Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Oct. 26, 2021, 9:23 a.m.	Oct. 26, 2021, 9:36 a.m.

Size	164.0KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6007b1c2218055d3167cdee441c6ad4c`
SHA256	`e5fa3238423eaff746e44679dbd1a499876f11ec319451bccca93c6c24c30016`
CRC32	`FB61A275`
ssdeep	`1536:p8/VTM0RLnACraunLebCHawsRHqaKliKfBFbi:p8/VTMrb1wClKliKfBFbi`
Yara	Win32_Trojan_Emotet_2_Zero - Win32 Trojan Emotet PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT

DownFlSetup122.exe "C:\Users\test22\AppData\Local\Temp\DownFlSetup122.exe"
2340
- 225312.exe "C:\Users\test22\AppData\Roaming\225312.exe"
  2876
- 345251.exe "C:\Users\test22\AppData\Roaming\345251.exe"
  2316
- 5835186.exe "C:\Users\test22\AppData\Roaming\5835186.exe"
  2716
- 5590462.exe "C:\Users\test22\AppData\Roaming\5590462.exe"
  744
  - WinHoster.exe "C:\Users\test22\AppData\Roaming\WinHost\WinHoster.exe"
    1116
- 5375424.exe "C:\Users\test22\AppData\Roaming\5375424.exe"
  2096

Name	Response	Post-Analysis Lookup
niemannbest.me	A 172.67.221.103 A 104.21.51.48	172.67.221.103
the-lead-bitter.com	A 172.67.160.101 A 104.21.66.135	104.21.66.135
api.ip.sb	CNAME api.ip.sb.cdn.cloudflare.net A 104.26.13.31 A 104.26.12.31 A 172.67.75.172	172.67.75.172
iplogger.org	A 88.99.66.31	88.99.66.31
querahinor.xyz	A 45.129.99.59	45.129.99.59
speeddatingstudio.com	A 172.67.140.223 A 104.21.94.228	104.21.94.228

IP Address	Status	Action
111.90.146.149	Active	Moloch
172.67.188.154	Active	Moloch
104.26.12.31	Active	Moloch
164.124.101.2	Active	Moloch
172.67.140.223	Active	Moloch
172.67.160.101	Active	Moloch
172.67.221.103	Active	Moloch
193.150.103.37	Active	Moloch
45.129.99.59	Active	Moloch
88.99.66.31	Active	Moloch
67.198.134.186	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49168 -> 172.67.221.103:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49178 -> 172.67.160.101:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49182 -> 104.26.12.31:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49183 -> 88.99.66.31:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49184 -> 88.99.66.31:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.103:49185 -> 172.67.140.223:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined

Suricata TLS

Flow	Issuer	Subject	Fingerprint
TLSv1 192.168.56.103:49168 172.67.221.103:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	16:7c:ef:5c:eb:cb:66:bc:19:9f:3a:95:c8:e3:06:1c:95:6b:0b:11
TLSv1 192.168.56.103:49178 172.67.160.101:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	68:03:16:8a:1d:7a:49:54:e9:b9:01:a7:10:c5:31:81:ab:f3:f6:f8
TLSv1 192.168.56.103:49182 104.26.12.31:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc RSA CA-2	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	7d:9f:08:6e:96:fc:4c:1d:eb:94:53:45:8a:6c:7e:e7:c1:69:47:e9
TLSv1 192.168.56.103:49183 88.99.66.31:443	C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA	CN=*.iplogger.org	55:1e:13:99:46:1c:67:40:a3:48:7f:38:0d:16:e7:51:f4:c4:43:cb
TLSv1 192.168.56.103:49184 88.99.66.31:443	None	None	None
TLSv1 192.168.56.103:49185 172.67.140.223:443	C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3	C=US, ST=California, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com	03:d8:32:f1:aa:8f:dc:7e:26:ab:ab:a0:a4:3b:db:67:c8:9d:2e:d5

Queries for the computername (31 events)

Time & API	Arguments	Status	Return
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Oct. 26, 2021, 9:23 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (14 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Oct. 26, 2021, 9:15 a.m.			0	0
IsDebuggerPresent Oct. 26, 2021, 9:15 a.m.			0	0
IsDebuggerPresent Oct. 26, 2021, 9:23 a.m.			0	0
IsDebuggerPresent Oct. 26, 2021, 9:23 a.m.			0	0
IsDebuggerPresent Oct. 26, 2021, 9:23 a.m.			0	0
IsDebuggerPresent Oct. 26, 2021, 9:23 a.m.			0	0
IsDebuggerPresent Oct. 26, 2021, 9:23 a.m.			0	0
IsDebuggerPresent Oct. 26, 2021, 9:23 a.m.			0	0
IsDebuggerPresent Oct. 26, 2021, 9:23 a.m.			0	0
IsDebuggerPresent Oct. 26, 2021, 9:23 a.m.			0	0
IsDebuggerPresent Oct. 26, 2021, 9:23 a.m.			0	0
IsDebuggerPresent Oct. 26, 2021, 9:23 a.m.			0	0
IsDebuggerPresent Oct. 26, 2021, 9:23 a.m.			0	0
IsDebuggerPresent Oct. 26, 2021, 9:23 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (24 events)

Time & API	Arguments	Status	Return
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0073a1e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0073a1e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0073a0a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006da538 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006da538 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x006da5b8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0078b698 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0078b718 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0078b718 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0078b898 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0078b898 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0078b718 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007aa540 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007aa540 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007aa5c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007aaa00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007aaa80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007aaa80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007aad40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007aad40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007aac00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0066a480 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0066a480 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Oct. 26, 2021, 9:23 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0066a340 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (2 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Oct. 26, 2021, 9:15 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (2 events)

section	't@\x07`\x16+g
section

One or more processes crashed (50 out of 78 events)

Time & API	Arguments	Status
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x5d9dd9 0x5d9d20 0x5d912a 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336648 registers.edi: 37840588 registers.eax: 0 registers.ebp: 3336708 registers.edx: 3822692 registers.ebx: 37833676 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x5d9dd9 0x5d9d20 0x5d912a 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336648 registers.edi: 39377448 registers.eax: 0 registers.ebp: 3336708 registers.edx: 3822692 registers.ebx: 37833676 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x5d9dd9 0x5d9d20 0x5d912a 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336648 registers.edi: 40733504 registers.eax: 0 registers.ebp: 3336708 registers.edx: 3822692 registers.ebx: 37833676 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb900dc 0x5dfe38 0x5d940c 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336640 registers.edi: 37626432 registers.eax: 0 registers.ebp: 3336700 registers.edx: 3822692 registers.ebx: 37392900 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb900dc 0x5dfe38 0x5d940c 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336640 registers.edi: 38965308 registers.eax: 0 registers.ebp: 3336700 registers.edx: 3822692 registers.ebx: 37392900 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb900dc 0x5dfe38 0x5d940c 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336640 registers.edi: 40292344 registers.eax: 0 registers.ebp: 3336700 registers.edx: 3822692 registers.ebx: 37392900 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb90645 0xb90578 0x5d92c4 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336648 registers.edi: 41619684 registers.eax: 0 registers.ebp: 3336708 registers.edx: 3822692 registers.ebx: 37392900 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb90645 0xb90578 0x5d92c4 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336648 registers.edi: 38443528 registers.eax: 0 registers.ebp: 3336708 registers.edx: 3822692 registers.ebx: 37392900 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb90645 0xb90578 0x5d92c4 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336648 registers.edi: 39861000 registers.eax: 0 registers.ebp: 3336708 registers.edx: 3822692 registers.ebx: 37392900 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb90a62 0xb909c8 0x5d9363 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336656 registers.edi: 41278948 registers.eax: 0 registers.ebp: 3336716 registers.edx: 3822692 registers.ebx: 37392900 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb90a62 0xb909c8 0x5d9363 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336656 registers.edi: 37830280 registers.eax: 0 registers.ebp: 3336716 registers.edx: 3822692 registers.ebx: 37392880 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb90a62 0xb909c8 0x5d9363 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336656 registers.edi: 39270388 registers.eax: 0 registers.ebp: 3336716 registers.edx: 3822692 registers.ebx: 37392880 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x5d9dd9 0x5d9d20 0x5d912a 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336648 registers.edi: 40695808 registers.eax: 0 registers.ebp: 3336708 registers.edx: 3822692 registers.ebx: 40689288 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x5d9dd9 0x5d9d20 0x5d912a 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336648 registers.edi: 42050912 registers.eax: 0 registers.ebp: 3336708 registers.edx: 3822692 registers.ebx: 40689288 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x5d9dd9 0x5d9d20 0x5d912a 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336648 registers.edi: 38580236 registers.eax: 0 registers.ebp: 3336708 registers.edx: 3822692 registers.ebx: 37594208 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb900dc 0x5dfe38 0x5d940c 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336640 registers.edi: 39935336 registers.eax: 0 registers.ebp: 3336700 registers.edx: 3822692 registers.ebx: 37594208 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb900dc 0x5dfe38 0x5d940c 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336640 registers.edi: 41262396 registers.eax: 0 registers.ebp: 3336700 registers.edx: 3822692 registers.ebx: 37594208 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb900dc 0x5dfe38 0x5d940c 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336640 registers.edi: 38442740 registers.eax: 0 registers.ebp: 3336700 registers.edx: 3822692 registers.ebx: 37516940 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb90645 0xb90578 0x5d92c4 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336648 registers.edi: 39769832 registers.eax: 0 registers.ebp: 3336708 registers.edx: 3822692 registers.ebx: 37516940 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb90645 0xb90578 0x5d92c4 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336648 registers.edi: 41187316 registers.eax: 0 registers.ebp: 3336708 registers.edx: 3822692 registers.ebx: 37516940 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb90645 0xb90578 0x5d92c4 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336648 registers.edi: 38524164 registers.eax: 0 registers.ebp: 3336708 registers.edx: 3822692 registers.ebx: 37516900 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb90a62 0xb909c8 0x5d9363 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336656 registers.edi: 39950580 registers.eax: 0 registers.ebp: 3336716 registers.edx: 3822692 registers.ebx: 37516900 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb90a62 0xb909c8 0x5d9363 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336656 registers.edi: 41370512 registers.eax: 0 registers.ebp: 3336716 registers.edx: 3822692 registers.ebx: 37516900 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb90a62 0xb909c8 0x5d9363 0x5d6e2e 0x5d4e17 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 43 4d 78 67 35 11 b4 3f 04 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5da179 registers.esp: 3336656 registers.edi: 38535176 registers.eax: 0 registers.ebp: 3336716 registers.edx: 3822692 registers.ebx: 37516900 registers.esi: 1987054126 registers.ecx: 7102184	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9dd1b 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 39 09 e8 e2 23 99 71 85 c0 0f 8e 57 02 00 00 b8 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xb9e4b7 registers.esp: 3337040 registers.edi: 37384160 registers.eax: 37841748 registers.ebp: 3337196 registers.edx: 0 registers.ebx: 37384160 registers.esi: 38967244 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9eaf2 0xb9e9c5 0x5d4ef7 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d8 b8 b6 37 dc 8c 35 1f exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4c624f9 registers.esp: 3337092 registers.edi: 39061128 registers.eax: 0 registers.ebp: 3337148 registers.edx: 7613584 registers.ebx: 39065064 registers.esi: 90562347 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9eaf2 0xb9e9c5 0x5d4ef7 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d8 b8 b6 37 dc 8c 35 1f exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4c624f9 registers.esp: 3337092 registers.edi: 39061196 registers.eax: 0 registers.ebp: 3337148 registers.edx: 7613584 registers.ebx: 39066188 registers.esi: 90562347 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9eaf2 0xb9e9c5 0x5d4ef7 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d8 b8 b6 37 dc 8c 35 1f exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4c624f9 registers.esp: 3337092 registers.edi: 39061248 registers.eax: 0 registers.ebp: 3337148 registers.edx: 7613584 registers.ebx: 39066188 registers.esi: 90562347 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9eaf2 0xb9e9c5 0x5d4ef7 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 69 c6 65 58 2b 06 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4c6254c registers.esp: 3337092 registers.edi: 39061288 registers.eax: 0 registers.ebp: 3337148 registers.edx: 7613584 registers.ebx: 39084256 registers.esi: 372211881 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9eaf2 0xb9e9c5 0x5d4ef7 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d8 b8 b6 37 dc 8c 35 1f exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4c624f9 registers.esp: 3337092 registers.edi: 39061320 registers.eax: 0 registers.ebp: 3337148 registers.edx: 7613584 registers.ebx: 39084256 registers.esi: 90562347 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9eaf2 0xb9e9c5 0x5d4ef7 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d8 b8 b6 37 dc 8c 35 1f exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4c624f9 registers.esp: 3337092 registers.edi: 39061456 registers.eax: 0 registers.ebp: 3337148 registers.edx: 7613584 registers.ebx: 39086100 registers.esi: 90562347 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9eaf2 0xb9e9c5 0x5d4ef7 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d8 b8 b6 37 dc 8c 35 1f exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4c624f9 registers.esp: 3337092 registers.edi: 39061480 registers.eax: 0 registers.ebp: 3337148 registers.edx: 7613584 registers.ebx: 39086100 registers.esi: 90562347 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9eaf2 0xb9e9c5 0x5d4ef7 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d8 b8 b6 37 dc 8c 35 1f exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4c624f9 registers.esp: 3337092 registers.edi: 39061508 registers.eax: 0 registers.ebp: 3337148 registers.edx: 7613584 registers.ebx: 39086100 registers.esi: 90562347 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9eaf2 0xb9e9c5 0x5d4ef7 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d8 b8 b6 37 dc 8c 35 1f exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4c624f9 registers.esp: 3337092 registers.edi: 39061540 registers.eax: 0 registers.ebp: 3337148 registers.edx: 7613584 registers.ebx: 39086100 registers.esi: 90562347 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9eaf2 0xb9e9c5 0x5d4ef7 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d8 b8 b6 37 dc 8c 35 1f exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4c624f9 registers.esp: 3337092 registers.edi: 39061568 registers.eax: 0 registers.ebp: 3337148 registers.edx: 7613584 registers.ebx: 39086100 registers.esi: 90562347 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9eaf2 0xb9e9c5 0x5d4ef7 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d8 b8 b6 37 dc 8c 35 1f exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4c624f9 registers.esp: 3337092 registers.edi: 39061748 registers.eax: 0 registers.ebp: 3337148 registers.edx: 7613584 registers.ebx: 39090468 registers.esi: 90562347 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9eaf2 0xb9e9c5 0x5d4ef7 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d8 b8 b6 37 dc 8c 35 1f exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4c624f9 registers.esp: 3337092 registers.edi: 39061792 registers.eax: 0 registers.ebp: 3337148 registers.edx: 7613584 registers.ebx: 39090468 registers.esi: 90562347 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xb9eaf2 0xb9e9c5 0x5d4ef7 0x5d4d68 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5d0a9f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d8 b8 b6 37 dc 8c 35 1f exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x4c624f9 registers.esp: 3337092 registers.edi: 39064572 registers.eax: 0 registers.ebp: 3337148 registers.edx: 7613584 registers.ebx: 39165132 registers.esi: 90562347 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0xaf74ec 0xaf73f1 0xaf6116 0xaf5e10 0xaf46f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d36ad @ 0x725136ad mscorlib+0x308f2d @ 0x72548f2d 0xaf0b6e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d0 85 c0 75 06 8b 15 2c exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xaf75dc registers.esp: 1567820 registers.edi: 1567840 registers.eax: 0 registers.ebp: 1567852 registers.edx: 7106136 registers.ebx: 262763870 registers.esi: 39166504 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x6da6d2 0x6da64d 0x6d6094 0x6d5d90 0x6d46b6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d36ad @ 0x725136ad mscorlib+0x308f2d @ 0x72548f2d 0x6d0b8a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d0 85 c0 75 06 8b 15 2c exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6da79d registers.esp: 4516108 registers.edi: 37101508 registers.eax: 0 registers.ebp: 4516140 registers.edx: 7958160 registers.ebx: 26578082 registers.esi: 37101648 registers.ecx: 0	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x5a9de9 0x5a9d20 0x5a90df 0x5a6e56 0x5a4f47 0x5a4e98 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5a0bdc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 59 5f 49 f4 35 7c 70 d3 b4 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5aa140 registers.esp: 3204948 registers.edi: 38897368 registers.eax: 0 registers.ebp: 3205004 registers.edx: 4150372 registers.ebx: 38890456 registers.esi: 1952666378 registers.ecx: 10247912	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x5a9de9 0x5a9d20 0x5a90df 0x5a6e56 0x5a4f47 0x5a4e98 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5a0bdc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 59 5f 49 f4 35 7c 70 d3 b4 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5aa140 registers.esp: 3204948 registers.edi: 40434240 registers.eax: 0 registers.ebp: 3205004 registers.edx: 4150372 registers.ebx: 38890456 registers.esi: 1952666378 registers.ecx: 10247912	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x5a9de9 0x5a9d20 0x5a90df 0x5a6e56 0x5a4f47 0x5a4e98 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5a0bdc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 59 5f 49 f4 35 7c 70 d3 b4 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5aa140 registers.esp: 3204948 registers.edi: 41790296 registers.eax: 0 registers.ebp: 3205004 registers.edx: 4150372 registers.ebx: 38890456 registers.esi: 1952666378 registers.ecx: 10247912	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x9400dc 0x5affe8 0x5a92cf 0x5a6e56 0x5a4f47 0x5a4e98 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5a0bdc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 59 5f 49 f4 35 7c 70 d3 b4 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5aa140 registers.esp: 3204936 registers.edi: 38680948 registers.eax: 0 registers.ebp: 3204992 registers.edx: 4150372 registers.ebx: 38441484 registers.esi: 1952666378 registers.ecx: 10247912	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x9400dc 0x5affe8 0x5a92cf 0x5a6e56 0x5a4f47 0x5a4e98 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5a0bdc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 59 5f 49 f4 35 7c 70 d3 b4 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5aa140 registers.esp: 3204936 registers.edi: 40019812 registers.eax: 0 registers.ebp: 3204992 registers.edx: 4150372 registers.ebx: 38441484 registers.esi: 1952666378 registers.ecx: 10247912	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x9400dc 0x5affe8 0x5a92cf 0x5a6e56 0x5a4f47 0x5a4e98 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5a0bdc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 59 5f 49 f4 35 7c 70 d3 b4 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5aa140 registers.esp: 3204936 registers.edi: 41346848 registers.eax: 0 registers.ebp: 3204992 registers.edx: 4150372 registers.ebx: 38441484 registers.esi: 1952666378 registers.ecx: 10247912	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x94061d 0x940578 0x5a9370 0x5a6e56 0x5a4f47 0x5a4e98 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5a0bdc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 59 5f 49 f4 35 7c 70 d3 b4 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5aa140 registers.esp: 3204948 registers.edi: 42674188 registers.eax: 0 registers.ebp: 3205004 registers.edx: 4150372 registers.ebx: 38441484 registers.esi: 1952666378 registers.ecx: 10247912	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x94061d 0x940578 0x5a9370 0x5a6e56 0x5a4f47 0x5a4e98 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5a0bdc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 59 5f 49 f4 35 7c 70 d3 b4 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5aa140 registers.esp: 3204948 registers.edi: 39492332 registers.eax: 0 registers.ebp: 3205004 registers.edx: 4150372 registers.ebx: 38441484 registers.esi: 1952666378 registers.ecx: 10247912	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x94061d 0x940578 0x5a9370 0x5a6e56 0x5a4f47 0x5a4e98 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5a0bdc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 59 5f 49 f4 35 7c 70 d3 b4 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5aa140 registers.esp: 3204948 registers.edi: 40909792 registers.eax: 0 registers.ebp: 3205004 registers.edx: 4150372 registers.ebx: 38441484 registers.esi: 1952666378 registers.ecx: 10247912	1
__exception__ Oct. 26, 2021, 9:23 a.m.	stacktrace: 0x940a1c 0x940978 0x5a93fb 0x5a6e56 0x5a4f47 0x5a4e98 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x73c51838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x73c51737 mscorlib+0x2d3711 @ 0x72513711 mscorlib+0x308f2d @ 0x72548f2d 0x5a0bdc DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73bd2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x73be264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73be2e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73d6a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73c97610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73d21dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73d21e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73d21f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73d2416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7427f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74507f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74504de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77579ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77579ea5 exception.instruction_r: 8b 40 04 89 45 d4 b8 59 5f 49 f4 35 7c 70 d3 b4 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5aa140 registers.esp: 3204952 registers.edi: 42327740 registers.eax: 0 registers.ebp: 3205008 registers.edx: 4150372 registers.ebx: 38441484 registers.esi: 1952666378 registers.ecx: 10247912	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (11 events)

suspicious_features	GET method with no useragent header	suspicious_request	GET https://niemannbest.me/?user=p12_1
suspicious_features	GET method with no useragent header	suspicious_request	GET https://niemannbest.me/?user=p12_2
suspicious_features	GET method with no useragent header	suspicious_request	GET https://niemannbest.me/?user=p12_3
suspicious_features	GET method with no useragent header	suspicious_request	GET https://niemannbest.me/?user=p12_4
suspicious_features	GET method with no useragent header	suspicious_request	GET https://niemannbest.me/?user=p12_5
suspicious_features	GET method with no useragent header	suspicious_request	GET https://niemannbest.me/?user=p12_6
suspicious_features	POST method with no referer header, POST method with no useragent header	suspicious_request	POST https://the-lead-bitter.com/
suspicious_features	GET method with no useragent header	suspicious_request	GET https://niemannbest.me/?user=p12_7
suspicious_features	GET method with no useragent header	suspicious_request	GET https://api.ip.sb/ip
suspicious_features	GET method with no useragent header	suspicious_request	GET https://iplogger.org/1a5jd7
suspicious_features	POST method with no referer header, POST method with no useragent header	suspicious_request	POST https://speeddatingstudio.com/

Performs some HTTP requests (12 events)

request	GET https://niemannbest.me/?user=p12_1
request	GET https://niemannbest.me/?user=p12_2
request	GET https://niemannbest.me/?user=p12_3
request	GET https://niemannbest.me/?user=p12_4
request	GET https://niemannbest.me/?user=p12_5
request	GET https://niemannbest.me/?user=p12_6
request	POST https://the-lead-bitter.com/
request	GET https://niemannbest.me/?user=p12_7
request	GET https://api.ip.sb/ip
request	GET https://iplogger.org/1a4jd7
request	GET https://iplogger.org/1a5jd7
request	POST https://speeddatingstudio.com/

Sends data using the HTTP POST Method (2 events)

request	POST https://the-lead-bitter.com/
request	POST https://speeddatingstudio.com/

Allocates read-write-execute memory (usually to unpack itself) (50 out of 452 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 2490368 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000780000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000960000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2321000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef29bb000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 2555904 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000c70000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000000e60000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2322000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2324000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2324000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2324000 process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fef2324000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 655360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff10000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fffff00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92b9a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92bac000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92cc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92c4c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92c76000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92c50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtProtectVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 24576 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0000000001032000 process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92cc1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92cc2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92cc3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92cc4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92cc5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92b9b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92cc6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92cc7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92cc8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92bbb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92bec000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92bbd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92d00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92b92000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92baa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1
NtAllocateVirtualMemory Oct. 26, 2021, 9:15 a.m.	process_identifier: 2340 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x000007fe92bed000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffffffffffff	1

A process attempted to delay the analysis task. (1 event)

description

WinHoster.exe tried to sleep 217 seconds, actually delayed analysis time by 217 seconds

Steals private information from local Internet browsers (9 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Chromium\User Data
file	C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data
file	C:\Users\test22\AppData\Local\Nichrome\User Data
file	C:\Users\test22\AppData\Local\Yandex\YandexBrowser\User Data

Creates executable files on the filesystem (5 events)

file	C:\Users\test22\AppData\Roaming\225312.exe
file	C:\Users\test22\AppData\Roaming\5590462.exe
file	C:\Users\test22\AppData\Roaming\345251.exe
file	C:\Users\test22\AppData\Roaming\5835186.exe
file	C:\Users\test22\AppData\Roaming\5375424.exe

Creates hidden or system file (2 events)

Time & API	Arguments	Status	Return	Repeated
SetFileAttributesW Oct. 26, 2021, 9:23 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\WinHost filepath: C:\Users\test22\AppData\Roaming\WinHost	1	1	0
SetFileAttributesW Oct. 26, 2021, 9:23 a.m.	file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: C:\Users\test22\AppData\Roaming\WinHost\WinHoster.exe filepath: C:\Users\test22\AppData\Roaming\WinHost\WinHoster.exe	1	1	0

Drops a binary and executes it (5 events)

file	C:\Users\test22\AppData\Roaming\225312.exe
file	C:\Users\test22\AppData\Roaming\345251.exe
file	C:\Users\test22\AppData\Roaming\5835186.exe
file	C:\Users\test22\AppData\Roaming\5590462.exe
file	C:\Users\test22\AppData\Roaming\5375424.exe

Drops an executable to the user AppData folder (5 events)

file	C:\Users\test22\AppData\Roaming\5835186.exe
file	C:\Users\test22\AppData\Roaming\5590462.exe
file	C:\Users\test22\AppData\Roaming\5375424.exe
file	C:\Users\test22\AppData\Roaming\345251.exe
file	C:\Users\test22\AppData\Roaming\225312.exe

A process created a hidden window (5 events)

Time & API	Arguments	Status	Return
ShellExecuteExW Oct. 26, 2021, 9:16 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Roaming\225312.exe parameters: filepath: C:\Users\test22\AppData\Roaming\225312.exe	1	1
ShellExecuteExW Oct. 26, 2021, 9:16 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Roaming\345251.exe parameters: filepath: C:\Users\test22\AppData\Roaming\345251.exe	1	1
ShellExecuteExW Oct. 26, 2021, 9:16 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Roaming\5835186.exe parameters: filepath: C:\Users\test22\AppData\Roaming\5835186.exe	1	1
ShellExecuteExW Oct. 26, 2021, 9:16 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Roaming\5590462.exe parameters: filepath: C:\Users\test22\AppData\Roaming\5590462.exe	1	1
ShellExecuteExW Oct. 26, 2021, 9:16 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Roaming\5375424.exe parameters: filepath: C:\Users\test22\AppData\Roaming\5375424.exe	1	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Oct. 26, 2021, 9:15 a.m.	flags: 15 family: 0		111	0

The binary likely contains encrypted or compressed data indicative of a packer (1 event)

section

{u'size_of_data': u'0x00005200', u'virtual_address': u'0x00002000', u'entropy': 7.99092934287864, u'name': u"'t@\\x07`\\x16+g", u'virtual_size': u'0x000051d0'}

entropy

7.99092934288

description

A section with a high entropy has been found

Checks for the Locally Unique Identifier on the system for a suspicious privilege (4 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW Oct. 26, 2021, 9:16 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Oct. 26, 2021, 9:23 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Oct. 26, 2021, 9:24 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Oct. 26, 2021, 9:23 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Queries for potentially installed applications (50 out of 204 events)

Time & API	Arguments	Status
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x00000324 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: 7-Zip base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: AddressBook base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: Adobe AIR base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: Connection Manager base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: DirectDrawEx base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: EditPlus base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: Fontcore base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: Google Chrome base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: IE40 base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: IE4Data base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: IE5BAKEX base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: IEData base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: MobileOptionPack base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: Mozilla Thunderbird 78.4.0 (x86 ko) base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: Office15.PROPLUSR base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: SchedulingAgent base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: WIC base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {00203668-8170-44A0-BE44-B632FA4D780F} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {26A24AE4-039D-4CA4-87B4-2F32180131F0} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {4A03706F-666A-4037-7777-5F2748764D10} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-0015-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-0016-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-0018-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-0019-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-001A-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-001B-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-001F-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-001F-040C-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-001F-0C0A-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-002C-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-0044-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-006E-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-0090-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-00A1-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-00BA-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-00E1-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-00E2-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-0115-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-0117-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {90150000-012B-0409-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {91150000-0011-0000-0000-0000000FF1CE} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW Oct. 26, 2021, 9:23 a.m.	regkey_r: {BB8B979E-E336-47E7-96BC-1031C1B94561} base_handle: 0x00000324 key_handle: 0x0000031c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}	1

Terminates another process (1 event)

Time & API	Arguments	Status	Return	Repeated
NtTerminateProcess Oct. 26, 2021, 9:16 a.m.	status_code: 0xffffffff process_identifier: 2340 process_handle: 0x0000000000000694		0	0

Communicates with host for which no DNS query was performed (4 events)

host	111.90.146.149
host	172.67.188.154
host	193.150.103.37
host	67.198.134.186

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\WinHost

reg_value

C:\Users\test22\AppData\Roaming\WinHost\WinHoster.exe

Harvests credentials from local FTP client softwares (2 events)

file	C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Collects information about installed applications (50 out of 152 events)

Time & API	Arguments	Status
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 7-Zip 20.02 alpha regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe AIR regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Mozilla Thunderbird 78.4.0 (x86 ko) regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Professional Plus 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe AIR regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Java 8 Update 131 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Java Auto Updater regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Access MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0015-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Excel MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0016-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft PowerPoint MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0018-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Publisher MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0019-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Outlook MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001A-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Word MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001B-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing Tools 2013 - English regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Outils de vérification linguistique 2013 de Microsoft Office - Français regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-040C-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing Tools 2013 - Español regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-001F-0C0A-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-002C-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft InfoPath MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0044-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft DCF MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0090-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft OneNote MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00A1-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Groove MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OSM MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E1-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OSM UX MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-00E2-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared Setup Metadata MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0115-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Access Setup Metadata MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-0117-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Lync MUI (English) 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-012B-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Professional Plus 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{91150000-0011-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Acrobat Reader DC MUI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x0000031c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x00000710 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 7-Zip 20.02 alpha regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x00000710 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe AIR regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x00000710 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x00000710 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x00000710 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x00000710 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Mozilla Thunderbird 78.4.0 (x86 ko) regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 78.4.0 (x86 ko)\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x00000710 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Professional Plus 2013 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUSR\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x00000710 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe AIR regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x00000710 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x00000710 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x00000710 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Java 8 Update 131 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F32180131F0}\DisplayName	1
RegQueryValueExW Oct. 26, 2021, 9:23 a.m.	key_handle: 0x00000710 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Java Auto Updater regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}\DisplayName	1

Harvests credentials from local email clients (2 events)

file	C:\Users\test22\AppData\Local\Thunderbird\Profiles\hzkyl8yo.default
file	C:\Users\test22\AppData\Roaming\Thunderbird\Profiles\hzkyl8yo.default

Generates some ICMP traffic

File has been identified by 24 AntiVirus engines on VirusTotal as malicious (24 events)

Elastic	malicious (high confidence)
FireEye	Generic.mg.6007b1c2218055d3
McAfee	Artemis!6007B1C22180
Cylance	Unsafe
Sangfor	Suspicious.Win32.Save.a
Cybereason	malicious.10648a
BitDefenderTheta	Gen:NN.ZemsilF.34236.ku0@aqggPo
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.IFK
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Banker.MSIL.ClipBanker.gen
Avast	Win32:MalwareX-gen [Trj]
Sophos	Generic ML PUA (PUA)
McAfee-GW-Edition	BehavesLike.Win32.Generic.ct
eGambit	Unsafe.AI_Score_99%
Gridinsoft	Trojan.Heur!.03011281
Microsoft	Trojan:Win32/AgentTesla!ml
ZoneAlarm	HEUR:Trojan-Banker.MSIL.ClipBanker.gen
Cynet	Malicious (score: 100)
VBA32	CIL.HeapOverride.Heur
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
AVG	Win32:MalwareX-gen [Trj]
CrowdStrike	win/malicious_confidence_80% (D)

DownFlSetup122.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All