Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	July 31, 2022, 1:47 p.m.	July 31, 2022, 1:49 p.m.

Size	1.3MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`c0ea08a163298e0493d9cb9d9f6881d1`
SHA256	`be999ae161fe785ae48c92bb141597bef0aa748f4180b8c67134efe512454bc0`
CRC32	`9325465B`
ssdeep	`24576:pAT8QE+k/iguh3sQo0Y93hYB3fR7ZEhd0pQIYxZ5rOyjbWIBXZ/4ja4x5Z:pAI+U88Qd83y3Jqj0mPrOynWIL/6x5Z`
Yara	IsPE32 - (no description) Malicious_Library_Zero - Malicious_Library UPX_Zero - UPX packed file PE_Header_Zero - PE File Signature

JOB.exe "C:\Users\test22\AppData\Local\Temp\JOB.exe"
2760
- iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
  2876
  - iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2876 CREDAT:145409
    2964
  - iexplore.exe "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2876 CREDAT:145410
    2116
- real.exe "C:\Program Files (x86)\Company\NewProduct\real.exe"
  2252
  - cmd.exe "C:\Windows\System32\cmd.exe" /c taskkill /im real.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\real.exe" & del C:\ProgramData\*.dll & exit
    3688
    - taskkill.exe taskkill /im real.exe /f
      3796
    - timeout.exe timeout /t 6
      3868
- F0geI.exe "C:\Program Files (x86)\Company\NewProduct\F0geI.exe"
  2300
- namdoitntn.exe "C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"
  2420
- romb_ro.exe "C:\Program Files (x86)\Company\NewProduct\romb_ro.exe"
  2488
- safert44.exe "C:\Program Files (x86)\Company\NewProduct\safert44.exe"
  2688
- tag.exe "C:\Program Files (x86)\Company\NewProduct\tag.exe"
  3008
- kukurzka9000.exe "C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe"
  1664
- ffnameedit.exe "C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe"
  316
- namdoitntn.exe "C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe"
  2636
- g3rgg.exe "C:\Program Files (x86)\Company\NewProduct\g3rgg.exe"
  1304
- jshainx.exe "C:\Program Files (x86)\Company\NewProduct\jshainx.exe"
  3140
- me.exe "C:\Program Files (x86)\Company\NewProduct\me.exe"
  3212
explorer.exe C:\Windows\Explorer.EXE
1156

Name	Response	Post-Analysis Lookup
transfer.sh	A 144.76.136.153	144.76.136.153
iplogger.org	A 148.251.234.83	148.251.234.83

IP Address	Status	Action
103.89.90.61	Active	Moloch
117.18.232.200	Active	Moloch
144.76.136.153	Active	Moloch
146.19.247.187	Active	Moloch
148.251.234.83	Active	Moloch
164.124.101.2	Active	Moloch
185.199.224.90	Active	Moloch
185.87.149.167	Active	Moloch
31.41.244.134	Active	Moloch
45.182.189.196	Active	Moloch
62.204.41.126	Active	Moloch
62.204.41.144	Active	Moloch
91.242.229.63	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
UDP 192.168.56.101:55871 -> 164.124.101.2:53	2035948	ET POLICY IP Check Domain (iplogger .org in DNS Lookup)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49177 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49178 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49178 -> 148.251.234.83:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49177 -> 148.251.234.83:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
UDP 192.168.56.101:62062 -> 164.124.101.2:53	2035948	ET POLICY IP Check Domain (iplogger .org in DNS Lookup)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49177 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
UDP 192.168.56.101:60131 -> 164.124.101.2:53	2035948	ET POLICY IP Check Domain (iplogger .org in DNS Lookup)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49179 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49179 -> 148.251.234.83:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49178 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49187 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49187 -> 148.251.234.83:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49179 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49181 -> 146.19.247.187:80	2027262	ET INFO Dotted Quad Host ZIP Request	Potentially Bad Traffic
TCP 192.168.56.101:49185 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49185 -> 148.251.234.83:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49188 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49185 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49188 -> 148.251.234.83:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49187 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49188 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49176 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49176 -> 148.251.234.83:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49176 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49190 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49190 -> 148.251.234.83:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 148.251.234.83:443 -> 192.168.56.101:49194	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49190 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 148.251.234.83:443 -> 192.168.56.101:49192	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49188 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49175 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 148.251.234.83:443 -> 192.168.56.101:49193	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49175 -> 148.251.234.83:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49175 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49205 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49205 -> 148.251.234.83:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49205 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49186 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49186 -> 148.251.234.83:443	906200054	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49186 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49227 -> 62.204.41.126:80	2027262	ET INFO Dotted Quad Host ZIP Request	Potentially Bad Traffic
UDP 192.168.56.101:57609 -> 164.124.101.2:53	2034316	ET POLICY Observed DNS Query to File Transfer Service Domain (transfer .sh)	Potentially Bad Traffic
UDP 192.168.56.101:57609 -> 164.124.101.2:53	2035139	ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in DNS Lookup)	Misc activity
TCP 192.168.56.101:49181 -> 146.19.247.187:80	2036316	ET MALWARE Arkei/Vidar/Mars Stealer Variant	A Network Trojan was detected
TCP 192.168.56.101:49227 -> 62.204.41.126:80	2036316	ET MALWARE Arkei/Vidar/Mars Stealer Variant	A Network Trojan was detected
TCP 192.168.56.101:49234 -> 91.242.229.63:80	2027262	ET INFO Dotted Quad Host ZIP Request	Potentially Bad Traffic
TCP 144.76.136.153:443 -> 192.168.56.101:49239	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49239 -> 144.76.136.153:443	2035145	ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI)	Misc activity
TCP 192.168.56.101:49239 -> 144.76.136.153:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49239 -> 144.76.136.153:443	2035145	ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI)	Misc activity
TCP 192.168.56.101:49239 -> 144.76.136.153:443	2035145	ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI)	Misc activity
TCP 144.76.136.153:443 -> 192.168.56.101:49236	2029340	ET INFO TLS Handshake Failure	Potentially Bad Traffic
TCP 192.168.56.101:49236 -> 144.76.136.153:443	2035145	ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI)	Misc activity
TCP 192.168.56.101:49236 -> 144.76.136.153:443	906200022	SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)	undefined
TCP 192.168.56.101:49236 -> 144.76.136.153:443	2035145	ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI)	Misc activity
TCP 192.168.56.101:49234 -> 91.242.229.63:80	2036316	ET MALWARE Arkei/Vidar/Mars Stealer Variant	A Network Trojan was detected
TCP 192.168.56.101:49236 -> 144.76.136.153:443	2035145	ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI)	Misc activity
TCP 192.168.56.101:49186 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49190 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49179 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49205 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49178 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49176 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49187 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49175 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49185 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49177 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation
TCP 192.168.56.101:49239 -> 144.76.136.153:443	2035145	ET INFO Commonly Abused File Sharing Site Domain Observed (transfer .sh in TLS SNI)	Misc activity
TCP 192.168.56.101:49188 -> 148.251.234.83:443	2035949	ET POLICY IP Check Domain (iplogger .org in TLS SNI)	Potential Corporate Privacy Violation

Suricata TLS

No Suricata TLS

Queries for the computername (50 out of 59 events)

Time & API	Arguments	Status	Return
GetComputerNameA July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:48 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameA July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW July 31, 2022, 1:47 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (13 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent July 31, 2022, 1:47 p.m.			0	0
IsDebuggerPresent July 31, 2022, 1:47 p.m.			0	0
IsDebuggerPresent July 31, 2022, 1:47 p.m.			0	0
IsDebuggerPresent July 31, 2022, 1:47 p.m.			0	0
IsDebuggerPresent July 31, 2022, 1:47 p.m.			0	0
IsDebuggerPresent July 31, 2022, 1:47 p.m.			0	0
IsDebuggerPresent July 31, 2022, 1:47 p.m.			0	0
IsDebuggerPresent July 31, 2022, 1:47 p.m.			0	0
IsDebuggerPresent July 31, 2022, 1:47 p.m.			0	0
IsDebuggerPresent July 31, 2022, 1:47 p.m.			0	0
IsDebuggerPresent July 31, 2022, 1:47 p.m.			0	0
IsDebuggerPresent July 31, 2022, 1:47 p.m.			0	0
IsDebuggerPresent July 31, 2022, 1:47 p.m.			0	0

Command line console output was observed (4 events)

Time & API	Arguments	Status	Return
WriteConsoleW July 31, 2022, 1:47 p.m.	buffer: Could Not Find C:\ProgramData\*.dll console_handle: 0x0000000b	1	1
WriteConsoleW July 31, 2022, 1:47 p.m.	buffer: ERROR: The process "real.exe" not found. console_handle: 0x0000000b	1	1
WriteConsoleW July 31, 2022, 1:47 p.m.	buffer: Waiting for 6 console_handle: 0x00000007	1	1
WriteConsoleW July 31, 2022, 1:47 p.m.	buffer: seconds, press a key to continue ... console_handle: 0x00000007	1	1

Uses Windows APIs to generate a cryptographic key (50 out of 108 events)

Time & API	Arguments	Status	Return
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00596430 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00596430 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00596430 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00596430 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x005964b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x005964b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x005963b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x005963b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x005963b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x005963b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x005963b0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00596cf0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00596cf0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x005967f0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00596bb0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00597230 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00597230 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00596db0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00596db0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00596d30 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c480 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c480 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c380 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c380 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c380 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c380 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c380 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c400 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074c600 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074cc40 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074cc80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074cc80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074cdc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074cdc0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0074d100 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x008376a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x008376a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x008376a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x008376a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00837720 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00837720 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00837620 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00837620 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00837620 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey July 31, 2022, 1:47 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00837620 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate) (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid

Tries to locate where the browsers are installed (2 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx July 31, 2022, 1:47 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section	CODE
section	DATA
section	BSS

The executable uses a known packer (1 event)

packer

BobSoft Mini Delphi -> BoB / BobSoft

One or more processes crashed (50 out of 58 events)

Time & API	Arguments	Status
__exception__ July 31, 2022, 1:48 p.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x76af374b CoReleaseServerProcess+0x73 OleSaveToStream-0xad ole32+0x64387 @ 0x76844387 NdrpMemoryIncrement+0x3d1 NdrComplexStructMarshall-0x2f rpcrt4+0x1ef51 @ 0x76aeef51 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x76ae6a9c NdrPointerMarshall+0xd6 NdrPointerBufferSize-0x10 rpcrt4+0x16b42 @ 0x76ae6b42 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x76ae6a9c NdrConformantArrayFree+0x8c NdrOleFree-0xa rpcrt4+0x35c3a @ 0x76b05c3a NdrStubCall2+0x31d NdrUnmarshallBasetypeInline-0x23a rpcrt4+0xb06b8 @ 0x76b806b8 WdtpInterfacePointer_UserUnmarshal+0x256f DllDebugObjectRPCHook-0x1e89 ole32+0x13d7e6 @ 0x7691d7e6 WdtpInterfacePointer_UserUnmarshal+0x25ff DllDebugObjectRPCHook-0x1df9 ole32+0x13d876 @ 0x7691d876 WdtpInterfacePointer_UserUnmarshal+0x2b59 DllDebugObjectRPCHook-0x189f ole32+0x13ddd0 @ 0x7691ddd0 CoTaskMemFree+0x1b02 DcomChannelSetHResult-0x1c8 ole32+0x58a43 @ 0x76838a43 CoTaskMemFree+0x19f7 DcomChannelSetHResult-0x2d3 ole32+0x58938 @ 0x76838938 DcomChannelSetHResult+0x8ff CoGetObject-0x2183 ole32+0x5950a @ 0x7683950a WdtpInterfacePointer_UserUnmarshal+0x2a56 DllDebugObjectRPCHook-0x19a2 ole32+0x13dccd @ 0x7691dccd WdtpInterfacePointer_UserUnmarshal+0x28ca DllDebugObjectRPCHook-0x1b2e ole32+0x13db41 @ 0x7691db41 WdtpInterfacePointer_UserUnmarshal+0x2f86 DllDebugObjectRPCHook-0x1472 ole32+0x13e1fd @ 0x7691e1fd DcomChannelSetHResult+0x75c CoGetObject-0x2326 ole32+0x59367 @ 0x76839367 DcomChannelSetHResult+0x71b CoGetObject-0x2367 ole32+0x59326 @ 0x76839326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76be62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76be6d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76be77c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x76be788a CoWaitForMultipleHandles+0x4311 CoRegisterSurrogateEx-0x2fe ole32+0x1a48b @ 0x767fa48b CoWaitForMultipleHandles+0x23c1 CoRegisterSurrogateEx-0x224e ole32+0x1853b @ 0x767f853b CoWaitForMultipleHandles+0x4332 CoRegisterSurrogateEx-0x2dd ole32+0x1a4ac @ 0x767fa4ac CoGetTreatAsClass+0x2619 CoRegisterChannelHook-0x1269 ole32+0x2cd48 @ 0x7680cd48 CoGetTreatAsClass+0x314b CoRegisterChannelHook-0x737 ole32+0x2d87a @ 0x7680d87a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x760cb727 registers.esp: 131198552 registers.edi: 9018612 registers.eax: 131198552 registers.ebp: 131198632 registers.edx: 90 registers.ebx: 131198916 registers.esi: 2147746133 registers.ecx: 89625152	1
__exception__ July 31, 2022, 1:48 p.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x76af374b DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x7691f725 NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x76b0414b ObjectStublessClient25+0x65c CoImpersonateClient-0xbc ole32+0xfe14 @ 0x767efe14 StgGetIFillLockBytesOnFile+0x16ab5 WdtpInterfacePointer_UserSize-0xe21 ole32+0x13a338 @ 0x7691a338 IsValidURL+0x4b8c MkParseDisplayNameEx-0x1c6a4 urlmon+0x4e99f @ 0x752de99f IntlPercentEncodeNormalize+0x1ff8 CoInternetCombineIUri-0x940 urlmon+0x272ed @ 0x752b72ed RegisterBindStatusCallback+0x40d9 CopyBindInfo-0xbe4 urlmon+0x1ab0d @ 0x752aab0d GetIUriPriv2+0x603 CoInternetIsFeatureEnabledForIUri-0xdf6 urlmon+0x1ea98 @ 0x752aea98 RegisterBindStatusCallback+0x1dc3 CopyBindInfo-0x2efa urlmon+0x187f7 @ 0x752a87f7 CopyStgMedium+0x286 FindMediaType-0x70d urlmon+0x1ba32 @ 0x752aba32 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76be62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76be6d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76be77c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76be7bca CreateAsyncBindCtx+0xb2f URLDownloadToCacheFileW-0x54c urlmon+0x4516f @ 0x752d516f CreateAsyncBindCtx+0xa8e URLDownloadToCacheFileW-0x5ed urlmon+0x450ce @ 0x752d50ce RegisterBindStatusCallback+0x36a4 CopyBindInfo-0x1619 urlmon+0x1a0d8 @ 0x752aa0d8 RegisterBindStatusCallback+0x3151 CopyBindInfo-0x1b6c urlmon+0x19b85 @ 0x752a9b85 RegisterBindStatusCallback+0x3074 CopyBindInfo-0x1c49 urlmon+0x19aa8 @ 0x752a9aa8 CreateAsyncBindCtx+0xccc URLDownloadToCacheFileW-0x3af urlmon+0x4530c @ 0x752d530c URLDownloadToCacheFileW+0xe5 CoInternetIsFeatureZoneElevationEnabled-0x2c18 urlmon+0x457a0 @ 0x752d57a0 DllCanUnloadNow+0xcfc8 IEAssociateThreadWithTab-0x294dd ieframe+0x2540c @ 0x7210540c DllCanUnloadNow+0xce86 IEAssociateThreadWithTab-0x2961f ieframe+0x252ca @ 0x721052ca CreateExtensionGuidEnumerator+0x5d622 SetQueryNetSessionCount-0x15f9a ieframe+0x100ea3 @ 0x721e0ea3 RtlGetUserInfoHeap+0x225 RtlQueueWorkItem-0x210 ntdll+0x67e96 @ 0x776a7e96 TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x776854f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x760cb727 registers.esp: 104716000 registers.edi: 1988295184 registers.eax: 104716000 registers.ebp: 104716080 registers.edx: 1 registers.ebx: 110847532 registers.esi: 2147746133 registers.ecx: 2955062347	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x749087 0x748f21 0x74761f 0x747330 0x744826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d0 85 c0 75 06 8b 15 2c exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x74911c registers.esp: 4255124 registers.edi: 4255144 registers.eax: 0 registers.ebp: 4255156 registers.edx: 5724656 registers.ebx: 42169788 registers.esi: 42170608 registers.ecx: 0	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x661d60 0x661c9c 0x661ba0 0x660a0b 0x74ff0c 0x74c928 0x747710 0x747330 0x744826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 18 01 80 6f eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x662620 registers.esp: 4254324 registers.edi: 41776848 registers.eax: 0 registers.ebp: 4254384 registers.edx: 190499016 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 190504424	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x661d60 0x661c9c 0x661be1 0x660a0b 0x74ff0c 0x74c928 0x747710 0x747330 0x744826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 18 01 80 6f eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x662620 registers.esp: 4254324 registers.edi: 42923216 registers.eax: 0 registers.ebp: 4254384 registers.edx: 190499016 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 190504424	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x661d60 0x661c9c 0x661be1 0x660a0b 0x74ff0c 0x74c928 0x747710 0x747330 0x744826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 18 01 80 6f eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x662620 registers.esp: 4254324 registers.edi: 44044780 registers.eax: 0 registers.ebp: 4254384 registers.edx: 190499016 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 190504424	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x6652d3 0x6651f9 0x660843 0x74ff0c 0x74c928 0x747710 0x747330 0x744826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 18 01 80 6f eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x662620 registers.esp: 4254392 registers.edi: 45170440 registers.eax: 0 registers.ebp: 4254452 registers.edx: 190499016 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 190504424	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x6652d3 0x6651f9 0x660843 0x74ff0c 0x74c928 0x747710 0x747330 0x744826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 18 01 80 6f eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x662620 registers.esp: 4254392 registers.edi: 46210916 registers.eax: 0 registers.ebp: 4254452 registers.edx: 190499016 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 190504424	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x6652d3 0x6651f9 0x660843 0x74ff0c 0x74c928 0x747710 0x747330 0x744826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 18 01 80 6f eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x662620 registers.esp: 4254392 registers.edi: 42162868 registers.eax: 0 registers.ebp: 4254452 registers.edx: 190499016 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 190504424	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x6656bd 0x6655e9 0x6608e5 0x74ff0c 0x74c928 0x747710 0x747330 0x744826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 18 01 80 6f eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x662620 registers.esp: 4254372 registers.edi: 43203408 registers.eax: 0 registers.ebp: 4254432 registers.edx: 190499016 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 190504424	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x6656bd 0x6655e9 0x6608e5 0x74ff0c 0x74c928 0x747710 0x747330 0x744826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 18 01 80 6f eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x662620 registers.esp: 4254372 registers.edi: 44384704 registers.eax: 0 registers.ebp: 4254432 registers.edx: 190499016 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 190504424	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x6656bd 0x6655e9 0x6608e5 0x74ff0c 0x74c928 0x747710 0x747330 0x744826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 18 01 80 6f eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x662620 registers.esp: 4254372 registers.edi: 45566000 registers.eax: 0 registers.ebp: 4254432 registers.edx: 190499016 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 190504424	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x665c45 0x665b69 0x660b0a 0x74ff0c 0x74c928 0x747710 0x747330 0x744826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 18 01 80 6f eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x662620 registers.esp: 4254400 registers.edi: 41813660 registers.eax: 0 registers.ebp: 4254460 registers.edx: 190499016 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 190504424	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x665c45 0x665b69 0x660b0a 0x74ff0c 0x74c928 0x747710 0x747330 0x744826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 18 01 80 6f eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x662620 registers.esp: 4254400 registers.edi: 43008408 registers.eax: 0 registers.ebp: 4254460 registers.edx: 190499016 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 190504424	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x665c45 0x665b69 0x660b0a 0x74ff0c 0x74c928 0x747710 0x747330 0x744826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 18 01 80 6f eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x662620 registers.esp: 4254400 registers.edi: 44192000 registers.eax: 0 registers.ebp: 4254460 registers.edx: 190499016 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 190504424	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: RtlpNtEnumerateSubKey+0x2a2b isupper-0x4e2b ntdll+0xcf559 @ 0x7770f559 RtlpNtEnumerateSubKey+0x2b0b isupper-0x4d4b ntdll+0xcf639 @ 0x7770f639 RtlpNtEnumerateSubKey+0x2d74 isupper-0x4ae2 ntdll+0xcf8a2 @ 0x7770f8a2 RtlUlonglongByteSwap+0xc624 RtlFreeOemString-0x152b6 ntdll+0x89a14 @ 0x776c9a14 RtlInitializeCriticalSection+0x11f RtlSizeHeap-0x2a1 ntdll+0x32d61 @ 0x77672d61 RtlImageNtHeader+0x30e RtlDeleteCriticalSection-0x1183 ntdll+0x33472 @ 0x77673472 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x766e14dd romb_ro+0x1d945 @ 0xebd945 romb_ro+0x1ccf7 @ 0xebccf7 romb_ro+0xbde7 @ 0xeabde7 romb_ro+0x1fda9 @ 0xebfda9 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: eb 12 8b 45 ec 8b 08 8b 09 50 51 e8 6f ff ff ff exception.symbol: RtlpNtEnumerateSubKey+0x1b25 isupper-0x5d31 ntdll+0xce653 exception.instruction: jmp 0x7770e667 exception.module: ntdll.dll exception.exception_code: 0xc0000374 exception.offset: 845395 exception.address: 0x7770e653 registers.esp: 2093604 registers.edi: 4986616 registers.eax: 2093620 registers.ebp: 2093724 registers.edx: 0 registers.ebx: 0 registers.esi: 4980736 registers.ecx: 2147483647	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x70bb70 0x70ba9d 0x706f65 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d0 85 c0 75 06 8b 15 2c exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x70bc51 registers.esp: 4189456 registers.edi: 40882964 registers.eax: 0 registers.ebp: 4189480 registers.edx: 7634304 registers.ebx: 40882984 registers.esi: 40883784 registers.ecx: 0	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x57e1cfc 0x57e1c64 0x57e1b3b 0x57e0a6e 0x70fc80 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 c8 01 68 6a eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x57e2570 registers.esp: 4188656 registers.edi: 0 registers.eax: 0 registers.ebp: 4188716 registers.edx: 18133116 registers.ebx: 42690500 registers.esi: 2103166393 registers.ecx: 18138528	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x57e1cfc 0x57e1c64 0x57e1b9e 0x57e0a6e 0x70fc80 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 c8 01 68 6a eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x57e2570 registers.esp: 4188656 registers.edi: 0 registers.eax: 0 registers.ebp: 4188716 registers.edx: 18133116 registers.ebx: 43836868 registers.esi: 2103166393 registers.ecx: 18138528	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x57e1cfc 0x57e1c64 0x57e1b9e 0x57e0a6e 0x70fc80 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 c8 01 68 6a eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x57e2570 registers.esp: 4188656 registers.edi: 0 registers.eax: 0 registers.ebp: 4188716 registers.edx: 18133116 registers.ebx: 41686612 registers.esi: 2103166393 registers.ecx: 18138528	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x57e538f 0x57e5299 0x57e0dfc 0x70fc80 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 c8 01 68 6a eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x57e2570 registers.esp: 4188724 registers.edi: 0 registers.eax: 0 registers.ebp: 4188784 registers.edx: 18133116 registers.ebx: 42812272 registers.esi: 2103166393 registers.ecx: 18138528	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x57e538f 0x57e5299 0x57e0dfc 0x70fc80 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 c8 01 68 6a eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x57e2570 registers.esp: 4188724 registers.edi: 0 registers.eax: 0 registers.ebp: 4188784 registers.edx: 18133116 registers.ebx: 43852748 registers.esi: 2103166393 registers.ecx: 18138528	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x57e538f 0x57e5299 0x57e0dfc 0x70fc80 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 c8 01 68 6a eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x57e2570 registers.esp: 4188724 registers.edi: 0 registers.eax: 0 registers.ebp: 4188784 registers.edx: 18133116 registers.ebx: 41571356 registers.esi: 2103166393 registers.ecx: 18138528	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x57e57dd 0x57e5719 0x57e07f0 0x70fc80 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 c8 01 68 6a eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x57e2570 registers.esp: 4188708 registers.edi: 0 registers.eax: 0 registers.ebp: 4188768 registers.edx: 18133116 registers.ebx: 42611896 registers.esi: 2103166393 registers.ecx: 18138528	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x57e57dd 0x57e5719 0x57e07f0 0x70fc80 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 c8 01 68 6a eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x57e2570 registers.esp: 4188708 registers.edi: 0 registers.eax: 0 registers.ebp: 4188768 registers.edx: 18133116 registers.ebx: 43793192 registers.esi: 2103166393 registers.ecx: 18138528	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x57e57dd 0x57e5719 0x57e07f0 0x70fc80 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 c8 01 68 6a eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x57e2570 registers.esp: 4188708 registers.edi: 0 registers.eax: 0 registers.ebp: 4188768 registers.edx: 18133116 registers.ebx: 44974488 registers.esi: 2103166393 registers.ecx: 18138528	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x57e5d3d 0x57e5c79 0x57e0967 0x70fc80 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 c8 01 68 6a eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x57e2570 registers.esp: 4188732 registers.edi: 0 registers.eax: 0 registers.ebp: 4188792 registers.edx: 18133116 registers.ebx: 41530744 registers.esi: 2103166393 registers.ecx: 18138528	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x57e5d3d 0x57e5c79 0x57e0967 0x70fc80 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 c8 01 68 6a eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x57e2570 registers.esp: 4188732 registers.edi: 0 registers.eax: 0 registers.ebp: 4188792 registers.edx: 18133116 registers.ebx: 42714336 registers.esi: 2103166393 registers.ecx: 18138528	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x57e5d3d 0x57e5c79 0x57e0967 0x70fc80 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 c8 01 68 6a eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x57e2570 registers.esp: 4188732 registers.edi: 0 registers.eax: 0 registers.ebp: 4188792 registers.edx: 18133116 registers.ebx: 43897928 registers.esi: 2103166393 registers.ecx: 18138528	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x70011194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x6fee2ba1 mscorlib+0x36dd48 @ 0x6f12dd48 mscorlib+0x32fea6 @ 0x6f0efea6 mscorlib+0x30ab40 @ 0x6f0cab40 0x57e29b7 0x57ea068 0x57e97b1 0x57e8fa5 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x760cb727 registers.esp: 4188872 registers.edi: 0 registers.eax: 4188872 registers.ebp: 4188952 registers.edx: 0 registers.ebx: 7609776 registers.esi: 7634304 registers.ecx: 2989301976	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x70011194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x6fee2ba1 mscorlib+0x36dd36 @ 0x6f12dd36 mscorlib+0x32fea6 @ 0x6f0efea6 mscorlib+0x30ab40 @ 0x6f0cab40 0x57e29b7 0x57ea068 0x57e97b1 0x57e8fa5 0x70c5c0 0x706fcb 0x706c70 0x7047f6 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x760cb727 registers.esp: 4188872 registers.edi: 0 registers.eax: 4188872 registers.ebp: 4188952 registers.edx: 0 registers.ebx: 7609776 registers.esi: 7634304 registers.ecx: 2989301976	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x5c57b2 0x5c572d 0x5c164c 0x5c13a0 0x5c0056 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d0 85 c0 75 06 8b 15 2c exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5c5841 registers.esp: 4649180 registers.edi: 43103268 registers.eax: 0 registers.ebp: 4649204 registers.edx: 8524952 registers.ebx: 41982648 registers.esi: 43103448 registers.ecx: 0	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x5c9ae4 0x5c9a6c 0x5c99cb 0x5c8e3b 0x5c89da 0x5c6081 0x5c16b6 0x5c13a0 0x5c0056 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 d4 eb 11 e8 c9 85 89 6f eb 0a e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5ca16f registers.esp: 4648804 registers.edi: 44904114 registers.eax: 0 registers.ebp: 4648852 registers.edx: 10065620 registers.ebx: 44903964 registers.esi: 44904184 registers.ecx: 10070968	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x5c9ae4 0x5c9a6c 0x5c99e8 0x5c8e3b 0x5c89da 0x5c6081 0x5c16b6 0x5c13a0 0x5c0056 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 d4 eb 11 e8 c9 85 89 6f eb 0a e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5ca16f registers.esp: 4648804 registers.edi: 46049510 registers.eax: 0 registers.ebp: 4648852 registers.edx: 10065620 registers.ebx: 46049360 registers.esi: 46049580 registers.ecx: 10070968	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x5c9ae4 0x5c9a6c 0x5c99e8 0x5c8e3b 0x5c89da 0x5c6081 0x5c16b6 0x5c13a0 0x5c0056 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 d4 eb 11 e8 c9 85 89 6f eb 0a e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5ca16f registers.esp: 4648804 registers.edi: 43868154 registers.eax: 0 registers.ebp: 4648852 registers.edx: 10065620 registers.ebx: 43868004 registers.esi: 43868224 registers.ecx: 10070968	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x5cbc66 0x5cbba9 0x5c8ff2 0x5c89da 0x5c6081 0x5c16b6 0x5c13a0 0x5c0056 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 d4 eb 11 e8 c9 85 89 6f eb 0a e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5ca16f registers.esp: 4648828 registers.edi: 44992518 registers.eax: 0 registers.ebp: 4648876 registers.edx: 10065620 registers.ebx: 44992368 registers.esi: 44992588 registers.ecx: 10070968	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x5cbc66 0x5cbba9 0x5c8ff2 0x5c89da 0x5c6081 0x5c16b6 0x5c13a0 0x5c0056 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 d4 eb 11 e8 c9 85 89 6f eb 0a e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5ca16f registers.esp: 4648828 registers.edi: 46031470 registers.eax: 0 registers.ebp: 4648876 registers.edx: 10065620 registers.ebx: 46031320 registers.esi: 46031540 registers.ecx: 10070968	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x5cbc66 0x5cbba9 0x5c8ff2 0x5c89da 0x5c6081 0x5c16b6 0x5c13a0 0x5c0056 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 d4 eb 11 e8 c9 85 89 6f eb 0a e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5ca16f registers.esp: 4648828 registers.edi: 43787338 registers.eax: 0 registers.ebp: 4648876 registers.edx: 10065620 registers.ebx: 43787188 registers.esi: 43787408 registers.ecx: 10070968	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x5cbf55 0x5cbea9 0x5c909c 0x5c89da 0x5c6081 0x5c16b6 0x5c13a0 0x5c0056 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 d4 eb 11 e8 c9 85 89 6f eb 0a e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5ca16f registers.esp: 4648824 registers.edi: 44826354 registers.eax: 0 registers.ebp: 4648872 registers.edx: 10065620 registers.ebx: 44826204 registers.esi: 44826424 registers.ecx: 10070968	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x5cbf55 0x5cbea9 0x5c909c 0x5c89da 0x5c6081 0x5c16b6 0x5c13a0 0x5c0056 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 d4 eb 11 e8 c9 85 89 6f eb 0a e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5ca16f registers.esp: 4648824 registers.edi: 46005074 registers.eax: 0 registers.ebp: 4648872 registers.edx: 10065620 registers.ebx: 46004924 registers.esi: 46005144 registers.ecx: 10070968	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x5cbf55 0x5cbea9 0x5c909c 0x5c89da 0x5c6081 0x5c16b6 0x5c13a0 0x5c0056 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 d4 eb 11 e8 c9 85 89 6f eb 0a e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5ca16f registers.esp: 4648824 registers.edi: 47183794 registers.eax: 0 registers.ebp: 4648872 registers.edx: 10065620 registers.ebx: 47183644 registers.esi: 47183864 registers.ecx: 10070968	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x5cc345 0x5cc299 0x5c913c 0x5c89da 0x5c6081 0x5c16b6 0x5c13a0 0x5c0056 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 d4 eb 11 e8 c9 85 89 6f eb 0a e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5ca16f registers.esp: 4648828 registers.edi: 43745862 registers.eax: 0 registers.ebp: 4648876 registers.edx: 10065620 registers.ebx: 43745712 registers.esi: 43745932 registers.ecx: 10070968	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x5cc345 0x5cc299 0x5c913c 0x5c89da 0x5c6081 0x5c16b6 0x5c13a0 0x5c0056 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 d4 eb 11 e8 c9 85 89 6f eb 0a e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5ca16f registers.esp: 4648828 registers.edi: 44926702 registers.eax: 0 registers.ebp: 4648876 registers.edx: 10065620 registers.ebx: 44926552 registers.esi: 44926772 registers.ecx: 10070968	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x5cc345 0x5cc299 0x5c913c 0x5c89da 0x5c6081 0x5c16b6 0x5c13a0 0x5c0056 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 d4 eb 11 e8 c9 85 89 6f eb 0a e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5ca16f registers.esp: 4648828 registers.edi: 46107542 registers.eax: 0 registers.ebp: 4648876 registers.edx: 10065620 registers.ebx: 46107392 registers.esi: 46107612 registers.ecx: 10070968	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0x64be77 0x64bd11 0x64760f 0x647320 0x644826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 8b d0 85 c0 75 06 8b 15 2c exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x64bf0c registers.esp: 3600708 registers.edi: 3600728 registers.eax: 0 registers.ebp: 3600740 registers.edx: 5511928 registers.ebx: 41586712 registers.esi: 41587532 registers.ecx: 0	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0xc0a2bf0 0xc0a2b2c 0xc0a2a30 0xc0a2271 0xc0a17ec 0x64c8f0 0x647700 0x647320 0x644826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 88 f2 db 63 eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc0a34b0 registers.esp: 3599908 registers.edi: 41648852 registers.eax: 0 registers.ebp: 3599968 registers.edx: 192528440 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 192533848	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0xc0a2bf0 0xc0a2b2c 0xc0a2a71 0xc0a2271 0xc0a17ec 0x64c8f0 0x647700 0x647320 0x644826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 88 f2 db 63 eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc0a34b0 registers.esp: 3599908 registers.edi: 42795248 registers.eax: 0 registers.ebp: 3599968 registers.edx: 192528440 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 192533848	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0xc0a2bf0 0xc0a2b2c 0xc0a2a71 0xc0a2271 0xc0a17ec 0x64c8f0 0x647700 0x647320 0x644826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 88 f2 db 63 eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc0a34b0 registers.esp: 3599908 registers.edi: 43916812 registers.eax: 0 registers.ebp: 3599968 registers.edx: 192528440 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 192533848	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0xc0a6163 0xc0a6089 0xc0a20a9 0xc0a17ec 0x64c8f0 0x647700 0x647320 0x644826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 88 f2 db 63 eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc0a34b0 registers.esp: 3599976 registers.edi: 45042472 registers.eax: 0 registers.ebp: 3600036 registers.edx: 192528440 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 192533848	1
__exception__ July 31, 2022, 1:47 p.m.	stacktrace: 0xc0a6163 0xc0a6089 0xc0a20a9 0xc0a17ec 0x64c8f0 0x647700 0x647320 0x644826 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x6fe7264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x6fe72e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x6ff274ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x6ff27610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x6ffb1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x6ffb1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x6ffb1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x6ffb416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7050f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x70717f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x70714de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: 8b 40 04 89 45 c8 eb 0c e8 88 f2 db 63 eb 05 e8 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc0a34b0 registers.esp: 3599976 registers.edi: 46082948 registers.eax: 0 registers.ebp: 3600036 registers.edx: 192528440 registers.ebx: 0 registers.esi: 1344437801 registers.ecx: 192533848	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (9 events)

suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://146.19.247.187/1571
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://146.19.247.187/5587879545.zip
suspicious_features	POST method with no referer header, POST method with no useragent header, Connection to IP address	suspicious_request	POST http://146.19.247.187/
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://62.204.41.126/1521
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://62.204.41.126/9051825815.zip
suspicious_features	POST method with no referer header, POST method with no useragent header, Connection to IP address	suspicious_request	POST http://62.204.41.126/
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://91.242.229.63/1557
suspicious_features	GET method with no useragent header, Connection to IP address	suspicious_request	GET http://91.242.229.63/0926682109.zip
suspicious_features	POST method with no referer header, POST method with no useragent header, Connection to IP address	suspicious_request	POST http://91.242.229.63/

Performs some HTTP requests (10 events)

request	GET http://146.19.247.187/1571
request	GET http://146.19.247.187/5587879545.zip
request	POST http://146.19.247.187/
request	GET http://62.204.41.126/1521
request	GET http://62.204.41.126/9051825815.zip
request	POST http://62.204.41.126/
request	GET http://91.242.229.63/1557
request	GET http://91.242.229.63/0926682109.zip
request	POST http://91.242.229.63/
request	GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml

Sends data using the HTTP POST Method (3 events)

request	POST http://146.19.247.187/
request	POST http://62.204.41.126/
request	POST http://91.242.229.63/

Allocates read-write-execute memory (usually to unpack itself) (50 out of 531 events)

Time & API	Arguments	Status
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2760 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c82000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 region_size: 266240 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02b80000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02bc0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c0c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c2c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c0c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c2c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f43000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fe7000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76d39000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74e02000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76bf2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c3f000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x030f0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73c82000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:48 p.m.	process_identifier: 2876 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x706e1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 region_size: 14225408 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03070000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x03e00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c3f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c0c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c2c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c0c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c2c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f43000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73fe7000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76d39000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x74e02000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76bf2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76bf7000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76c0f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76bf6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x766e3000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7769d000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x766e7000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76be8000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76bed000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77682000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x77672000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x767e6000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76cd4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x76cd3000 process_handle: 0xffffffff	1

A process attempted to delay the analysis task. (1 event)

description

namdoitntn.exe tried to sleep 250 seconds, actually delayed analysis time by 250 seconds

An application raised an exception which may be indicative of an exploit crash (3 events)

Time & API	Arguments	Status	Return	Repeated
Application Crash	Process iexplore.exe with pid 2876 crashed
__exception__ July 31, 2022, 1:48 p.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x76af374b CoReleaseServerProcess+0x73 OleSaveToStream-0xad ole32+0x64387 @ 0x76844387 NdrpMemoryIncrement+0x3d1 NdrComplexStructMarshall-0x2f rpcrt4+0x1ef51 @ 0x76aeef51 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x76ae6a9c NdrPointerMarshall+0xd6 NdrPointerBufferSize-0x10 rpcrt4+0x16b42 @ 0x76ae6b42 NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x76ae6a9c NdrConformantArrayFree+0x8c NdrOleFree-0xa rpcrt4+0x35c3a @ 0x76b05c3a NdrStubCall2+0x31d NdrUnmarshallBasetypeInline-0x23a rpcrt4+0xb06b8 @ 0x76b806b8 WdtpInterfacePointer_UserUnmarshal+0x256f DllDebugObjectRPCHook-0x1e89 ole32+0x13d7e6 @ 0x7691d7e6 WdtpInterfacePointer_UserUnmarshal+0x25ff DllDebugObjectRPCHook-0x1df9 ole32+0x13d876 @ 0x7691d876 WdtpInterfacePointer_UserUnmarshal+0x2b59 DllDebugObjectRPCHook-0x189f ole32+0x13ddd0 @ 0x7691ddd0 CoTaskMemFree+0x1b02 DcomChannelSetHResult-0x1c8 ole32+0x58a43 @ 0x76838a43 CoTaskMemFree+0x19f7 DcomChannelSetHResult-0x2d3 ole32+0x58938 @ 0x76838938 DcomChannelSetHResult+0x8ff CoGetObject-0x2183 ole32+0x5950a @ 0x7683950a WdtpInterfacePointer_UserUnmarshal+0x2a56 DllDebugObjectRPCHook-0x19a2 ole32+0x13dccd @ 0x7691dccd WdtpInterfacePointer_UserUnmarshal+0x28ca DllDebugObjectRPCHook-0x1b2e ole32+0x13db41 @ 0x7691db41 WdtpInterfacePointer_UserUnmarshal+0x2f86 DllDebugObjectRPCHook-0x1472 ole32+0x13e1fd @ 0x7691e1fd DcomChannelSetHResult+0x75c CoGetObject-0x2326 ole32+0x59367 @ 0x76839367 DcomChannelSetHResult+0x71b CoGetObject-0x2367 ole32+0x59326 @ 0x76839326 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76be62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76be6d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76be77c4 DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x76be788a CoWaitForMultipleHandles+0x4311 CoRegisterSurrogateEx-0x2fe ole32+0x1a48b @ 0x767fa48b CoWaitForMultipleHandles+0x23c1 CoRegisterSurrogateEx-0x224e ole32+0x1853b @ 0x767f853b CoWaitForMultipleHandles+0x4332 CoRegisterSurrogateEx-0x2dd ole32+0x1a4ac @ 0x767fa4ac CoGetTreatAsClass+0x2619 CoRegisterChannelHook-0x1269 ole32+0x2cd48 @ 0x7680cd48 CoGetTreatAsClass+0x314b CoRegisterChannelHook-0x737 ole32+0x2d87a @ 0x7680d87a BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x760cb727 registers.esp: 131198552 registers.edi: 9018612 registers.eax: 131198552 registers.ebp: 131198632 registers.edx: 90 registers.ebx: 131198916 registers.esi: 2147746133 registers.ecx: 89625152	1	0	0
__exception__ July 31, 2022, 1:48 p.m.	stacktrace: RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x76af374b DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x7691f725 NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x76b0414b ObjectStublessClient25+0x65c CoImpersonateClient-0xbc ole32+0xfe14 @ 0x767efe14 StgGetIFillLockBytesOnFile+0x16ab5 WdtpInterfacePointer_UserSize-0xe21 ole32+0x13a338 @ 0x7691a338 IsValidURL+0x4b8c MkParseDisplayNameEx-0x1c6a4 urlmon+0x4e99f @ 0x752de99f IntlPercentEncodeNormalize+0x1ff8 CoInternetCombineIUri-0x940 urlmon+0x272ed @ 0x752b72ed RegisterBindStatusCallback+0x40d9 CopyBindInfo-0xbe4 urlmon+0x1ab0d @ 0x752aab0d GetIUriPriv2+0x603 CoInternetIsFeatureEnabledForIUri-0xdf6 urlmon+0x1ea98 @ 0x752aea98 RegisterBindStatusCallback+0x1dc3 CopyBindInfo-0x2efa urlmon+0x187f7 @ 0x752a87f7 CopyStgMedium+0x286 FindMediaType-0x70d urlmon+0x1ba32 @ 0x752aba32 gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76be62fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76be6d3a CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76be77c4 DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76be7bca CreateAsyncBindCtx+0xb2f URLDownloadToCacheFileW-0x54c urlmon+0x4516f @ 0x752d516f CreateAsyncBindCtx+0xa8e URLDownloadToCacheFileW-0x5ed urlmon+0x450ce @ 0x752d50ce RegisterBindStatusCallback+0x36a4 CopyBindInfo-0x1619 urlmon+0x1a0d8 @ 0x752aa0d8 RegisterBindStatusCallback+0x3151 CopyBindInfo-0x1b6c urlmon+0x19b85 @ 0x752a9b85 RegisterBindStatusCallback+0x3074 CopyBindInfo-0x1c49 urlmon+0x19aa8 @ 0x752a9aa8 CreateAsyncBindCtx+0xccc URLDownloadToCacheFileW-0x3af urlmon+0x4530c @ 0x752d530c URLDownloadToCacheFileW+0xe5 CoInternetIsFeatureZoneElevationEnabled-0x2c18 urlmon+0x457a0 @ 0x752d57a0 DllCanUnloadNow+0xcfc8 IEAssociateThreadWithTab-0x294dd ieframe+0x2540c @ 0x7210540c DllCanUnloadNow+0xce86 IEAssociateThreadWithTab-0x2961f ieframe+0x252ca @ 0x721052ca CreateExtensionGuidEnumerator+0x5d622 SetQueryNetSessionCount-0x15f9a ieframe+0x100ea3 @ 0x721e0ea3 RtlGetUserInfoHeap+0x225 RtlQueueWorkItem-0x210 ntdll+0x67e96 @ 0x776a7e96 TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x776854f4 BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0x80040155 exception.offset: 46887 exception.address: 0x760cb727 registers.esp: 104716000 registers.edi: 1988295184 registers.eax: 104716000 registers.ebp: 104716080 registers.edx: 1 registers.ebx: 110847532 registers.esi: 2147746133 registers.ecx: 2955062347	1	0	0

Application Crash

Process iexplore.exe with pid 2876 crashed

Time & API

Arguments

Status

Return

Repeated

__exception__

July 31, 2022, 1:48 p.m.

stacktrace:

RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x76af374b
CoReleaseServerProcess+0x73 OleSaveToStream-0xad ole32+0x64387 @ 0x76844387
NdrpMemoryIncrement+0x3d1 NdrComplexStructMarshall-0x2f rpcrt4+0x1ef51 @ 0x76aeef51
NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x76ae6a9c
NdrPointerMarshall+0xd6 NdrPointerBufferSize-0x10 rpcrt4+0x16b42 @ 0x76ae6b42
NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x76ae6a9c
NdrConformantArrayFree+0x8c NdrOleFree-0xa rpcrt4+0x35c3a @ 0x76b05c3a
NdrStubCall2+0x31d NdrUnmarshallBasetypeInline-0x23a rpcrt4+0xb06b8 @ 0x76b806b8
WdtpInterfacePointer_UserUnmarshal+0x256f DllDebugObjectRPCHook-0x1e89 ole32+0x13d7e6 @ 0x7691d7e6
WdtpInterfacePointer_UserUnmarshal+0x25ff DllDebugObjectRPCHook-0x1df9 ole32+0x13d876 @ 0x7691d876
WdtpInterfacePointer_UserUnmarshal+0x2b59 DllDebugObjectRPCHook-0x189f ole32+0x13ddd0 @ 0x7691ddd0
CoTaskMemFree+0x1b02 DcomChannelSetHResult-0x1c8 ole32+0x58a43 @ 0x76838a43
CoTaskMemFree+0x19f7 DcomChannelSetHResult-0x2d3 ole32+0x58938 @ 0x76838938
DcomChannelSetHResult+0x8ff CoGetObject-0x2183 ole32+0x5950a @ 0x7683950a
WdtpInterfacePointer_UserUnmarshal+0x2a56 DllDebugObjectRPCHook-0x19a2 ole32+0x13dccd @ 0x7691dccd
WdtpInterfacePointer_UserUnmarshal+0x28ca DllDebugObjectRPCHook-0x1b2e ole32+0x13db41 @ 0x7691db41
WdtpInterfacePointer_UserUnmarshal+0x2f86 DllDebugObjectRPCHook-0x1472 ole32+0x13e1fd @ 0x7691e1fd
DcomChannelSetHResult+0x75c CoGetObject-0x2326 ole32+0x59367 @ 0x76839367
DcomChannelSetHResult+0x71b CoGetObject-0x2367 ole32+0x59326 @ 0x76839326
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76be62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76be6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76be77c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x76be788a
CoWaitForMultipleHandles+0x4311 CoRegisterSurrogateEx-0x2fe ole32+0x1a48b @ 0x767fa48b
CoWaitForMultipleHandles+0x23c1 CoRegisterSurrogateEx-0x224e ole32+0x1853b @ 0x767f853b
CoWaitForMultipleHandles+0x4332 CoRegisterSurrogateEx-0x2dd ole32+0x1a4ac @ 0x767fa4ac
CoGetTreatAsClass+0x2619 CoRegisterChannelHook-0x1269 ole32+0x2cd48 @ 0x7680cd48
CoGetTreatAsClass+0x314b CoRegisterChannelHook-0x737 ole32+0x2d87a @ 0x7680d87a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 46887
exception.address: 0x760cb727
registers.esp: 131198552
registers.edi: 9018612
registers.eax: 131198552
registers.ebp: 131198632
registers.edx: 90
registers.ebx: 131198916
registers.esi: 2147746133
registers.ecx: 89625152

__exception__

July 31, 2022, 1:48 p.m.

stacktrace:

RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x76af374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x7691f725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x76b0414b
ObjectStublessClient25+0x65c CoImpersonateClient-0xbc ole32+0xfe14 @ 0x767efe14
StgGetIFillLockBytesOnFile+0x16ab5 WdtpInterfacePointer_UserSize-0xe21 ole32+0x13a338 @ 0x7691a338
IsValidURL+0x4b8c MkParseDisplayNameEx-0x1c6a4 urlmon+0x4e99f @ 0x752de99f
IntlPercentEncodeNormalize+0x1ff8 CoInternetCombineIUri-0x940 urlmon+0x272ed @ 0x752b72ed
RegisterBindStatusCallback+0x40d9 CopyBindInfo-0xbe4 urlmon+0x1ab0d @ 0x752aab0d
GetIUriPriv2+0x603 CoInternetIsFeatureEnabledForIUri-0xdf6 urlmon+0x1ea98 @ 0x752aea98
RegisterBindStatusCallback+0x1dc3 CopyBindInfo-0x2efa urlmon+0x187f7 @ 0x752a87f7
CopyStgMedium+0x286 FindMediaType-0x70d urlmon+0x1ba32 @ 0x752aba32
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x76be62fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x76be6d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x76be77c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x76be7bca
CreateAsyncBindCtx+0xb2f URLDownloadToCacheFileW-0x54c urlmon+0x4516f @ 0x752d516f
CreateAsyncBindCtx+0xa8e URLDownloadToCacheFileW-0x5ed urlmon+0x450ce @ 0x752d50ce
RegisterBindStatusCallback+0x36a4 CopyBindInfo-0x1619 urlmon+0x1a0d8 @ 0x752aa0d8
RegisterBindStatusCallback+0x3151 CopyBindInfo-0x1b6c urlmon+0x19b85 @ 0x752a9b85
RegisterBindStatusCallback+0x3074 CopyBindInfo-0x1c49 urlmon+0x19aa8 @ 0x752a9aa8
CreateAsyncBindCtx+0xccc URLDownloadToCacheFileW-0x3af urlmon+0x4530c @ 0x752d530c
URLDownloadToCacheFileW+0xe5 CoInternetIsFeatureZoneElevationEnabled-0x2c18 urlmon+0x457a0 @ 0x752d57a0
DllCanUnloadNow+0xcfc8 IEAssociateThreadWithTab-0x294dd ieframe+0x2540c @ 0x7210540c
DllCanUnloadNow+0xce86 IEAssociateThreadWithTab-0x2961f ieframe+0x252ca @ 0x721052ca
CreateExtensionGuidEnumerator+0x5d622 SetQueryNetSessionCount-0x15f9a ieframe+0x100ea3 @ 0x721e0ea3
RtlGetUserInfoHeap+0x225 RtlQueueWorkItem-0x210 ntdll+0x67e96 @ 0x776a7e96
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x776854f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x766e33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x77679ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x77679ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 46887
exception.address: 0x760cb727
registers.esp: 104716000
registers.edi: 1988295184
registers.eax: 104716000
registers.ebp: 104716080
registers.edx: 1
registers.ebx: 110847532
registers.esi: 2147746133
registers.ecx: 2955062347

Steals private information from local Internet browsers (50 out of 2710 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\te\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\OriginTrials\Local Extension Settings\lpilbniiabackdjcionkobglmddfbcjo\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\fil\messages.json\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\ShaderCache\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\_locales\uk\messages.json\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RF3a15fe.TMP\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\_locales\nb\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Crashpad\IndexedDB\chrome-extension_hpglfhgfnhbgpjdenjgmdgoeiappafln_0.indexeddb.leveldb\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\_locales\zh_CN\messages.json\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\_locales\es_419\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Current Tabs\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\topbar_floating_button_close.png\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics.pma~RF3a15fe.TMP\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\es_419\messages.json\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies-journal\Local Extension Settings\oeljdldpnmdbchonielidgobddffflal\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\manifest.json\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\GPUCache\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SwReporter\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\_locales\ar\messages.json\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\_locales\fr_CA\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflal\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7619.603.0.2_0\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\messages.json\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\BrowserMetrics-spare.pma\Sync Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\_locales\fil\messages.json\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\pnacl\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\_locales\ru\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\SSLErrorAssistant\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CertificateTransparency\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflal\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies\IndexedDB\chrome-extension_hpglfhgfnhbgpjdenjgmdgoeiappafln_0.indexeddb.leveldb\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOCK\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\PepperFlash\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Safe Browsing Cookies\Local Extension Settings\lpilbniiabackdjcionkobglmddfbcjo\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\First Run\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp\CURRENT
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma\Local Extension Settings\fhilaheimglignddkjgofkcbgekhenbh\CURRENT

Creates executable files on the filesystem (11 events)

file	C:\Program Files (x86)\Company\NewProduct\tag.exe
file	C:\Program Files (x86)\Company\NewProduct\romb_ro.exe
file	C:\Program Files (x86)\Company\NewProduct\jshainx.exe
file	C:\Program Files (x86)\Company\NewProduct\me.exe
file	C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe
file	C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe
file	C:\Program Files (x86)\Company\NewProduct\real.exe
file	C:\Program Files (x86)\Company\NewProduct\safert44.exe
file	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
file	C:\Program Files (x86)\Company\NewProduct\g3rgg.exe
file	C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe

Creates a shortcut to an executable file (12 events)

file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

Creates a suspicious process (2 events)

cmdline	"C:\Windows\System32\cmd.exe" /c taskkill /im real.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\real.exe" & del C:\ProgramData\*.dll & exit
cmdline	C:\Windows\System32\cmd.exe /c taskkill /im real.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\real.exe" & del C:\ProgramData\*.dll & exit

Drops a binary and executes it (11 events)

file	C:\Program Files (x86)\Company\NewProduct\real.exe
file	C:\Program Files (x86)\Company\NewProduct\F0geI.exe
file	C:\Program Files (x86)\Company\NewProduct\namdoitntn.exe
file	C:\Program Files (x86)\Company\NewProduct\romb_ro.exe
file	C:\Program Files (x86)\Company\NewProduct\safert44.exe
file	C:\Program Files (x86)\Company\NewProduct\tag.exe
file	C:\Program Files (x86)\Company\NewProduct\kukurzka9000.exe
file	C:\Program Files (x86)\Company\NewProduct\ffnameedit.exe
file	C:\Program Files (x86)\Company\NewProduct\g3rgg.exe
file	C:\Program Files (x86)\Company\NewProduct\jshainx.exe
file	C:\Program Files (x86)\Company\NewProduct\me.exe

A process created a hidden window (21 events)

Time & API	Arguments	Status	Return
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1n7LH4 parameters: filepath: https://iplogger.org/1n7LH4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1n7LH4 parameters: filepath: https://iplogger.org/1n7LH4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1A4aK4 parameters: filepath: https://iplogger.org/1A4aK4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1A4aK4 parameters: filepath: https://iplogger.org/1A4aK4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1RLtX4 parameters: filepath: https://iplogger.org/1RLtX4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1RLtX4 parameters: filepath: https://iplogger.org/1RLtX4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1RCgX4 parameters: filepath: https://iplogger.org/1RCgX4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1RCgX4 parameters: filepath: https://iplogger.org/1RCgX4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1RCgX4 parameters: filepath: https://iplogger.org/1RCgX4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1RCgX4 parameters: filepath: https://iplogger.org/1RCgX4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1RchC4 parameters: filepath: https://iplogger.org/1RchC4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1RchC4 parameters: filepath: https://iplogger.org/1RchC4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1RyjC4 parameters: filepath: https://iplogger.org/1RyjC4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1RyjC4 parameters: filepath: https://iplogger.org/1RyjC4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1RqCC4 parameters: filepath: https://iplogger.org/1RqCC4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1RqCC4 parameters: filepath: https://iplogger.org/1RqCC4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1nNrK4 parameters: filepath: https://iplogger.org/1nNrK4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1nNrK4 parameters: filepath: https://iplogger.org/1nNrK4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1nzwK4 parameters: filepath: https://iplogger.org/1nzwK4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: https://iplogger.org/1nzwK4 parameters: filepath: https://iplogger.org/1nzwK4	1	1
ShellExecuteExW July 31, 2022, 1:47 p.m.	show_type: 0 filepath_r: C:\Windows\System32\cmd.exe parameters: /c taskkill /im real.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\real.exe" & del C:\ProgramData\*.dll & exit filepath: C:\Windows\System32\cmd.exe	1	1

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (48 events)

Time & API	Arguments	Status	Return
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: smss.exe process_identifier: 224	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: csrss.exe process_identifier: 300	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: lsass.exe process_identifier: 452	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: lsm.exe process_identifier: 460	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: svchost.exe process_identifier: 580	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: svchost.exe process_identifier: 656	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: svchost.exe process_identifier: 728	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: svchost.exe process_identifier: 836	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: audiodg.exe process_identifier: 916	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: svchost.exe process_identifier: 988	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: svchost.exe process_identifier: 304	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: svchost.exe process_identifier: 1044	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: svchost.exe process_identifier: 1340	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: srvany.exe process_identifier: 1380	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: KMService.exe process_identifier: 1452	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: conhost.exe process_identifier: 1468	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: sppsvc.exe process_identifier: 1716	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: svchost.exe process_identifier: 1804	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: dwm.exe process_identifier: 2028	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: explorer.exe process_identifier: 1156	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: SearchIndexer.exe process_identifier: 772	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: SearchProtocolHost.exe process_identifier: 1776	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: SearchFilterHost.exe process_identifier: 1492	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: pw.exe process_identifier: 2512	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: taskhost.exe process_identifier: 2548	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: SearchProtocolHost.exe process_identifier: 2680	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: iexplore.exe process_identifier: 2876	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: iexplore.exe process_identifier: 2964	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: iexplore.exe process_identifier: 2116	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: real.exe process_identifier: 2252	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: namdoitntn.exe process_identifier: 2420	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: romb_ro.exe process_identifier: 2488	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: safert44.exe process_identifier: 2688	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: tag.exe process_identifier: 3008	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: kukurzka9000.exe process_identifier: 1664	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: ffnameedit.exe process_identifier: 316	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: namdoitntn.exe process_identifier: 2636	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: g3rgg.exe process_identifier: 1304	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: jshainx.exe process_identifier: 3140	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: me.exe process_identifier: 3212	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: WmiPrvSE.exe process_identifier: 3540	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x000002a4 process_name: ᜸?Ő? process_identifier: 4140024		0
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x00000298 process_name: svchost.exe process_identifier: 4072	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x00000298 process_name: ᛨLŐL process_identifier: 4991992		0
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x00000290 process_name: cmd.exe process_identifier: 3688	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x00000290 process_name: conhost.exe process_identifier: 3772	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x00000290 process_name: timeout.exe process_identifier: 3868	1	1
Process32NextW July 31, 2022, 1:47 p.m.	snapshot_handle: 0x00000290 process_name: ᛨBŐB process_identifier: 4336632		0

Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) (1 event)

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 31, 2022, 1:47 p.m.	process_identifier: 2964 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 16 (PAGE_EXECUTE) base_address: 0x05e70000 process_handle: 0xffffffff	1	0	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses July 31, 2022, 1:47 p.m.	flags: 15 family: 0		111	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (13 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW July 31, 2022, 1:48 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 31, 2022, 1:47 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 31, 2022, 1:47 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 31, 2022, 1:47 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW July 31, 2022, 1:40 p.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW July 31, 2022, 1:40 p.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW July 31, 2022, 1:40 p.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW July 31, 2022, 1:40 p.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW July 31, 2022, 1:40 p.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW July 31, 2022, 1:40 p.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW July 31, 2022, 1:40 p.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW July 31, 2022, 1:40 p.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW July 31, 2022, 1:47 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1

Yara rule detected in process memory (25 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	DebuggerException__SetConsoleCtrl
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Queries for potentially installed applications (50 out of 280 events)

Time & API	Arguments	Status
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000002a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40 base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewProduct 1.00 base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NewProduct 1.00	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExA July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x80000002 key_handle: 0x000002a8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1
RegOpenKeyExW July 31, 2022, 1:47 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000001e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW July 31, 2022, 1:47 p.m.	regkey_r: AddressBook base_handle: 0x000001e8 key_handle: 0x000001e4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW July 31, 2022, 1:47 p.m.	regkey_r: Connection Manager base_handle: 0x000001e8 key_handle: 0x000001e4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW July 31, 2022, 1:47 p.m.	regkey_r: DirectDrawEx base_handle: 0x000001e8 key_handle: 0x000001e4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW July 31, 2022, 1:47 p.m.	regkey_r: EditPlus base_handle: 0x000001e8 key_handle: 0x000001e4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW July 31, 2022, 1:47 p.m.	regkey_r: ENTERPRISE base_handle: 0x000001e8 key_handle: 0x000001e4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW July 31, 2022, 1:47 p.m.	regkey_r: Fontcore base_handle: 0x000001e8 key_handle: 0x000001e4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW July 31, 2022, 1:47 p.m.	regkey_r: Google Chrome base_handle: 0x000001e8 key_handle: 0x000001e4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW July 31, 2022, 1:47 p.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x000001e8 key_handle: 0x000001e4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW July 31, 2022, 1:47 p.m.	regkey_r: IE40 base_handle: 0x000001e8 key_handle: 0x000001e4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1

Uses Windows utilities for basic Windows functionality (6 events)

cmdline	"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2876 CREDAT:145409
cmdline	"C:\Windows\System32\cmd.exe" /c taskkill /im real.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\real.exe" & del C:\ProgramData\*.dll & exit
cmdline	taskkill /im real.exe /f
cmdline	"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2876 CREDAT:145410
cmdline	"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
cmdline	C:\Windows\System32\cmd.exe /c taskkill /im real.exe /f & timeout /t 6 & del /f /q "C:\Program Files (x86)\Company\NewProduct\real.exe" & del C:\ProgramData\*.dll & exit

Executes one or more WMI queries which can be used to identify virtual machines (1 event)

wmi	SELECT * FROM Win32_Processor

Communicates with host for which no DNS query was performed (10 events)

host	103.89.90.61
host	117.18.232.200
host	146.19.247.187
host	185.199.224.90
host	185.87.149.167
host	31.41.244.134
host	45.182.189.196
host	62.204.41.126
host	62.204.41.144
host	91.242.229.63

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation July 31, 2022, 1:47 p.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

Checks the CPU name from registry, possibly for anti-virtualization (1 event)

registry

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString

Attempts to access Bitcoin/ALTCoin wallets (1 event)

file	C:\Users\test22\AppData\Roaming\Electrum\wallets\

Deletes executed files from disk (1 event)

file	C:\Program Files (x86)\Company\NewProduct\real.exe

Harvests credentials from local FTP client softwares (3 events)

file	C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml
registry	HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Executes one or more WMI queries (9 events)

wmi	SELECT * FROM AntivirusProduct
wmi	SELECT * FROM Win32_VideoController
wmi	SELECT * FROM Win32_OperatingSystem
wmi	SELECT * FROM Win32_Process Where SessionId='1'
wmi	SELECT * FROM FirewallProduct
wmi	SELECT * FROM AntiSpyWareProduct
wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "real.exe")
wmi	SELECT * FROM Win32_DiskDrive
wmi	SELECT * FROM Win32_Processor

Collects information about installed applications (50 out of 196 events)

Time & API	Arguments	Status
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: ????? ?? 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: NewProduct 1.00 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NewProduct 1.00\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: ????? ?? 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExA July 31, 2022, 1:47 p.m.	key_handle: 0x000002a8 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: NewProduct 1.00 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NewProduct 1.00\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW July 31, 2022, 1:47 p.m.	key_handle: 0x000001e4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1

Harvests credentials from local email clients (1 event)

file	C:\Users\test22\AppData\Roaming\Thunderbird\profiles.ini

Network activity contains more than one unique useragent (3 events)

process	iexplore.exe	useragent	Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
process	real.exe	useragent
process	kukurzka9000.exe	useragent	mozzzzzzzzzzz

Resumed a suspended thread in a remote process potentially indicative of process injection (6 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2876 resumed a thread in remote process 2964
Process injection	Process 2876 resumed a thread in remote process 2116
Process injection	Process 2252 resumed a thread in remote process 3688
NtResumeThread July 31, 2022, 1:47 p.m.	thread_handle: 0x00000338 suspend_count: 1 process_identifier: 2964	1	0	0
NtResumeThread July 31, 2022, 1:47 p.m.	thread_handle: 0x000005b4 suspend_count: 1 process_identifier: 2116	1	0	0
NtResumeThread July 31, 2022, 1:47 p.m.	thread_handle: 0x00000350 suspend_count: 1 process_identifier: 3688	1	0	0

Generates some ICMP traffic

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 events)

Bkav	W32.AIDetect.malware2
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Variant.Zusy.433917
CAT-QuickHeal	Trojan.Convagent
ALYac	Gen:Variant.Zusy.433917
Cylance	Unsafe
Sangfor	Infostealer.Win32.Agent.Vxt8
K7AntiVirus	Password-Stealer ( 0054d1a31 )
Alibaba	Ransom:Win32/Vidar.bc709a99
K7GW	Password-Stealer ( 0054d1a31 )
Cybereason	malicious.163298
Cyren	W32/Agent.ERS.gen!Eldorado
Symantec	Trojan.Whispergate
ESET-NOD32	multiple detections
APEX	Malicious
Paloalto	generic.ml
Kaspersky	UDS:Trojan-PSW.MSIL.Reline.gen
BitDefender	Gen:Variant.Zusy.433917
NANO-Antivirus	Trojan.Win32.Stealer.jqowms
Avast	Win32:BankerX-gen [Trj]
Tencent	Win32.Trojan-banker.Convagent.Syrq
Sophos	Mal/Generic-S
DrWeb	Trojan.PWS.Siggen3.20401
VIPRE	Gen:Variant.Zusy.433917
TrendMicro	Ransom_StopCrypt.R002C0DGS22
McAfee-GW-Edition	BehavesLike.Win32.Dropper.tc
FireEye	Gen:Variant.Zusy.433917
Emsisoft	Gen:Variant.Zusy.433917 (B)
Ikarus	Trojan.Win32.Crypt
GData	Win32.Trojan-Stealer.Racealer.4BCGFQ
Avira	TR/AD.GenSHCode.cpspb
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Generic.ASMalwS.8158
Gridinsoft	Trojan.Win32.CoinMiner.vb!s8
SUPERAntiSpyware	Backdoor.Bladabindi/Variant
ZoneAlarm	HEUR:Trojan-PSW.MSIL.Reline.gen
Microsoft	Trojan:Win32/Raccoon.RD!MTB
Cynet	Malicious (score: 99)
McAfee	Artemis!C0EA08A16329
VBA32	BScope.Trojan.Crypt
TrendMicro-HouseCall	Ransom_StopCrypt.R002C0DGS22
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan-Ransom.Win32.Crypmod.zfq
Fortinet	W32/PossibleThreat
BitDefenderTheta	Gen:NN.ZexaF.34806.sqW@ayq9Qan
AVG	Win32:BankerX-gen [Trj]
Panda	Trj/CI.A
CrowdStrike	win/malicious_confidence_100% (W)

Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually) (3 events)

dead_host	185.87.149.167:31402
dead_host	185.199.224.90:37143
dead_host	45.182.189.196:80

JOB.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All