592108806100xls.exe"
732
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.google.com , www.youtube.com , www.google.com , www.youtube.com ,www.google.com , www.youtube.com
  2800

Name	Response	Post-Analysis Lookup
www.youtube.com	A 142.250.66.46 A 142.250.207.78 A 172.217.174.206 A 142.250.204.110 A 216.58.200.78 A 142.250.66.142 A 142.250.199.78 A 142.250.204.46 A 142.250.204.78 A 142.250.66.78 A 172.217.31.238 A 142.250.66.110 CNAME youtube-ui.l.google.com A 142.250.204.142 A 172.217.161.174 A 172.217.24.78	142.250.199.110
www.google.com	A 142.250.199.68	172.217.175.68

IP Address	Status	Action
142.250.199.68	Active	Moloch
142.250.66.110	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (8 events)

Time & API	Arguments	Status	Return
GetComputerNameW Sept. 14, 2021, 9:53 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 14, 2021, 9:53 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 14, 2021, 9:53 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 14, 2021, 9:53 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA Sept. 14, 2021, 9:53 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 14, 2021, 9:53 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 14, 2021, 9:53 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Sept. 14, 2021, 9:53 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (3 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Sept. 14, 2021, 9:53 a.m.			0	0
IsDebuggerPresent Sept. 14, 2021, 9:53 a.m.			0	0
IsDebuggerPresent Sept. 14, 2021, 9:53 a.m.			0	0

Command line console output was observed (10 events)

Time & API	Arguments	Status	Return
WriteConsoleW Sept. 14, 2021, 9:53 a.m.	buffer: WARNING: 2 columns do not fit into the display and were removed. console_handle: 0x00000023	1	1
WriteConsoleW Sept. 14, 2021, 9:53 a.m.	buffer: Source Destination IPV4Address IPV6Address console_handle: 0x0000002b	1	1
WriteConsoleW Sept. 14, 2021, 9:53 a.m.	buffer: TEST22-PC www.google.com 142.250.199.68 {} console_handle: 0x00000033	1	1
WriteConsoleW Sept. 14, 2021, 9:53 a.m.	buffer: TEST22-PC www.youtube.com 142.250.66.110 {} console_handle: 0x00000037	1	1
WriteConsoleW Sept. 14, 2021, 9:53 a.m.	buffer: TEST22-PC www.youtube.com 142.250.66.110 {} console_handle: 0x0000003b	1	1
WriteConsoleW Sept. 14, 2021, 9:53 a.m.	buffer: TEST22-PC www.google.com 142.250.199.68 {} console_handle: 0x0000003f	1	1
WriteConsoleW Sept. 14, 2021, 9:53 a.m.	buffer: TEST22-PC www.youtube.com 142.250.66.110 {} console_handle: 0x00000013	1	1
WriteConsoleW Sept. 14, 2021, 9:53 a.m.	buffer: TEST22-PC www.google.com 142.250.199.68 {} console_handle: 0x00000017	1	1
WriteConsoleW Sept. 14, 2021, 9:53 a.m.	buffer: TEST22-PC www.google.com 142.250.199.68 {} console_handle: 0x0000001b	1	1
WriteConsoleW Sept. 14, 2021, 9:53 a.m.	buffer: TEST22-PC www.youtube.com 142.250.66.110 {} console_handle: 0x0000001f	1	1

Uses Windows APIs to generate a cryptographic key (46 events)

Time & API	Arguments	Status	Return
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006a1808 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006a1948 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006a1948 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041dd48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e2c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e2c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e2c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041de48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041de48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041de48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041de48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041de48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041de48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041d908 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041d908 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041d908 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e2c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e2c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e2c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e1c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e2c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e2c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e2c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e2c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e2c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e2c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e2c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041da48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e6c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0041e6c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0550ce20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0550ce20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Sept. 14, 2021, 9:53 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0550ce20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Sept. 14, 2021, 9:53 a.m.		1	1	0

One or more processes crashed (30 events)

Time & API	Arguments	Status
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 3145728 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 3145728 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 3145728 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 3145728 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 3145728 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 3145728 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 3145728 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 3145728 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 3145728 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 16777216 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 4194304 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Sept. 14, 2021, 9:53 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7575b37e 0x9139d2d 0x9138f3a 0x9137776 0x9137134 0x43308f7 system+0x1d3f63 @ 0x6e093f63 0x8dd8f5 0x8dd650 system+0x1f9799 @ 0x6e899799 system+0x1f92c8 @ 0x6e8992c8 system+0x1eca74 @ 0x6e88ca74 system+0x1ec868 @ 0x6e88c868 system+0x1f82b8 @ 0x6e8982b8 system+0x1ee54d @ 0x6e88e54d system+0x1f70ea @ 0x6e8970ea system+0x1e56c0 @ 0x6e8856c0 system+0x1f8215 @ 0x6e898215 system+0x1f6f75 @ 0x6e896f75 system+0x1ee251 @ 0x6e88e251 system+0x1ee229 @ 0x6e88e229 system+0x1ee170 @ 0x6e88e170 0x58a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x755b62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x755b6d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x755b6de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x755b6e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x773b011a system+0x1ebc85 @ 0x6e88bc85 system+0x1f683b @ 0x6e89683b system+0x1a5e44 @ 0x6e845e44 system+0x1fd8a0 @ 0x6e89d8a0 system+0x1fd792 @ 0x6e89d792 system+0x1a14bd @ 0x6e8414bd 0x8d00b8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72742652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7275264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72752e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728074ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72807610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72891dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72891e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72891f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7289416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7376f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x743c7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x743c4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x773d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x773d9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7575b479 registers.esp: 5564332 registers.edi: 1990713288 registers.eax: 3145728 registers.ebp: 5564536 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1

Allocates read-write-execute memory (usually to unpack itself) (50 out of 187 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 262144 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002b0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002b0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72741000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72742000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 917504 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00760000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00800000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00572000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005a5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005ab000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005a7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0058c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0057a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0059a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00597000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0058a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x71fb2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00596000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 32768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008d1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 20480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008d9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0433f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04330000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x09130000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x09131000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0057c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0059b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x09134000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0059c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0058d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x09135000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x09136000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x09137000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x09138000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x09139000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 732 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0913a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 region_size: 2293760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02970000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02b60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d6a1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0268a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 8192 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6d6a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02682000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026d2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02b61000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02b62000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026fa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026d3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026d4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0270b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02707000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2800 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0268b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (2 events)

cmdline	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.google.com , www.youtube.com , www.google.com , www.youtube.com ,www.google.com , www.youtube.com
cmdline	powershell Test-Connection www.google.com , www.youtube.com , www.google.com , www.youtube.com ,www.google.com , www.youtube.com

Executes one or more WMI queries (1 event)

wmi	Select * from Win32_PingStatus where ((Address='www.google.com' Or Address='www.youtube.com' Or Address='www.google.com' Or Address='www.youtube.com' Or Address='www.google.com' Or Address='www.youtube.com') And TimeToLive=80 And BufferSize=32)

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW Sept. 14, 2021, 9:53 a.m.	show_type: 0 filepath_r: powershell parameters: Test-Connection www.google.com , www.youtube.com , www.google.com , www.youtube.com ,www.google.com , www.youtube.com filepath: powershell	1	1	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00112c00', u'virtual_address': u'0x00002000', u'entropy': 7.443126334323073, u'name': u'.text', u'virtual_size': u'0x00112a54'}

entropy

7.44312633432

description

A section with a high entropy has been found

entropy

0.983445190157

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 events)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Sept. 14, 2021, 9:53 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0
LookupPrivilegeValueW Sept. 14, 2021, 9:53 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Terminates another process (20 events)

Time & API	Arguments	Status
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 2984 process_handle: 0x000003c4
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 2984 process_handle: 0x000003c4	1
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 1292 process_handle: 0x000003cc
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 1292 process_handle: 0x000003cc	1
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 2020 process_handle: 0x000003d4
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 2020 process_handle: 0x000003d4	1
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 2072 process_handle: 0x000003dc
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 2072 process_handle: 0x000003dc	1
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 1836 process_handle: 0x000003e4
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 1836 process_handle: 0x000003e4	1
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 2988 process_handle: 0x000003ec
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 2988 process_handle: 0x000003ec	1
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 108 process_handle: 0x000003f4
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 108 process_handle: 0x000003f4	1
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 1116 process_handle: 0x000003fc
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 1116 process_handle: 0x000003fc	1
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 2532 process_handle: 0x00000408
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 2532 process_handle: 0x00000408	1
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 2936 process_handle: 0x00000410
NtTerminateProcess Sept. 14, 2021, 9:53 a.m.	status_code: 0xffffffff process_identifier: 2936 process_handle: 0x00000410	1

Allocates execute permission to another process indicative of possible code injection (10 events)

Time & API	Arguments	Return
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2984 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003b8	3221225496
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 1292 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003c0	3221225496
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2020 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003c8	3221225496
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2072 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003d0	3221225496
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 1836 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003d8	3221225496
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2988 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003e0	3221225496
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 108 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003e8	3221225496
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 1116 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003f0	3221225496
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2532 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003f8	3221225496
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2936 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000404	3221225496

Manipulates memory of a non-child process indicative of process injection (20 events)

Time & API	Arguments	Return	Repeated
Process injection	Process 732 manipulating memory of non-child process 2984
Process injection	Process 732 manipulating memory of non-child process 1292
Process injection	Process 732 manipulating memory of non-child process 2020
Process injection	Process 732 manipulating memory of non-child process 2072
Process injection	Process 732 manipulating memory of non-child process 1836
Process injection	Process 732 manipulating memory of non-child process 2988
Process injection	Process 732 manipulating memory of non-child process 108
Process injection	Process 732 manipulating memory of non-child process 1116
Process injection	Process 732 manipulating memory of non-child process 2532
Process injection	Process 732 manipulating memory of non-child process 2936
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2984 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003b8	3221225496	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 1292 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003c0	3221225496	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2020 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003c8	3221225496	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2072 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003d0	3221225496	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 1836 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003d8	3221225496	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2988 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003e0	3221225496	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 108 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003e8	3221225496	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 1116 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003f0	3221225496	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2532 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003f8	3221225496	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2936 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000404	3221225496	0

File has been identified by 15 AntiVirus engines on VirusTotal as malicious (15 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.9721889aa569e1cf
Cylance	Unsafe
Cyren	W32/MSIL_Agent.BCR.gen!Eldorado
Symantec	Scr.Malcode!gdn41
ESET-NOD32	a variant of MSIL/Kryptik.ACTE
APEX	Malicious
Paloalto	generic.ml
SentinelOne	Static AI - Malicious PE
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Cynet	Malicious (score: 100)
Malwarebytes	Trojan.MalPack
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/Kryptik.ACTE!tr
BitDefenderTheta	Gen:NN.ZemsilF.34142.fn0@ae8LmZi

The process powershell.exe wrote an executable file to disk (20 events)

file	C:\Windows\System32\ie4uinit.exe
file	C:\Program Files\Windows Sidebar\sidebar.exe
file	C:\Windows\System32\WindowsAnytimeUpgradeUI.exe
file	C:\Windows\System32\xpsrchvw.exe
file	C:\Windows\System32\displayswitch.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe
file	C:\Windows\System32\mblctr.exe
file	C:\Windows\System32\mstsc.exe
file	C:\Windows\System32\SnippingTool.exe
file	C:\Windows\System32\SoundRecorder.exe
file	C:\Windows\System32\dfrgui.exe
file	C:\Windows\System32\msinfo32.exe
file	C:\Windows\System32\rstrui.exe
file	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe
file	C:\Program Files\Windows Journal\Journal.exe
file	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
file	C:\Windows\System32\MdSched.exe
file	C:\Windows\System32\msconfig.exe
file	C:\Windows\System32\recdisc.exe
file	C:\Windows\System32\msra.exe

Generates some ICMP traffic

Executed a process and injected code into it, probably while unpacking (38 events)

Time & API	Arguments	Status	Return
NtResumeThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 732	1	0
NtResumeThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x00000150 suspend_count: 1 process_identifier: 732	1	0
NtResumeThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x0000018c suspend_count: 1 process_identifier: 732	1	0
CreateProcessInternalW Sept. 14, 2021, 9:53 a.m.	thread_identifier: 2252 thread_handle: 0x000003a0 process_identifier: 2800 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.google.com , www.youtube.com , www.google.com , www.youtube.com ,www.google.com , www.youtube.com filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003a8	1	1
CreateProcessInternalW Sept. 14, 2021, 9:53 a.m.	thread_identifier: 2612 thread_handle: 0x000003bc process_identifier: 2984 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\New_592108806100xls.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000003b8	1	1
NtGetContextThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x000003bc	1	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2984 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003b8		3221225496
CreateProcessInternalW Sept. 14, 2021, 9:53 a.m.	thread_identifier: 2768 thread_handle: 0x000003c4 process_identifier: 1292 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\New_592108806100xls.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000003c0	1	1
NtGetContextThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x000003c4	1	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 1292 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003c0		3221225496
CreateProcessInternalW Sept. 14, 2021, 9:53 a.m.	thread_identifier: 2776 thread_handle: 0x000003cc process_identifier: 2020 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\New_592108806100xls.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000003c8	1	1
NtGetContextThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x000003cc	1	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2020 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003c8		3221225496
CreateProcessInternalW Sept. 14, 2021, 9:53 a.m.	thread_identifier: 3024 thread_handle: 0x000003d4 process_identifier: 2072 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\New_592108806100xls.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000003d0	1	1
NtGetContextThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x000003d4	1	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2072 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003d0		3221225496
CreateProcessInternalW Sept. 14, 2021, 9:53 a.m.	thread_identifier: 3016 thread_handle: 0x000003dc process_identifier: 1836 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\New_592108806100xls.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000003d8	1	1
NtGetContextThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x000003dc	1	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 1836 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003d8		3221225496
CreateProcessInternalW Sept. 14, 2021, 9:53 a.m.	thread_identifier: 2044 thread_handle: 0x000003e4 process_identifier: 2988 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\New_592108806100xls.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000003e0	1	1
NtGetContextThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x000003e4	1	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2988 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003e0		3221225496
CreateProcessInternalW Sept. 14, 2021, 9:53 a.m.	thread_identifier: 1940 thread_handle: 0x000003ec process_identifier: 108 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\New_592108806100xls.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000003e8	1	1
NtGetContextThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x000003ec	1	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 108 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003e8		3221225496
CreateProcessInternalW Sept. 14, 2021, 9:53 a.m.	thread_identifier: 2076 thread_handle: 0x000003f4 process_identifier: 1116 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\New_592108806100xls.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000003f0	1	1
NtGetContextThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x000003f4	1	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 1116 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003f0		3221225496
CreateProcessInternalW Sept. 14, 2021, 9:53 a.m.	thread_identifier: 560 thread_handle: 0x000003fc process_identifier: 2532 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\New_592108806100xls.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000003f8	1	1
NtGetContextThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x000003fc	1	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2532 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003f8		3221225496
CreateProcessInternalW Sept. 14, 2021, 9:53 a.m.	thread_identifier: 596 thread_handle: 0x00000408 process_identifier: 2936 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\New_592108806100xls.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000404	1	1
NtGetContextThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x00000408	1	0
NtAllocateVirtualMemory Sept. 14, 2021, 9:53 a.m.	process_identifier: 2936 region_size: 499712 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000404		3221225496
NtResumeThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x00000294 suspend_count: 1 process_identifier: 2800	1	0
NtResumeThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x000002e8 suspend_count: 1 process_identifier: 2800	1	0
NtResumeThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x00000444 suspend_count: 1 process_identifier: 2800	1	0
NtResumeThread Sept. 14, 2021, 9:53 a.m.	thread_handle: 0x000003b4 suspend_count: 1 process_identifier: 2800	1	0

New_592108806100xls.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All