Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 15, 2021, 5:59 p.m.	Nov. 15, 2021, 6:01 p.m.

Size	1.1MB
Type	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`6966182dd20351152ea815d31e735067`
SHA256	`9f1829d274764862ecbac58a299f20376c4f5e7c725de68bc94ea768724906f6`
CRC32	`C32D2E62`
ssdeep	`24576:JAonVXGyMHv70mq0PgSErFqQSWjVtVYZ:SonVp7OgSErFqQtC`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT

asdfg.exe "C:\Users\test22\AppData\Local\Temp\asdfg.exe"
2844
- wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\Ilzzmljftcwfeldyujdcyqy.vbs"
  776
  - Tyjigybwjylnokucizpstzjwazconsoleapp18.exe "C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe"
    2264
    - wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\Ksyuxjtrazuidxiqmg.vbs"
      2480
      - Vcinpeamqerjfxlsvutgosconsoleapp11.exe "C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe"
        1568
        
        Vcinpeamqerjfxlsvutgosconsoleapp11.exe C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe
        2260
        
        cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /pid 2260 & erase C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe & RD /S /Q C:\\ProgramData\\880523887698104\\* & exit
        3004
        
        taskkill.exe taskkill /pid 2260
        1436
- asdfg.exe C:\Users\test22\AppData\Local\Temp\asdfg.exe
  2132
explorer.exe C:\Windows\Explorer.EXE
1156

Name	Response	Post-Analysis Lookup
colonna.ac.ug	A 185.215.113.77	185.215.113.77
t.me	A 149.154.167.99	149.154.167.99

IP Address	Status	Action
149.154.167.99	Active	Moloch
164.124.101.2	Active	Moloch
185.163.47.176	Active	Moloch
185.215.113.77	Active	Moloch
193.38.54.238	Active	Moloch
74.119.192.122	Active	Moloch
91.219.236.162	Active	Moloch
91.219.236.240	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 185.215.113.77:80 -> 192.168.56.101:49186	2400024	ET DROP Spamhaus DROP Listed Traffic Inbound group 25	Misc Attack
TCP 185.215.113.77:80 -> 192.168.56.101:49186	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 149.154.167.99:443 -> 192.168.56.101:49189	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49190 -> 149.154.167.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 149.154.167.99:443 -> 192.168.56.101:49191	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.101:49206	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49192 -> 149.154.167.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 149.154.167.99:443 -> 192.168.56.101:49202	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49188 -> 149.154.167.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49197 -> 149.154.167.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49203 -> 149.154.167.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49217 -> 149.154.167.99:443	906200056	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 149.154.167.99:443 -> 192.168.56.101:49218	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 149.154.167.99:443 -> 192.168.56.101:49193	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49186 -> 185.215.113.77:80	2027108	ET HUNTING Suspicious Zipped Filename in Outbound POST Request (screenshot.) M2	A Network Trojan was detected
TCP 192.168.56.101:49186 -> 185.215.113.77:80	2029236	ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil	Malware Command and Control Activity Detected
TCP 192.168.56.101:49186 -> 185.215.113.77:80	2029846	ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)	A Network Trojan was detected
TCP 192.168.56.101:49186 -> 185.215.113.77:80	2033886	ET HUNTING Suspicious Zipped Filename in Outbound POST Request (Chrome_Default.txt)	Potentially Bad Traffic

Suricata TLS

No Suricata TLS

Queries for the computername (2 events)

Time & API	Arguments	Status	Return	Repeated
GetComputerNameA Nov. 15, 2021, 6 p.m.	computer_name: TEST22-PC	1	1	0
GetComputerNameW Nov. 15, 2021, 6 p.m.	computer_name: TEST22-PC	1	1	0

Checks if process is being debugged by a debugger (6 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 15, 2021, 5:59 p.m.			0	0
IsDebuggerPresent Nov. 15, 2021, 5:59 p.m.			0	0
IsDebuggerPresent Nov. 15, 2021, 5:59 p.m.			0	0
IsDebuggerPresent Nov. 15, 2021, 5:59 p.m.			0	0
IsDebuggerPresent Nov. 15, 2021, 5:59 p.m.			0	0
IsDebuggerPresent Nov. 15, 2021, 5:59 p.m.			0	0

Command line console output was observed (2 events)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Nov. 15, 2021, 6 p.m.	buffer: The system cannot find the path specified. console_handle: 0x0000000b	1	1	0
WriteConsoleW Nov. 15, 2021, 6 p.m.	buffer: ERROR: The process "2260" not found. console_handle: 0x0000000b	1	1	0

Uses Windows APIs to generate a cryptographic key (9 events)

Time & API	Arguments	Status	Return
CryptExportKey Nov. 15, 2021, 5:59 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00355b10 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 15, 2021, 5:59 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00355b10 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 15, 2021, 5:59 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00356850 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 15, 2021, 5:59 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x006a5f50 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 15, 2021, 5:59 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x006a5f50 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 15, 2021, 5:59 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x006a6c50 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 15, 2021, 6 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x008983a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 15, 2021, 6 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x008983a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 15, 2021, 6 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x008982a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 15, 2021, 5:59 p.m.		1	1	0

One or more processes crashed (50 out of 58 events)

Time & API	Arguments	Status
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4b2e64d 0x4b2e5c2 0x4b2c19f 0x4b2608b 0x4b28ad7 0x6cd86b 0x6cecae DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72e32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e4264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72eb1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72eb1737 mscorlib+0x2d3711 @ 0x72143711 mscorlib+0x308f2d @ 0x72178f2d mscorlib+0x3133fd @ 0x721833fd 0x6c07e0 0x6c02b5 mscorlib+0x30c9ff @ 0x7217c9ff mscorlib+0x302367 @ 0x72172367 mscorlib+0x3022a6 @ 0x721722a6 mscorlib+0x302261 @ 0x72172261 mscorlib+0x30ca7c @ 0x7217ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72e32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e42e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x72ed07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72ea7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72ea7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72ea7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x72e3c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72ed0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x72f4a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 78440880 registers.edi: 1980555208 registers.eax: 16777216 registers.ebp: 78441084 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4b2e64d 0x4b2e5c2 0x4b2c19f 0x4b2608b 0x4b28ad7 0x6cd86b 0x6cecae DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72e32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e4264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72eb1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72eb1737 mscorlib+0x2d3711 @ 0x72143711 mscorlib+0x308f2d @ 0x72178f2d mscorlib+0x3133fd @ 0x721833fd 0x6c07e0 0x6c02b5 mscorlib+0x30c9ff @ 0x7217c9ff mscorlib+0x302367 @ 0x72172367 mscorlib+0x3022a6 @ 0x721722a6 mscorlib+0x302261 @ 0x72172261 mscorlib+0x30ca7c @ 0x7217ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72e32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e42e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x72ed07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72ea7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72ea7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72ea7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x72e3c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72ed0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x72f4a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 78440880 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 78441084 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4b2e64d 0x4b2e5c2 0x4b2c19f 0x4b2608b 0x4b28ad7 0x6cd86b 0x6cecae DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72e32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e4264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72eb1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72eb1737 mscorlib+0x2d3711 @ 0x72143711 mscorlib+0x308f2d @ 0x72178f2d mscorlib+0x3133fd @ 0x721833fd 0x6c07e0 0x6c02b5 mscorlib+0x30c9ff @ 0x7217c9ff mscorlib+0x302367 @ 0x72172367 mscorlib+0x3022a6 @ 0x721722a6 mscorlib+0x302261 @ 0x72172261 mscorlib+0x30ca7c @ 0x7217ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72e32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e42e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x72ed07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72ea7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72ea7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72ea7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x72e3c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72ed0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x72f4a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 78440880 registers.edi: 1980555208 registers.eax: 16187392 registers.ebp: 78441084 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4b2e64d 0x4b2e5c2 0x4b2c19f 0x4b2608b 0x4b28ad7 0x6cd86b 0x6cecae DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72e32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e4264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72eb1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72eb1737 mscorlib+0x2d3711 @ 0x72143711 mscorlib+0x308f2d @ 0x72178f2d mscorlib+0x3133fd @ 0x721833fd 0x6c07e0 0x6c02b5 mscorlib+0x30c9ff @ 0x7217c9ff mscorlib+0x302367 @ 0x72172367 mscorlib+0x3022a6 @ 0x721722a6 mscorlib+0x302261 @ 0x72172261 mscorlib+0x30ca7c @ 0x7217ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72e32652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x72e4264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x72e42e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x72ed07d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72ea7d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72ea7dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72ea7e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x72e3c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72ed0694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x72f4a0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 78440880 registers.edi: 1980555208 registers.eax: 10027008 registers.ebp: 78441084 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 16777216 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 3735552 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 6684672 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 16777216 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 3735552 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 6684672 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 16777216 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 3735552 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 6684672 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 16777216 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 3735552 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 6684672 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 16777216 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 3735552 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 6684672 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 16777216 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 3735552 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 6684672 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 16777216 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 3735552 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 6684672 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 16777216 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 3735552 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 6684672 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 16777216 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 4194304 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 3735552 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 6684672 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Nov. 15, 2021, 5:59 p.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7670b37e 0x4a8ca3d 0x4a8c9b2 0x4a8ab31 0x4a85be3 0x4a87c57 0x75d72b 0x75e467 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72811838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72811737 mscorlib+0x2d3711 @ 0x71aa3711 mscorlib+0x308f2d @ 0x71ad8f2d mscorlib+0x3133fd @ 0x71ae33fd 0x7507e0 0x7502b5 mscorlib+0x30c9ff @ 0x71adc9ff mscorlib+0x302367 @ 0x71ad2367 mscorlib+0x3022a6 @ 0x71ad22a6 mscorlib+0x302261 @ 0x71ad2261 mscorlib+0x30ca7c @ 0x71adca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x72792652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727a264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727a2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728307d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72807d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72807dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72807e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x7279c3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72830694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728aa0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7670b479 registers.esp: 79556032 registers.edi: 1980555208 registers.eax: 16777216 registers.ebp: 79556236 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (9 events)

suspicious_features	POST method with no referer header, POST method with no useragent header	suspicious_request	POST http://colonna.ac.ug/softokn3.dll
suspicious_features	POST method with no referer header, POST method with no useragent header	suspicious_request	POST http://colonna.ac.ug/sqlite3.dll
suspicious_features	POST method with no referer header, POST method with no useragent header	suspicious_request	POST http://colonna.ac.ug/freebl3.dll
suspicious_features	POST method with no referer header, POST method with no useragent header	suspicious_request	POST http://colonna.ac.ug/mozglue.dll
suspicious_features	POST method with no referer header, POST method with no useragent header	suspicious_request	POST http://colonna.ac.ug/msvcp140.dll
suspicious_features	POST method with no referer header, POST method with no useragent header	suspicious_request	POST http://colonna.ac.ug/nss3.dll
suspicious_features	POST method with no referer header, POST method with no useragent header	suspicious_request	POST http://colonna.ac.ug/vcruntime140.dll
suspicious_features	POST method with no referer header, POST method with no useragent header	suspicious_request	POST http://colonna.ac.ug/main.php
suspicious_features	POST method with no referer header, POST method with no useragent header	suspicious_request	POST http://colonna.ac.ug/

Performs some HTTP requests (9 events)

request	POST http://colonna.ac.ug/softokn3.dll
request	POST http://colonna.ac.ug/sqlite3.dll
request	POST http://colonna.ac.ug/freebl3.dll
request	POST http://colonna.ac.ug/mozglue.dll
request	POST http://colonna.ac.ug/msvcp140.dll
request	POST http://colonna.ac.ug/nss3.dll
request	POST http://colonna.ac.ug/vcruntime140.dll
request	POST http://colonna.ac.ug/main.php
request	POST http://colonna.ac.ug/

Sends data using the HTTP POST Method (9 events)

request	POST http://colonna.ac.ug/softokn3.dll
request	POST http://colonna.ac.ug/sqlite3.dll
request	POST http://colonna.ac.ug/freebl3.dll
request	POST http://colonna.ac.ug/mozglue.dll
request	POST http://colonna.ac.ug/msvcp140.dll
request	POST http://colonna.ac.ug/nss3.dll
request	POST http://colonna.ac.ug/vcruntime140.dll
request	POST http://colonna.ac.ug/main.php
request	POST http://colonna.ac.ug/

Allocates read-write-execute memory (usually to unpack itself) (50 out of 128 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 655360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00510000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72e31000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72e32000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 1507328 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00bb0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00532000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00565000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0056b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00567000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0054c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0054a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0053a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00556000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0055a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00557000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 28672 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006c9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006cd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006ce000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00ebf000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00eb0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x006cf000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0054d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b21000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b23000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b24000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b25000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b26000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b27000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b28000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00eb1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b29000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0054e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b2a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b2b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00eb2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b2c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b2d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b2e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2844 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04b2f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 776 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6fea2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2264 region_size: 393216 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2264 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72791000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2264 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72792000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2264 region_size: 524288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x005b0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1

Steals private information from local Internet browsers (3 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Chromium\User Data\Local State
file	C:\Users\test22\AppData\Local\Nichrome\User Data\Local State

Creates executable files on the filesystem (11 events)

file	C:\Users\test22\AppData\Local\Temp\Ilzzmljftcwfeldyujdcyqy.vbs
file	C:\ProgramData\sqlite3.dll
file	C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe
file	C:\ProgramData\freebl3.dll
file	C:\ProgramData\msvcp140.dll
file	C:\Users\test22\AppData\Local\Temp\Ksyuxjtrazuidxiqmg.vbs
file	C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe
file	C:\ProgramData\nss3.dll
file	C:\ProgramData\vcruntime140.dll
file	C:\ProgramData\mozglue.dll
file	C:\ProgramData\softokn3.dll

Creates a suspicious process (2 events)

cmdline	"C:\Windows\System32\cmd.exe" /c taskkill /pid 2260 & erase C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe & RD /S /Q C:\\ProgramData\\880523887698104\\* & exit
cmdline	cmd.exe /c taskkill /pid 2260 & erase C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe & RD /S /Q C:\\ProgramData\\880523887698104\\* & exit

Drops a binary and executes it (4 events)

file	C:\Users\test22\AppData\Local\Temp\Ilzzmljftcwfeldyujdcyqy.vbs
file	C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe
file	C:\Users\test22\AppData\Local\Temp\Ksyuxjtrazuidxiqmg.vbs
file	C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe

Drops an executable to the user AppData folder (2 events)

file	C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe
file	C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe

Executes one or more WMI queries (1 event)

wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( ProcessId = 2260)

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW Nov. 15, 2021, 6 p.m.	show_type: 0 filepath_r: cmd.exe parameters: /c taskkill /pid 2260 & erase C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe & RD /S /Q C:\\ProgramData\\880523887698104\\* & exit filepath: cmd.exe	1	1	0

An executable file was downloaded by the process vcinpeamqerjfxlsvutgosconsoleapp11.exe (7 events)

Time & API	Arguments	Status	Return
InternetReadFile Nov. 15, 2021, 6 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $¢l$æ JOæ JOæ JOïuÙOê JO?oKNä JO?oINä JO?oONì JO?oNNí JOÄmKNä JO-nKNå JOæ KO~ JO-nNNò JO-nJNç JO-nµOç JO-nHNç JORichæ JOPEL¿bë[à"!¶b¼ÐP ±@¨¸È0xÐ@`ÐþT(ÿ@Ðl.textË´¶ `.rdata DÐFº@@.data @À.rsrcx0@@.reloc`@@B request_handle: 0x00cc000c	1	1
InternetReadFile Nov. 15, 2021, 6 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELê=Sv?à!ÐàXà` 8Ã °ÐL ü'ð¬Ñp.textÀÎÐ`0`.data°àÖ@@À.rdata$ð®æ@@@.bss @À.edata°@0@.idataL Ð®@0À.CRTàº@0À.tls ð¼@0À.relocü'(¾@0B/4`0æ@@B/19È@è@B/35MPì@B/51`C`Dô@B/63 °8@B/77ÀF@B/89ÐR request_handle: 0x00cc000c	1	1
InternetReadFile Nov. 15, 2021, 6 p.m.	buffer: MZÿÿ¸@ º´ Í!¸LÍ!This program cannot be run in DOS mode. $Àð/AVAVAVéÒVAV]ó@WAV1VAV]óBWAV]óDWAV]óEWAV¦ñ@WAVOò@WAV@VÖAVOòBWAVOòEWÀAVOòAWAVOò¾VAVOòCWAVRichAVPELØbë[à"!Øf)Ýðp£s@pæPÀæÈ@xüÐPà0âTâ@ð8.texttÖØ `.rdataüþðÜ@@.data,HðÜ@À.rsrcx@à@@.relocàPä@B request_handle: 0x00cc000c	1	1
InternetReadFile Nov. 15, 2021, 6 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $ÂU±É£;âÉ£;âÉ£;âÀÛ¨âÙ£;âWüâË£;âÁ8ãÇ£;âÁ?ãÂ£;âÁ:ãÍ£;âÁ>ãÛ£;âëÃ:ãÀ£;âÉ£:âw£;âÀ?ãÈ£;âÀ>ãÝ£;âÀ;ãÈ£;âÀÄâÈ£;âÀ9ãÈ£;âRichÉ£;âPELÄ_ë[à"!zà@3@A@Àt´Þ, xúÐ0h¹TT¹h¸@ôl¾.textÊxz `.rdata^ef~@@.data¼ä@À.didat8æ@À.rsrcx è@@.reloch0ì@B request_handle: 0x00cc000c	1	1
InternetReadFile Nov. 15, 2021, 6 p.m.	buffer: MZÿÿ¸@øº´ Í!¸LÍ!This program cannot be run in DOS mode. $¦È¼Aâ©Òâ©Òâ©ÒV5=à©ÒëÑAú©Ò;ËÓá©Òâ©Ó"©Ò;ËÑë©Ò;ËÖî©Ò;Ë×ô©Ò;ËÚ©Ò;ËÒã©Ò;Ë-ã©Ò;ËÐã©ÒRichâ©ÒPEL8'Yà"!P± Ðaz@AðCÏôR,øx8?4:ðf8È(@Pð@@.textr `.data( @À.idata6P @@.didat4p6@À.rsrcø8@@.reloc4:<<@B request_handle: 0x00cc000c	1	1
InternetReadFile Nov. 15, 2021, 6 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $#4gâZßgâZßgâZßnÉßsâZß¾[ÞeâZßùBßcâZß¾YÞjâZß¾_ÞmâZß¾^ÞlâZßE[ÞoâZß¬[ÞdâZßgâ[ßâZß¬^ÞmãZß¬ZÞfâZß¬¥ßfâZß¬XÞfâZßRichgâZßPELbë[à"!êwð@·»@ =T°pæÐÀ}pTÈ@ø.textèê `.rdataRTî@@.datatG`"B@À.rsrcp°d@@.reloc}À~h@B request_handle: 0x00cc000c	1	1
InternetReadFile Nov. 15, 2021, 6 p.m.	buffer: MZÿÿ¸@ðº´ Í!¸LÍ!This program cannot be run in DOS mode. $ù£NEÍEÍEÍñ"GÍLà^NÍEÌlÍúÉUÍúÎVÍúÈAÍúÅ_ÍúÍDÍú2DÍúÏDÍRichEÍPEL8'Yà"!ê ® @¼@A°ð À H?0 °8è@¼.textÄéê `.dataDî@À.idata¸ð@@.rsrc ö@@.reloc 0ü@B request_handle: 0x00cc000c	1	1

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x0010ee00', u'virtual_address': u'0x00002000', u'entropy': 7.785666306009907, u'name': u'.text', u'virtual_size': u'0x0010edf0'}

entropy

7.78566630601

description

A section with a high entropy has been found

entropy

0.988144094847

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (4 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW Nov. 15, 2021, 5:59 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Nov. 15, 2021, 5:59 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Nov. 15, 2021, 5:59 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Nov. 15, 2021, 6 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Yara rule detected in process memory (19 events)

description	Steal credential	rule	local_credential_Steal
description	Take ScreenShot	rule	ScreenShot
description	Match Windows Http API call	rule	Str_Win32_Http_API
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Queries for potentially installed applications (39 events)

Time & API	Arguments	Status
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall base_handle: 0x80000002 key_handle: 0x00000338 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\AddressBook base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\Connection Manager base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\DirectDrawEx base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\EditPlus base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\ENTERPRISE base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\Fontcore base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\Google Chrome base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\Haansoft HWord 80 Korean base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\IE40 base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\IE4Data base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\IE5BAKEX base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\IEData base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\MobileOptionPack base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\SchedulingAgent base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\WIC base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExA Nov. 15, 2021, 6 p.m.	regkey_r: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x80000002 key_handle: 0x0000033c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1

Terminates another process (20 events)

Time & API	Arguments	Status
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2584 process_handle: 0x00000248
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2584 process_handle: 0x00000248	1
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2640 process_handle: 0x000003e0
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2640 process_handle: 0x000003e0	1
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2724 process_handle: 0x00000380
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2724 process_handle: 0x00000380	1
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2840 process_handle: 0x0000037c
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2840 process_handle: 0x0000037c	1
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2908 process_handle: 0x000003dc
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2908 process_handle: 0x000003dc	1
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2596 process_handle: 0x000003e4
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2596 process_handle: 0x000003e4	1
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2576 process_handle: 0x000003ec
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 2576 process_handle: 0x000003ec	1
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 3036 process_handle: 0x000003f4
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 3036 process_handle: 0x000003f4	1
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 548 process_handle: 0x000003fc
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 548 process_handle: 0x000003fc	1
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 1672 process_handle: 0x00000408
NtTerminateProcess Nov. 15, 2021, 5:59 p.m.	status_code: 0xffffffff process_identifier: 1672 process_handle: 0x00000408	1

Uses Windows utilities for basic Windows functionality (3 events)

cmdline	taskkill /pid 2260
cmdline	"C:\Windows\System32\cmd.exe" /c taskkill /pid 2260 & erase C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe & RD /S /Q C:\\ProgramData\\880523887698104\\* & exit
cmdline	cmd.exe /c taskkill /pid 2260 & erase C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe & RD /S /Q C:\\ProgramData\\880523887698104\\* & exit

Communicates with host for which no DNS query was performed (5 events)

host	185.163.47.176
host	193.38.54.238
host	74.119.192.122
host	91.219.236.162
host	91.219.236.240

Allocates execute permission to another process indicative of possible code injection (12 events)

Time & API	Arguments	Status	Return
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2132 region_size: 593920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000270	1	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2584 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000024c		3221225496
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2640 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000244		3221225496
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2724 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000254		3221225496
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2840 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003b4		3221225496
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2908 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000374		3221225496
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2596 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000384		3221225496
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2576 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003d0		3221225496
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 3036 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003e8		3221225496
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 548 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003f0		3221225496
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 1672 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003f8		3221225496
NtAllocateVirtualMemory Nov. 15, 2021, 6 p.m.	process_identifier: 2260 region_size: 212992 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000024c	1	0

Checks the CPU name from registry, possibly for anti-virtualization (1 event)

registry

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString

Attempts to access Bitcoin/ALTCoin wallets (19 events)

file	C:\Users\test22\AppData\Roaming\Bitcoin\
file	C:\Users\test22\AppData\Roaming\Electrum\wallets\
file	C:\Users\test22\AppData\Roaming\Litecoin\
file	C:\Users\test22\AppData\Roaming\Namecoin\
file	C:\Users\test22\AppData\Roaming\Terracoin\
file	C:\Users\test22\AppData\Roaming\Primecoin\
file	C:\Users\test22\AppData\Roaming\Freicoin\
file	C:\Users\test22\AppData\Roaming\devcoin\
file	C:\Users\test22\AppData\Roaming\Franko\
file	C:\Users\test22\AppData\Roaming\Megacoin\
file	C:\Users\test22\AppData\Roaming\Infinitecoin\
file	C:\Users\test22\AppData\Roaming\Ixcoin\
file	C:\Users\test22\AppData\Roaming\Anoncoin\
file	C:\Users\test22\AppData\Roaming\BBQCoin\
file	C:\Users\test22\AppData\Roaming\digitalcoin\
file	C:\Users\test22\AppData\Roaming\Mincoin\
file	C:\Users\test22\AppData\Roaming\GoldCoin (GLD)\
file	C:\Users\test22\AppData\Roaming\YACoin\
file	C:\Users\test22\AppData\Roaming\Florincoin\

Deletes executed files from disk (1 event)

file	C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe

Manipulates memory of a non-child process indicative of process injection (20 events)

Time & API	Arguments	Return	Repeated
Process injection	Process 2264 manipulating memory of non-child process 2584
Process injection	Process 2264 manipulating memory of non-child process 2640
Process injection	Process 2264 manipulating memory of non-child process 2724
Process injection	Process 2264 manipulating memory of non-child process 2840
Process injection	Process 2264 manipulating memory of non-child process 2908
Process injection	Process 2264 manipulating memory of non-child process 2596
Process injection	Process 2264 manipulating memory of non-child process 2576
Process injection	Process 2264 manipulating memory of non-child process 3036
Process injection	Process 2264 manipulating memory of non-child process 548
Process injection	Process 2264 manipulating memory of non-child process 1672
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2584 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000024c	3221225496	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2640 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000244	3221225496	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2724 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000254	3221225496	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2840 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003b4	3221225496	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2908 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000374	3221225496	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2596 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000384	3221225496	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2576 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003d0	3221225496	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 3036 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003e8	3221225496	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 548 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003f0	3221225496	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 1672 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003f8	3221225496	0

Potential code injection by writing to the memory of another process (4 events)

Time & API	Arguments	Status	Return
WriteProcessMemory Nov. 15, 2021, 5:59 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $qý¶M5Ø5Ø5Ø!÷Û$Ø!÷ÝØ!÷ß4ØgéÜ&ØgéÛ-ØgéÝzØ!÷Ü,Ø!÷Þ4Ø!÷Ù.Ø5ÙÀØéÑ:ØéÚ4ØRich5ØPELÆaà Lvñ°@ @H2°RË8ÀË@°¸.textÈ `.rdataV°¤@@.datap\PN>@À.relocR°T@B base_address: 0x00400000 process_identifier: 2132 process_handle: 0x00000270	1	1
WriteProcessMemory Nov. 15, 2021, 5:59 p.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2132 process_handle: 0x00000270	1	1
WriteProcessMemory Nov. 15, 2021, 6 p.m.	buffer: MZÿÿ¸@øº´ Í!¸LÍ!This program cannot be run in DOS mode. $8±K¿\|Ð%ì\|Ð%ì\|Ð%ìï½ì}Ð%ì¦»ìdÐ%ì¦ìùÐ%ì¦ìOÐ%ìu¨¦ì~Ð%ìu¨¶ì{Ð%ì\|Ð$ìÐ%ì¦ìvÐ%ì¦¸ì}Ð%ìRich\|Ð%ìPELÎ^à 0âz@@@D¨Pôh@@.text.0 `.rdatalq@r4@@.data¨CÀ¦@À.reloc0+,¸@B base_address: 0x00400000 process_identifier: 2260 process_handle: 0x0000024c	1	1
WriteProcessMemory Nov. 15, 2021, 6 p.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2260 process_handle: 0x0000024c	1	1

Code injection by writing an executable or DLL to the memory of another process (2 events)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory Nov. 15, 2021, 5:59 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $qý¶M5Ø5Ø5Ø!÷Û$Ø!÷ÝØ!÷ß4ØgéÜ&ØgéÛ-ØgéÝzØ!÷Ü,Ø!÷Þ4Ø!÷Ù.Ø5ÙÀØéÑ:ØéÚ4ØRich5ØPELÆaà Lvñ°@ @H2°RË8ÀË@°¸.textÈ `.rdataV°¤@@.datap\PN>@À.relocR°T@B base_address: 0x00400000 process_identifier: 2132 process_handle: 0x00000270	1	1	0
WriteProcessMemory Nov. 15, 2021, 6 p.m.	buffer: MZÿÿ¸@øº´ Í!¸LÍ!This program cannot be run in DOS mode. $8±K¿\|Ð%ì\|Ð%ì\|Ð%ìï½ì}Ð%ì¦»ìdÐ%ì¦ìùÐ%ì¦ìOÐ%ìu¨¦ì~Ð%ìu¨¶ì{Ð%ì\|Ð$ìÐ%ì¦ìvÐ%ì¦¸ì}Ð%ìRich\|Ð%ìPELÎ^à 0âz@@@D¨Pôh@@.text.0 `.rdatalq@r4@@.data¨CÀ¦@À.reloc0+,¸@B base_address: 0x00400000 process_identifier: 2260 process_handle: 0x0000024c	1	1	0

Collects information about installed applications (27 events)

Time & API	Arguments	Status
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: ????? ?? 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: ????? ?? 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExA Nov. 15, 2021, 6 p.m.	key_handle: 0x0000033c regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1

Harvests credentials from local email clients (1 event)

file	C:\Users\test22\AppData\Roaming\Thunderbird\profiles.ini

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2844 called NtSetContextThread to modify thread in remote process 2132
Process injection	Process 1568 called NtSetContextThread to modify thread in remote process 2260
NtSetContextThread Nov. 15, 2021, 5:59 p.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4452726 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000003e0 process_identifier: 2132	1	0	0
NtSetContextThread Nov. 15, 2021, 6 p.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4291211 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000248 process_identifier: 2260	1	0	0

One or more non-whitelisted processes were created (4 events)

parent_process	wscript.exe	martian_process	"C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe"
parent_process	wscript.exe	martian_process	C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe
parent_process	wscript.exe	martian_process	C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe
parent_process	wscript.exe	martian_process	"C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe"

Resumed a suspended thread in a remote process potentially indicative of process injection (4 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2844 resumed a thread in remote process 2132
Process injection	Process 1568 resumed a thread in remote process 2260
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x000003e0 suspend_count: 1 process_identifier: 2132	1	0	0
NtResumeThread Nov. 15, 2021, 6 p.m.	thread_handle: 0x00000248 suspend_count: 1 process_identifier: 2260	1	0	0

Executed a process and injected code into it, probably while unpacking (50 out of 74 events)

Time & API	Arguments	Status	Return
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x000000e4 suspend_count: 1 process_identifier: 2844	1	0
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x00000158 suspend_count: 1 process_identifier: 2844	1	0
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x00000194 suspend_count: 1 process_identifier: 2844	1	0
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x00000214 suspend_count: 1 process_identifier: 2844	1	0
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x00000250 suspend_count: 1 process_identifier: 2844	1	0
CreateProcessInternalW Nov. 15, 2021, 5:59 p.m.	thread_identifier: 2124 thread_handle: 0x000003dc process_identifier: 776 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\wscript.exe track: 1 command_line: "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\Ilzzmljftcwfeldyujdcyqy.vbs" filepath_r: C:\Windows\System32\WScript.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003d0	1	1
CreateProcessInternalW Nov. 15, 2021, 5:59 p.m.	thread_identifier: 2120 thread_handle: 0x000003e0 process_identifier: 2132 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\asdfg.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000270	1	1
NtGetContextThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x000003e0	1	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2132 region_size: 593920 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000270	1	0
WriteProcessMemory Nov. 15, 2021, 5:59 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $qý¶M5Ø5Ø5Ø!÷Û$Ø!÷ÝØ!÷ß4ØgéÜ&ØgéÛ-ØgéÝzØ!÷Ü,Ø!÷Þ4Ø!÷Ù.Ø5ÙÀØéÑ:ØéÚ4ØRich5ØPELÆaà Lvñ°@ @H2°RË8ÀË@°¸.textÈ `.rdataV°¤@@.datap\PN>@À.relocR°T@B base_address: 0x00400000 process_identifier: 2132 process_handle: 0x00000270	1	1
WriteProcessMemory Nov. 15, 2021, 5:59 p.m.	buffer: base_address: 0x00401000 process_identifier: 2132 process_handle: 0x00000270	1	1
WriteProcessMemory Nov. 15, 2021, 5:59 p.m.	buffer: base_address: 0x0046b000 process_identifier: 2132 process_handle: 0x00000270	1	1
WriteProcessMemory Nov. 15, 2021, 5:59 p.m.	buffer: base_address: 0x00485000 process_identifier: 2132 process_handle: 0x00000270	1	1
WriteProcessMemory Nov. 15, 2021, 5:59 p.m.	buffer: base_address: 0x0048b000 process_identifier: 2132 process_handle: 0x00000270	1	1
WriteProcessMemory Nov. 15, 2021, 5:59 p.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2132 process_handle: 0x00000270	1	1
NtSetContextThread Nov. 15, 2021, 5:59 p.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4452726 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000003e0 process_identifier: 2132	1	0
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x000003e0 suspend_count: 1 process_identifier: 2132	1	0
CreateProcessInternalW Nov. 15, 2021, 5:59 p.m.	thread_identifier: 316 thread_handle: 0x0000031c process_identifier: 2264 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x00000324	1	1
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x00000144 suspend_count: 1 process_identifier: 2132	1	0
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x000000e4 suspend_count: 1 process_identifier: 2264	1	0
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x0000015c suspend_count: 1 process_identifier: 2264	1	0
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x0000019c suspend_count: 1 process_identifier: 2264	1	0
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x00000218 suspend_count: 1 process_identifier: 2264	1	0
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x00000254 suspend_count: 1 process_identifier: 2264	1	0
CreateProcessInternalW Nov. 15, 2021, 5:59 p.m.	thread_identifier: 2476 thread_handle: 0x000003dc process_identifier: 2480 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\wscript.exe track: 1 command_line: "C:\Windows\System32\WScript.exe" "C:\Users\test22\AppData\Local\Temp\Ksyuxjtrazuidxiqmg.vbs" filepath_r: C:\Windows\System32\WScript.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003d0	1	1
NtResumeThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x000003b8 suspend_count: 1 process_identifier: 2264	1	0
CreateProcessInternalW Nov. 15, 2021, 5:59 p.m.	thread_identifier: 2580 thread_handle: 0x00000250 process_identifier: 2584 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x0000024c	1	1
NtGetContextThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x00000250	1	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2584 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000024c		3221225496
CreateProcessInternalW Nov. 15, 2021, 5:59 p.m.	thread_identifier: 2544 thread_handle: 0x00000248 process_identifier: 2640 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000244	1	1
NtGetContextThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x00000248	1	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2640 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000244		3221225496
CreateProcessInternalW Nov. 15, 2021, 5:59 p.m.	thread_identifier: 2716 thread_handle: 0x000003e0 process_identifier: 2724 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000254	1	1
NtGetContextThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x000003e0	1	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2724 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000254		3221225496
CreateProcessInternalW Nov. 15, 2021, 5:59 p.m.	thread_identifier: 2832 thread_handle: 0x00000380 process_identifier: 2840 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000003b4	1	1
NtGetContextThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x00000380	1	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2840 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003b4		3221225496
CreateProcessInternalW Nov. 15, 2021, 5:59 p.m.	thread_identifier: 2904 thread_handle: 0x0000037c process_identifier: 2908 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000374	1	1
NtGetContextThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x0000037c	1	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2908 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000374		3221225496
CreateProcessInternalW Nov. 15, 2021, 5:59 p.m.	thread_identifier: 2636 thread_handle: 0x000003dc process_identifier: 2596 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000384	1	1
NtGetContextThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x000003dc	1	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2596 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000384		3221225496
CreateProcessInternalW Nov. 15, 2021, 5:59 p.m.	thread_identifier: 2572 thread_handle: 0x000003e4 process_identifier: 2576 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000003d0	1	1
NtGetContextThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x000003e4	1	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 2576 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003d0		3221225496
CreateProcessInternalW Nov. 15, 2021, 5:59 p.m.	thread_identifier: 832 thread_handle: 0x000003ec process_identifier: 3036 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000003e8	1	1
NtGetContextThread Nov. 15, 2021, 5:59 p.m.	thread_handle: 0x000003ec	1	0
NtAllocateVirtualMemory Nov. 15, 2021, 5:59 p.m.	process_identifier: 3036 region_size: 131072 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000003e8		3221225496

File has been identified by 39 AntiVirus engines on VirusTotal as malicious (39 events)

Elastic	malicious (high confidence)
MicroWorld-eScan	Trojan.GenericKD.38017298
FireEye	Trojan.GenericKD.38017298
Cylance	Unsafe
Alibaba	Trojan:Win32/Kryptik.ali2000016
Arcabit	Trojan.Generic.D2441912
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Generik.BAKQVYL
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Dropper.Generic-7113183-0
Kaspersky	HEUR:Trojan-Downloader.MSIL.Seraph.gen
BitDefender	Trojan.GenericKD.38017298
Avast	Win32:MalwareX-gen [Trj]
Ad-Aware	Trojan.GenericKD.38017298
Sophos	Mal/Generic-S
Comodo	.UnclassifiedMalware@0
DrWeb	Trojan.Siggen15.40993
McAfee-GW-Edition	Artemis!Trojan
Emsisoft	Trojan.GenericKD.38017298 (B)
SentinelOne	Static AI - Malicious PE
Avira	HEUR/AGEN.1142543
Kingsoft	Win32.PSWTroj.Undef.(kcloud)
Gridinsoft	Ransom.Win32.AzorUlt.sa
Microsoft	Trojan:Win32/Woreflint.A!cl
GData	Trojan.GenericKD.38017298
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win.MalwareX-gen.C4770399
McAfee	Artemis!6966182DD203
MAX	malware (ai score=87)
Malwarebytes	Malware.AI.3161454349
Ikarus	Trojan.MSIL.Agent
eGambit	Trojan.Generic
Fortinet	Malicious_Behavior.SB
BitDefenderTheta	Gen:NN.ZemsilF.34266.en0@aCfkvpf
AVG	Win32:MalwareX-gen [Trj]
Panda	Trj/GdSda.A
CrowdStrike	win/malicious_confidence_80% (W)
MaxSecure	Trojan.Malware.300983.susgen

The process wscript.exe wrote an executable file to disk which it then attempted to execute (3 events)

file	C:\Windows\SysWOW64\wscript.exe
file	C:\Users\test22\AppData\Local\Temp\Tyjigybwjylnokucizpstzjwazconsoleapp18.exe
file	C:\Users\test22\AppData\Local\Temp\Vcinpeamqerjfxlsvutgosconsoleapp11.exe

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (7 events)

dead_host	192.168.56.101:49181
dead_host	192.168.56.101:49180
dead_host	74.119.192.122:80
dead_host	192.168.56.101:49179
dead_host	192.168.56.101:49178
dead_host	192.168.56.101:49176
dead_host	192.168.56.101:49182

asdfg.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All