Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 20, 2022, 9:37 a.m.	Jan. 20, 2022, 9:40 a.m.

Size	173.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`f49ec9a85b03f6f03d3e05329ba80f91`
SHA256	`f420ba1ed17f9532894fe5b5a914943d003bc81146fecd1d7fdcbb4458ba470a`
CRC32	`22A320F5`
ssdeep	`768:+jYzvfbvzaYPtSHPWcmhVm13jPJXt9qoST/p80yX6moPCdj09:+szfb6G/p80yX6moP+j09`
Yara	PE_Header_Zero - PE File Signature Generic_Malware_Zero - Generic Malware IsPE32 - (no description) Is_DotNET_EXE - (no description) Win_Backdoor_AsyncRAT_Zero - Win Backdoor AsyncRAT

5510542784046312.exe "C:\Users\test22\AppData\Local\Temp\5510542784046312.exe"
2320
- powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc YwBtAGQAIAAvAGMAIAB0AGkAbQBlAG8AdQB0ACAAMQA5AA==
  2464
  - cmd.exe "C:\Windows\system32\cmd.exe" /c timeout 19
    2564
    - timeout.exe timeout 19
      2608
- 5510542784046312.exe C:\Users\test22\AppData\Local\Temp\5510542784046312.exe
  3052

Name	Response	Post-Analysis Lookup
ozzyingilizce.com	A 159.253.41.162	159.253.41.162
checkip.dyndns.org	A 132.226.8.169 CNAME checkip.dyndns.com A 193.122.130.0 A 132.226.247.73 A 158.101.44.242 A 193.122.6.168	193.122.130.0
freegeoip.app	A 162.159.137.85 A 162.159.138.85	162.159.137.85

IP Address	Status	Action
132.226.8.169	Active	Moloch
159.253.41.162	Active	Moloch
162.159.137.85	Active	Moloch
164.124.101.2	Active	Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Queries for the computername (7 events)

Time & API	Arguments	Status	Return
GetComputerNameW Jan. 20, 2022, 9:36 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Jan. 20, 2022, 9:36 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Jan. 20, 2022, 9:36 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Jan. 20, 2022, 9:36 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA Jan. 20, 2022, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Jan. 20, 2022, 9:37 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Jan. 20, 2022, 9:38 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (5 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 20, 2022, 9:36 a.m.			0	0
IsDebuggerPresent Jan. 20, 2022, 9:36 a.m.			0	0
IsDebuggerPresent Jan. 20, 2022, 9:36 a.m.			0	0
IsDebuggerPresent Jan. 20, 2022, 9:38 a.m.			0	0
IsDebuggerPresent Jan. 20, 2022, 9:38 a.m.			0	0

Command line console output was observed (2 events)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Jan. 20, 2022, 9:37 a.m.	buffer: Waiting for 19 console_handle: 0x00000007	1	1	0
WriteConsoleW Jan. 20, 2022, 9:37 a.m.	buffer: seconds, press a key to continue ... console_handle: 0x00000007	1	1	0

Uses Windows APIs to generate a cryptographic key (50 events)

Time & API	Arguments	Status	Return
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003f1d48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003f1d48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003f1e48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003f1e48 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353720 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353ca0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353ca0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353ca0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353ea0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353ea0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353ea0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353ea0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353ea0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353ea0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353ca0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353ca0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353ca0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003532e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003532e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:36 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003532e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353ba0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003532e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003532e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003532e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003532e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003532e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003532e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x003532e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00354020 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353f60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:37 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00353f60 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:38 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x004b1ac0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:38 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x004b1b00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:38 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x004b1b00 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:38 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005481c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:38 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005481c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Jan. 20, 2022, 9:38 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00547f40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Jan. 20, 2022, 9:36 a.m.		1	1	0

One or more processes crashed (50 out of 340 events)

Time & API	Arguments	Status
__exception__ Jan. 20, 2022, 9:37 a.m.	stacktrace: K32EnumProcessModules+0x18 RegisterApplicationRestart-0x1be kernel32+0x3b37e @ 0x7689b37e 0x4f7b49d 0x641e02 0x638687 0x63a42c 0x63a0e6 0x6375f4 0x637541 0x6374a8 0x660584 0x66040e 0x6600c5 0x6375f4 0x637541 0x6374a8 0x660584 0x66040e 0x6600c5 0x6375f4 0x637541 0x6374a8 0x660584 0x66040e 0x6600c5 0x6375f4 0x637541 0x6374a8 0x630fd9 0x630f9b 0x630f5d 0x63e0ca DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73972652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7398264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x739f1838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x739f1737 mscorlib+0x2d3711 @ 0x722a3711 mscorlib+0x308f2d @ 0x722d8f2d mscorlib+0x2cb060 @ 0x7229b060 0x78107e 0x7800f2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x73972652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7398264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73982e95 CopyPDBs+0x4c45 DllCanUnloadNowInternal-0x3c392 clr+0x19a887 @ 0x73b0a887 DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x73a37610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73ac1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73ac1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73ac1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73ac416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7401f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 89 04 91 c7 45 fc fe ff ff ff ff 45 10 81 7d 10 exception.symbol: K32EnumProcessModules+0x113 RegisterApplicationRestart-0xc3 kernel32+0x3b479 exception.instruction: mov dword ptr [ecx + edx*4], eax exception.module: KERNEL32.dll exception.exception_code: 0xc0000005 exception.offset: 242809 exception.address: 0x7689b479 registers.esp: 3532956 registers.edi: 1987043272 registers.eax: 17301504 registers.ebp: 3533160 registers.edx: 0 registers.ebx: 0 registers.esi: 1 registers.ecx: 0	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab1094 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 39 09 e8 0d e2 7c 70 89 85 e0 fe ff ff 8b 8d e0 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab2924 registers.esp: 3600068 registers.edi: 3600468 registers.eax: 0 registers.ebp: 3600476 registers.edx: 38474280 registers.ebx: 3600684 registers.esi: 0 registers.ecx: 0	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab33d2 0xab109b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 40 04 89 45 c8 33 d2 89 55 c4 90 e9 9a 00 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ca8 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38943320 registers.ecx: 38915948	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab33d2 0xab109b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 f6 27 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3cc9 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38943320 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab33d2 0xab109b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 24 27 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3d9b registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38943320 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab33d2 0xab109b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 dd 26 0d exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3e64 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38943320 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab33d2 0xab109b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 1a 26 0d 73 8b 4c 82 0c e8 0c exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ea5 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38943320 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab33d2 0xab109b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 dd 25 0d 73 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ee2 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38943320 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab33d2 0xab109b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 2d 25 0d 73 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3f92 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38943320 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab33d2 0xab109b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 fe 23 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab40c1 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38943320 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4388 0xab10a2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 40 04 89 45 c8 33 d2 89 55 c4 90 e9 9a 00 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ca8 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38948220 registers.ecx: 38915948	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4388 0xab10a2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 f6 27 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3cc9 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38948220 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4388 0xab10a2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 24 27 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3d9b registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38948220 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4388 0xab10a2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 dd 26 0d exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3e64 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38948220 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4388 0xab10a2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 1a 26 0d 73 8b 4c 82 0c e8 0c exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ea5 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38948220 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4388 0xab10a2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 dd 25 0d 73 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ee2 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38948220 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4388 0xab10a2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 2d 25 0d 73 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3f92 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38948220 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4388 0xab10a2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 fe 23 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab40c1 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38948220 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab47e8 0xab10a9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 40 04 89 45 c8 33 d2 89 55 c4 90 e9 9a 00 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ca8 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38952980 registers.ecx: 38915948	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab47e8 0xab10a9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 f6 27 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3cc9 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38952980 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab47e8 0xab10a9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 24 27 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3d9b registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38952980 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab47e8 0xab10a9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 dd 26 0d exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3e64 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38952980 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab47e8 0xab10a9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 1a 26 0d 73 8b 4c 82 0c e8 0c exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ea5 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38952980 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab47e8 0xab10a9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 dd 25 0d 73 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ee2 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38952980 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab47e8 0xab10a9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 2d 25 0d 73 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3f92 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38952980 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab47e8 0xab10a9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 fe 23 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab40c1 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38952980 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4c48 0xab10b0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 40 04 89 45 c8 33 d2 89 55 c4 90 e9 9a 00 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ca8 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38957744 registers.ecx: 38915948	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4c48 0xab10b0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 f6 27 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3cc9 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38957744 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4c48 0xab10b0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 24 27 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3d9b registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38957744 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4c48 0xab10b0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 dd 26 0d exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3e64 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38957744 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4c48 0xab10b0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 1a 26 0d 73 8b 4c 82 0c e8 0c exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ea5 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38957744 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4c48 0xab10b0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 dd 25 0d 73 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ee2 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38957744 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4c48 0xab10b0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 2d 25 0d 73 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3f92 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38957744 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4c48 0xab10b0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 fe 23 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab40c1 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38957744 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab50a8 0xab10b7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 40 04 89 45 c8 33 d2 89 55 c4 90 e9 9a 00 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ca8 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38962528 registers.ecx: 38915948	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab50a8 0xab10b7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 f6 27 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3cc9 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38962528 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab50a8 0xab10b7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 24 27 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3d9b registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38962528 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab50a8 0xab10b7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 dd 26 0d exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3e64 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38962528 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab50a8 0xab10b7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 1a 26 0d 73 8b 4c 82 0c e8 0c exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ea5 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38962528 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab50a8 0xab10b7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 dd 25 0d 73 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3ee2 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38962528 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab50a8 0xab10b7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 2d 25 0d 73 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab3f92 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38962528 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab50a8 0xab10b7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 fe 23 0d 73 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xab40c1 registers.esp: 3600056 registers.edi: 3600256 registers.eax: 0 registers.ebp: 3600272 registers.edx: 0 registers.ebx: 3600684 registers.esi: 38962528 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4113 0xab5508 0xab10be DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 50 04 b8 01 00 00 00 2b d0 71 05 e8 9d b5 0c exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xabafa4 registers.esp: 3598016 registers.edi: 3598852 registers.eax: 0 registers.ebp: 3600040 registers.edx: 0 registers.ebx: 0 registers.esi: 38967352 registers.ecx: 1	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4113 0xab5508 0xab10be DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 41 b5 0c exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xabb000 registers.esp: 3598016 registers.edi: 3598852 registers.eax: 0 registers.ebp: 3600040 registers.edx: 0 registers.ebx: 0 registers.esi: 38967352 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4113 0xab5508 0xab10be DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 87 b4 0c 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xabb038 registers.esp: 3598016 registers.edi: 3598852 registers.eax: 0 registers.ebp: 3600040 registers.edx: 0 registers.ebx: 0 registers.esi: 38967352 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4113 0xab5508 0xab10be DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 2d b4 0c 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xabb092 registers.esp: 3598016 registers.edi: 3598852 registers.eax: 0 registers.ebp: 3600040 registers.edx: 0 registers.ebx: 0 registers.esi: 38967352 registers.ecx: 4746324	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4113 0xab5508 0xab10be DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 72 05 e8 c7 b1 0c 73 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xabb2f8 registers.esp: 3598012 registers.edi: 3598256 registers.eax: 0 registers.ebp: 3600040 registers.edx: 0 registers.ebx: 0 registers.esi: 38967352 registers.ecx: 3330020443	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xab4113 0xab5508 0xab10be DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 4f 04 72 05 e8 14 a8 0c 73 c1 e1 04 8d 4c 0f exception.instruction: cmp ecx, dword ptr [edi + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xabbcab registers.esp: 3598016 registers.edi: 0 registers.eax: 0 registers.ebp: 3600040 registers.edx: 0 registers.ebx: 0 registers.esi: 38967352 registers.ecx: 0	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xabca30 0xab5569 0xab10be DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xabcc39 registers.esp: 3600064 registers.edi: 3600132 registers.eax: 0 registers.ebp: 3600148 registers.edx: 0 registers.ebx: 0 registers.esi: 38967352 registers.ecx: 39238956	1
__exception__ Jan. 20, 2022, 9:38 a.m.	stacktrace: 0xabca30 0xab5586 0xab10be DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x738f2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x7390264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x73902e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x739b74ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x739b7610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x73a41dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x73a41e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x73a41f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x73a4416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x73f9f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x742a7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x742a4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x772e9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x772e9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xabcc39 registers.esp: 3600064 registers.edi: 3600132 registers.eax: 3 registers.ebp: 3600148 registers.edx: 0 registers.ebx: 0 registers.esi: 38967352 registers.ecx: 39238956	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 events)

suspicious_features	GET method with no useragent header				suspicious_request	GET http://ozzyingilizce.com/wp-content/sgu/5510542784046312.png
suspicious_features	GET method with no useragent header				suspicious_request	GET https://freegeoip.app/xml/175.208.134.150

Connects to a Dynamic DNS Domain (1 event)

domain

checkip.dyndns.org

Performs some HTTP requests (3 events)

request	GET http://ozzyingilizce.com/wp-content/sgu/5510542784046312.png
request	GET http://checkip.dyndns.org/
request	GET https://freegeoip.app/xml/175.208.134.150

Allocates read-write-execute memory (usually to unpack itself) (50 out of 259 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 2293760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00890000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a80000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73971000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73972000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 786432 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00710000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00790000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00512000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00545000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0054b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00547000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00780000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0051a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0053a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00537000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:36 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00536000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0053b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00781000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00782000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00784000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 32768 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00785000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0078d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0051c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0078e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0078f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00630000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00631000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00632000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00633000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00634000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00635000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00636000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00637000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00638000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0052f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00639000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0063a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0063b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0063c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0064f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00640000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0063d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0063e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0063f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00660000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00661000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00662000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 2320 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00663000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Steals private information from local Internet browsers (6 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Roaming\Opera\Opera\profile\wand.dat
file	C:\Users\test22\AppData\Local\Chromium\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Nichrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Yandex\YandexBrowser\User Data\Default\Ya Login Data

Looks up the external IP address (1 event)

domain

checkip.dyndns.org

Creates a shortcut to an executable file (1 event)

file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

Creates a suspicious process (3 events)

cmdline	powershell -enc YwBtAGQAIAAvAGMAIAB0AGkAbQBlAG8AdQB0ACAAMQA5AA==
cmdline	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc YwBtAGQAIAAvAGMAIAB0AGkAbQBlAG8AdQB0ACAAMQA5AA==
cmdline	"C:\Windows\system32\cmd.exe" /c timeout 19

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
ShellExecuteExW Jan. 20, 2022, 9:36 a.m.	show_type: 0 filepath_r: powershell parameters: -enc YwBtAGQAIAAvAGMAIAB0AGkAbQBlAG8AdQB0ACAAMQA5AA== filepath: powershell	1	1	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Jan. 20, 2022, 9:37 a.m.	flags: 15 family: 0		111	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (3 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW Jan. 20, 2022, 9:37 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Jan. 20, 2022, 9:36 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW Jan. 20, 2022, 9:38 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Yara rule detected in process memory (11 events)

description	Communications smtp	rule	Network_SMTP_dotNet
description	Run a KeyLogger	rule	KeyLogger
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook

Allocates execute permission to another process indicative of possible code injection (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 3052 region_size: 155648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000004bc	1	0	0

Attempts to identify installed AV products by installation directory (1 event)

file	C:\Users\test22\AppData\Local\AVAST Software\Browser\User Data\Default\Login Data

Installs itself for autorun at Windows startup (1 event)

reg_key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\update

reg_value

"C:\Users\test22\AppData\Roaming\update\update.exe"

Harvests credentials from local FTP client softwares (1 event)

file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Harvests information related to installed instant messenger clients (1 event)

file	C:\Users\test22\AppData\Roaming\.purple\accounts.xml

Potential code injection by writing to the memory of another process (3 events)

Time & API	Arguments	Status	Return
WriteProcessMemory Jan. 20, 2022, 9:37 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELc2aàPæ @ `@¼O w@ H.textä æ `.rsrcw è@@.reloc@ú@B base_address: 0x00400000 process_identifier: 3052 process_handle: 0x000004bc	1	1
WriteProcessMemory Jan. 20, 2022, 9:37 a.m.	buffer: 4 base_address: 0x00424000 process_identifier: 3052 process_handle: 0x000004bc	1	1
WriteProcessMemory Jan. 20, 2022, 9:37 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 3052 process_handle: 0x000004bc	1	1

Code injection by writing an executable or DLL to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory Jan. 20, 2022, 9:37 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELc2aàPæ @ `@¼O w@ H.textä æ `.rsrcw è@@.reloc@ú@B base_address: 0x00400000 process_identifier: 3052 process_handle: 0x000004bc	1	1	0

Harvests credentials from local email clients (3 events)

registry	HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry	HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
registry	HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2320 called NtSetContextThread to modify thread in remote process 3052
NtSetContextThread Jan. 20, 2022, 9:37 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4326414 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000004c8 process_identifier: 3052	1	0	0

One or more non-whitelisted processes were created (1 event)

parent_process

powershell.exe

martian_process

"C:\Windows\system32\cmd.exe" /c timeout 19

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2320 resumed a thread in remote process 3052
NtResumeThread Jan. 20, 2022, 9:38 a.m.	thread_handle: 0x000004c8 suspend_count: 1 process_identifier: 3052	1	0	0

The process powershell.exe wrote an executable file to disk (1 event)

file	C:\Windows\System32\cmd.exe

File has been identified by 28 AntiVirus engines on VirusTotal as malicious (28 events)

Lionic	Trojan.MSIL.Quasar.l!c
Elastic	malicious (high confidence)
FireEye	Generic.mg.f49ec9a85b03f6f0
Cylance	Unsafe
Sangfor	Trojan.MSIL.Quasar.gen
K7GW	Trojan-Downloader ( 0058d2c11 )
Cybereason	malicious.44da45
Cyren	W32/Faker.Q.gen!Eldorado
Symantec	MSIL.Downloader!gen7
ESET-NOD32	a variant of MSIL/TrojanDownloader.Agent.KBM
APEX	Malicious
Paloalto	generic.ml
Kaspersky	HEUR:Trojan-Spy.MSIL.Quasar.gen
Avast	Win32:MalwareX-gen [Trj]
McAfee-GW-Edition	Artemis!Trojan
Sophos	Mal/Generic-S
Webroot	W32.Trojan.Gen
Avira	TR/Downloader.MSIL.aqiqw
Kingsoft	Win32.Troj.Undef.(kcloud)
Microsoft	Trojan:Win32/Casdet!rfn
Cynet	Malicious (score: 100)
McAfee	RDN/Snakekeylogger
TrendMicro-HouseCall	TROJ_GEN.R002H0CAI22
SentinelOne	Static AI - Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/Agent.KAD!tr
AVG	Win32:MalwareX-gen [Trj]
CrowdStrike	win/malicious_confidence_100% (W)

Executed a process and injected code into it, probably while unpacking (26 events)

Time & API	Arguments	Status	Return
NtResumeThread Jan. 20, 2022, 9:36 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2320	1	0
NtResumeThread Jan. 20, 2022, 9:36 a.m.	thread_handle: 0x0000014c suspend_count: 1 process_identifier: 2320	1	0
NtResumeThread Jan. 20, 2022, 9:36 a.m.	thread_handle: 0x00000194 suspend_count: 1 process_identifier: 2320	1	0
NtResumeThread Jan. 20, 2022, 9:36 a.m.	thread_handle: 0x0000022c suspend_count: 1 process_identifier: 2320	1	0
CreateProcessInternalW Jan. 20, 2022, 9:36 a.m.	thread_identifier: 2468 thread_handle: 0x000003a4 process_identifier: 2464 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc YwBtAGQAIAAvAGMAIAB0AGkAbQBlAG8AdQB0ACAAMQA5AA== filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003ac	1	1
NtResumeThread Jan. 20, 2022, 9:37 a.m.	thread_handle: 0x00000498 suspend_count: 1 process_identifier: 2320	1	0
CreateProcessInternalW Jan. 20, 2022, 9:37 a.m.	thread_identifier: 3056 thread_handle: 0x000004c8 process_identifier: 3052 current_directory: filepath: track: 1 command_line: C:\Users\test22\AppData\Local\Temp\5510542784046312.exe filepath_r: stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x000004bc	1	1
NtGetContextThread Jan. 20, 2022, 9:37 a.m.	thread_handle: 0x000004c8	1	0
NtAllocateVirtualMemory Jan. 20, 2022, 9:37 a.m.	process_identifier: 3052 region_size: 155648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000004bc	1	0
WriteProcessMemory Jan. 20, 2022, 9:37 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELc2aàPæ @ `@¼O w@ H.textä æ `.rsrcw è@@.reloc@ú@B base_address: 0x00400000 process_identifier: 3052 process_handle: 0x000004bc	1	1
WriteProcessMemory Jan. 20, 2022, 9:37 a.m.	buffer: base_address: 0x00402000 process_identifier: 3052 process_handle: 0x000004bc	1	1
WriteProcessMemory Jan. 20, 2022, 9:37 a.m.	buffer: base_address: 0x00422000 process_identifier: 3052 process_handle: 0x000004bc	1	1
WriteProcessMemory Jan. 20, 2022, 9:37 a.m.	buffer: 4 base_address: 0x00424000 process_identifier: 3052 process_handle: 0x000004bc	1	1
WriteProcessMemory Jan. 20, 2022, 9:37 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 3052 process_handle: 0x000004bc	1	1
NtSetContextThread Jan. 20, 2022, 9:37 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4326414 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000004c8 process_identifier: 3052	1	0
NtResumeThread Jan. 20, 2022, 9:38 a.m.	thread_handle: 0x000004c8 suspend_count: 1 process_identifier: 3052	1	0
NtResumeThread Jan. 20, 2022, 9:36 a.m.	thread_handle: 0x0000029c suspend_count: 1 process_identifier: 2464	1	0
NtResumeThread Jan. 20, 2022, 9:36 a.m.	thread_handle: 0x000002f0 suspend_count: 1 process_identifier: 2464	1	0
NtResumeThread Jan. 20, 2022, 9:37 a.m.	thread_handle: 0x0000043c suspend_count: 1 process_identifier: 2464	1	0
CreateProcessInternalW Jan. 20, 2022, 9:37 a.m.	thread_identifier: 2568 thread_handle: 0x00000440 process_identifier: 2564 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: "C:\Windows\system32\cmd.exe" /c timeout 19 filepath_r: stack_pivoted: 0 creation_flags: 0 () inherit_handles: 1 process_handle: 0x00000444	1	1
NtResumeThread Jan. 20, 2022, 9:37 a.m.	thread_handle: 0x00000488 suspend_count: 1 process_identifier: 2464	1	0
CreateProcessInternalW Jan. 20, 2022, 9:37 a.m.	thread_identifier: 2612 thread_handle: 0x00000084 process_identifier: 2608 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\timeout.exe track: 1 command_line: timeout 19 filepath_r: C:\Windows\system32\timeout.exe stack_pivoted: 0 creation_flags: 524288 (EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 1 process_handle: 0x00000088	1	1
NtResumeThread Jan. 20, 2022, 9:38 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 3052	1	0
NtResumeThread Jan. 20, 2022, 9:38 a.m.	thread_handle: 0x00000150 suspend_count: 1 process_identifier: 3052	1	0
NtResumeThread Jan. 20, 2022, 9:38 a.m.	thread_handle: 0x000001c0 suspend_count: 1 process_identifier: 3052	1	0
NtResumeThread Jan. 20, 2022, 9:38 a.m.	thread_handle: 0x000003a4 suspend_count: 1 process_identifier: 3052	1	0

5510542784046312.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All