Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	March 16, 2023, 10:27 a.m.	March 16, 2023, 10:46 a.m.

Size	1.7MB
Type	ASCII text, with very long lines, with no line terminators
MD5	`c0aa6a02799611928896463d8c6a324d`
SHA256	`f9fd9b8f43086a5c5f8b638e12c83d6732b344d78f6a7071c18a9a2fc28915c2`
CRC32	`012F79A5`
ssdeep	`24576:vP5JGloTltE5HWbepoF+1rESw3rv5aKL8I4h7cDO4Duo2LZFVlsSMZmdHp:3OdU+cT9W7MD9MDMZmdHp`
Yara	NPKI_Zero - File included NPKI Win_Trojan_Formbook_Zero - Used Formbook hide_executable_file - Hide executable file

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\boy1start.ps1
316
- boy1.pif "C:\Users\Public\boy1.pif"
  2180
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\boy1.pif"
    2812
  - AcroRd32.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\test22\AppData\Local\Temp\golden.pdf"
    2924
  - powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\TfOyvHCStQAJyb.exe"
    2968
  - schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\TfOyvHCStQAJyb" /XML "C:\Users\test22\AppData\Local\Temp\tmp72C5.tmp"
    3020
  - RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
    2084
explorer.exe C:\Windows\Explorer.EXE
1236

Name	Response	Post-Analysis Lookup
checkip.dyndns.org	A 132.226.8.169 CNAME checkip.dyndns.com A 193.122.130.0 A 132.226.247.73 A 158.101.44.242 A 193.122.6.168	132.226.8.169

IP Address	Status	Action
164.124.101.2	Active	Moloch
193.122.130.0	Active	Moloch
37.139.128.83	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.103:49168 -> 37.139.128.83:80	2027265	ET INFO Dotted Quad Host PDF Request	Potentially Bad Traffic
TCP 192.168.56.103:49176 -> 193.122.130.0:80	2039190	ET MALWARE 404/Snake/Matiex Keylogger Style External IP Check	A Network Trojan was detected
TCP 192.168.56.103:49176 -> 193.122.130.0:80	2021378	ET POLICY External IP Lookup - checkip.dyndns.org	Device Retrieving External IP Address Detected
TCP 192.168.56.103:49176 -> 193.122.130.0:80	2042688	ET INFO DYNAMIC_DNS HTTP Request to a *.dyndns .org Domain	Potentially Bad Traffic
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2042687	ET INFO DYNAMIC_DNS Query to a *.dyndns .org Domain	Potentially Bad Traffic
UDP 192.168.56.103:52760 -> 164.124.101.2:53	2012758	ET INFO DYNAMIC_DNS Query to *.dyndns. Domain	Misc activity

Suricata TLS

No Suricata TLS

Queries for the computername (18 events)

Time & API	Arguments	Status	Return
GetComputerNameW March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:28 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:29 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:29 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:29 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW March 16, 2023, 9:29 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (7 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent March 16, 2023, 9:28 a.m.			0	0
IsDebuggerPresent March 16, 2023, 9:28 a.m.			0	0
IsDebuggerPresent March 16, 2023, 9:28 a.m.			0	0
IsDebuggerPresent March 16, 2023, 9:28 a.m.			0	0
IsDebuggerPresent March 16, 2023, 9:28 a.m.			0	0
IsDebuggerPresent March 16, 2023, 9:28 a.m.			0	0
IsDebuggerPresent March 16, 2023, 9:28 a.m.			0	0

Command line console output was observed (18 events)

Time & API	Arguments	Status	Return
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function console_handle: 0x00000023	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: , script file, or operable program. Check the spelling of the name, or if a pat console_handle: 0x0000002f	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: h was included, verify that the path is correct and try again. console_handle: 0x0000003b	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: At line:1 char:17 console_handle: 0x00000047	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: + Add-MpPreference <<<< -ExclusionPath C:\Users\Public\boy1.pif console_handle: 0x00000053	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co console_handle: 0x0000005f	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: mmandNotFoundException console_handle: 0x0000006b	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: + FullyQualifiedErrorId : CommandNotFoundException console_handle: 0x00000077	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function console_handle: 0x00000023	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: , script file, or operable program. Check the spelling of the name, or if a pat console_handle: 0x0000002f	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: h was included, verify that the path is correct and try again. console_handle: 0x0000003b	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: At line:1 char:17 console_handle: 0x00000047	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: + Add-MpPreference <<<< -ExclusionPath C:\Users\test22\AppData\Roaming\TfOyvHC console_handle: 0x00000053	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: StQAJyb.exe console_handle: 0x0000005f	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: + CategoryInfo : ObjectNotFound: (Add-MpPreference:String) [], Co console_handle: 0x0000006b	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: mmandNotFoundException console_handle: 0x00000077	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: + FullyQualifiedErrorId : CommandNotFoundException console_handle: 0x00000083	1	1
WriteConsoleW March 16, 2023, 9:28 a.m.	buffer: SUCCESS: The scheduled task "Updates\TfOyvHCStQAJyb" has successfully been created. console_handle: 0x00000007	1	1

Uses Windows APIs to generate a cryptographic key (50 out of 103 events)

Time & API	Arguments	Status	Return
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005eb128 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005eb128 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005eb128 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005eb128 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x005eb128 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058dbe0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058dd20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058dd20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058dd20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058d520 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058d520 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058d520 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058d520 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058d520 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058d520 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058dd20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058dd20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058dd20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e2a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e2a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e2a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058dfa0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e2a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e2a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e2a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e2a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e2a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e2a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e2a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e060 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e0e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e0e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e0e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e0e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e0e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e0e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey March 16, 2023, 9:28 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0058e0e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Tries to locate where the browsers are installed (2 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file	c:\program files\mozilla firefox\firefox.exe

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx March 16, 2023, 9:27 a.m.		1	1	0

One or more processes crashed (50 out of 339 events)

Time & API	Arguments	Status
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6714d4 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 39 09 e8 4f dd 5d 71 89 85 b8 fe ff ff 8b 8d b8 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x672de2 registers.esp: 3664860 registers.edi: 3665300 registers.eax: 0 registers.ebp: 3665308 registers.edx: 38015528 registers.ebx: 3665484 registers.esi: 0 registers.ecx: 0	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x673902 0x6714db DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 c8 33 d2 89 55 c4 90 e9 9a 00 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6741d8 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38490440 registers.ecx: 38380212	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x673902 0x6714db DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 c6 22 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6741f9 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38490440 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x673902 0x6714db DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 f4 21 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6742cb registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38490440 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x673902 0x6714db DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 ad 21 5c exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x674394 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38490440 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x673902 0x6714db DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ea 20 5c 72 8b 4c 82 0c e8 dc exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6743d5 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38490440 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x673902 0x6714db DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ad 20 5c 72 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x674412 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38490440 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x673902 0x6714db DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 fd 1f 5c 72 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6744c2 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38490440 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x673902 0x6714db DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ce 1e 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6745f1 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38490440 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6748b8 0x6714e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 c8 33 d2 89 55 c4 90 e9 9a 00 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6741d8 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38495336 registers.ecx: 38380212	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6748b8 0x6714e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 c6 22 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6741f9 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38495336 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6748b8 0x6714e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 f4 21 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6742cb registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38495336 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6748b8 0x6714e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 ad 21 5c exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x674394 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38495336 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6748b8 0x6714e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ea 20 5c 72 8b 4c 82 0c e8 dc exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6743d5 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38495336 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6748b8 0x6714e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ad 20 5c 72 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x674412 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38495336 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6748b8 0x6714e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 fd 1f 5c 72 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6744c2 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38495336 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6748b8 0x6714e2 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ce 1e 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6745f1 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38495336 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674d18 0x6714e9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 c8 33 d2 89 55 c4 90 e9 9a 00 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6741d8 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38500092 registers.ecx: 38380212	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674d18 0x6714e9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 c6 22 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6741f9 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38500092 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674d18 0x6714e9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 f4 21 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6742cb registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38500092 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674d18 0x6714e9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 ad 21 5c exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x674394 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38500092 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674d18 0x6714e9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ea 20 5c 72 8b 4c 82 0c e8 dc exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6743d5 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38500092 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674d18 0x6714e9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ad 20 5c 72 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x674412 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38500092 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674d18 0x6714e9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 fd 1f 5c 72 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6744c2 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38500092 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674d18 0x6714e9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ce 1e 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6745f1 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38500092 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x675178 0x6714f0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 c8 33 d2 89 55 c4 90 e9 9a 00 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6741d8 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38504852 registers.ecx: 38380212	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x675178 0x6714f0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 c6 22 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6741f9 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38504852 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x675178 0x6714f0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 f4 21 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6742cb registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38504852 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x675178 0x6714f0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 ad 21 5c exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x674394 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38504852 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x675178 0x6714f0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ea 20 5c 72 8b 4c 82 0c e8 dc exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6743d5 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38504852 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x675178 0x6714f0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ad 20 5c 72 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x674412 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38504852 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x675178 0x6714f0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 fd 1f 5c 72 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6744c2 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38504852 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x675178 0x6714f0 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ce 1e 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6745f1 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38504852 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6755d8 0x6714f7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 89 45 c8 33 d2 89 55 c4 90 e9 9a 00 00 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6741d8 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38509632 registers.ecx: 38380212	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6755d8 0x6714f7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 c6 22 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6741f9 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38509632 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6755d8 0x6714f7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 f4 21 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6742cb registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38509632 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6755d8 0x6714f7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 ad 21 5c exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x674394 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38509632 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6755d8 0x6714f7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ea 20 5c 72 8b 4c 82 0c e8 dc exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6743d5 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38509632 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6755d8 0x6714f7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ad 20 5c 72 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x674412 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38509632 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6755d8 0x6714f7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 fd 1f 5c 72 8b 4c 82 0c 8b 15 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6744c2 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38509632 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x6755d8 0x6714f7 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 ce 1e 5c 72 c1 e0 05 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x6745f1 registers.esp: 3664888 registers.edi: 3665088 registers.eax: 0 registers.ebp: 3665104 registers.edx: 0 registers.ebx: 3665484 registers.esi: 38509632 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674643 0x675a38 0x6714fe DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 50 04 b8 01 00 00 00 2b d0 71 05 e8 6d b0 5b exception.instruction: mov edx, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x67b4d4 registers.esp: 3662848 registers.edi: 3663684 registers.eax: 0 registers.ebp: 3664872 registers.edx: 0 registers.ebx: 0 registers.esi: 38514452 registers.ecx: 1	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674643 0x675a38 0x6714fe DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 8b 40 04 ba 01 00 00 00 2b c2 71 05 e8 11 b0 5b exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x67b530 registers.esp: 3662848 registers.edi: 3663684 registers.eax: 0 registers.ebp: 3664872 registers.edx: 0 registers.ebx: 0 registers.esi: 38514452 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674643 0x675a38 0x6714fe DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 57 af 5b 72 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x67b568 registers.esp: 3662848 registers.edi: 3663684 registers.eax: 0 registers.ebp: 3664872 registers.edx: 0 registers.ebx: 0 registers.esi: 38514452 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674643 0x675a38 0x6714fe DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 fd ae 5b 72 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x67b5c2 registers.esp: 3662848 registers.edi: 3663684 registers.eax: 0 registers.ebp: 3664872 registers.edx: 0 registers.ebx: 0 registers.esi: 38514452 registers.ecx: 8528468	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674643 0x675a38 0x6714fe DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 72 05 e8 97 ac 5b 72 c1 e0 04 8d 44 02 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x67b828 registers.esp: 3662844 registers.edi: 3663088 registers.eax: 0 registers.ebp: 3664872 registers.edx: 0 registers.ebx: 0 registers.esi: 38514452 registers.ecx: 656694146	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x674643 0x675a38 0x6714fe DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 4f 04 72 05 e8 e4 a2 5b 72 c1 e1 04 8d 4c 0f exception.instruction: cmp ecx, dword ptr [edi + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x67c1db registers.esp: 3662848 registers.edi: 0 registers.eax: 0 registers.ebp: 3664872 registers.edx: 0 registers.ebx: 0 registers.esi: 38514452 registers.ecx: 0	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x67cf60 0x675a99 0x6714fe DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x67d169 registers.esp: 3664896 registers.edi: 3664964 registers.eax: 0 registers.ebp: 3664980 registers.edx: 0 registers.ebx: 0 registers.esi: 38514452 registers.ecx: 38786056	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x67cf60 0x675ab6 0x6714fe DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x67d169 registers.esp: 3664896 registers.edi: 3664964 registers.eax: 3 registers.ebp: 3664980 registers.edx: 0 registers.ebx: 0 registers.esi: 38514452 registers.ecx: 38786056	1
__exception__ March 16, 2023, 9:28 a.m.	stacktrace: 0x67cf60 0x675ad9 0x6714fe DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x729a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x729b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x729b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x72a674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72a67610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72af1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72af1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72af1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x72af416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x745ef5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x74877f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x74874de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x778d9ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x778d9ea5 exception.instruction_r: 3b 42 04 0f 9d c0 0f b6 c0 89 45 c8 83 7d c8 00 exception.instruction: cmp eax, dword ptr [edx + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x67d169 registers.esp: 3664896 registers.edi: 3664964 registers.eax: 5 registers.ebp: 3664980 registers.edx: 0 registers.ebx: 0 registers.esi: 38514452 registers.ecx: 38786056	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (1 event)

suspicious_features

GET method with no useragent header, Connection to IP address

suspicious_request

GET http://37.139.128.83/golden.pdf

Connects to a Dynamic DNS Domain (1 event)

domain

checkip.dyndns.org

Performs some HTTP requests (7 events)

request	GET http://37.139.128.83/golden.pdf
request	GET http://checkip.dyndns.org/
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip
request	GET http://acroipm2.adobe.com/20/rdr/ENU/win/nooem/none/consumer/message.zip

Allocates read-write-execute memory (usually to unpack itself) (50 out of 367 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory March 16, 2023, 9:27 a.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0248b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:27 a.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0249f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:27 a.m.	process_identifier: 316 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02469000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 316 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02770000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 720896 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00420000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00490000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f41000 process_handle: 0xffffffff	1
NtProtectVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73f42000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 2228224 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01f80000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02160000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00472000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00905000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0090b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00907000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a21000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008fa000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008f7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008f6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05210000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 151552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05211000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05236000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05237000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05238000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05239000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0483f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04830000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0523a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0523b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05330000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 24576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05331000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05337000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05338000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05339000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008fb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0533a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0533b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06e40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 24576 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06e41000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06e47000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2180 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x06e48000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2812 region_size: 1376256 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026c0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2812 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x027d0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation (1 event)

Time & API	Arguments	Status	Return	Repeated
GetDiskFreeSpaceExW March 16, 2023, 9:29 a.m.	total_number_of_free_bytes: 0 free_bytes_available: 9904988160 root_path: C:\Users\test22\AppData\Local\Microsoft\Windows\Explorer total_number_of_bytes: 0	1	1	0

Steals private information from local Internet browsers (6 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Roaming\Opera\Opera\profile\wand.dat
file	C:\Users\test22\AppData\Local\Chromium\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\MapleStudio\ChromePlus\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Nichrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Yandex\YandexBrowser\User Data\Default\Ya Login Data

Looks up the external IP address (1 event)

domain

checkip.dyndns.org

Creates (office) documents on the filesystem (1 event)

file	C:\Users\test22\AppData\Local\Temp\golden.pdf

Creates executable files on the filesystem (1 event)

file	C:\Users\Public\boy1.pif

Creates a shortcut to an executable file (15 events)

file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk
file	C:\Users\test22\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk
file	C:\Users\test22\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
file	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk

Creates a suspicious process (6 events)

cmdline	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\boy1.pif"
cmdline	powershell Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\TfOyvHCStQAJyb.exe"
cmdline	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\TfOyvHCStQAJyb" /XML "C:\Users\test22\AppData\Local\Temp\tmp72C5.tmp"
cmdline	powershell Add-MpPreference -ExclusionPath "C:\Users\Public\boy1.pif"
cmdline	schtasks.exe /Create /TN "Updates\TfOyvHCStQAJyb" /XML "C:\Users\test22\AppData\Local\Temp\tmp72C5.tmp"
cmdline	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\TfOyvHCStQAJyb.exe"

A process created a hidden window (3 events)

Time & API	Arguments	Status	Return
ShellExecuteExW March 16, 2023, 9:28 a.m.	show_type: 0 filepath_r: powershell parameters: Add-MpPreference -ExclusionPath "C:\Users\Public\boy1.pif" filepath: powershell	1	1
ShellExecuteExW March 16, 2023, 9:28 a.m.	show_type: 0 filepath_r: powershell parameters: Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\TfOyvHCStQAJyb.exe" filepath: powershell	1	1
ShellExecuteExW March 16, 2023, 9:28 a.m.	show_type: 0 filepath_r: schtasks.exe parameters: /Create /TN "Updates\TfOyvHCStQAJyb" /XML "C:\Users\test22\AppData\Local\Temp\tmp72C5.tmp" filepath: schtasks.exe	1	1

Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping (15 events)

Time & API	Arguments	Status	Return
Process32NextW March 16, 2023, 9:28 a.m.	snapshot_handle: 0x00000320 process_name: pw.exe process_identifier: 1944	1	1
Process32NextW March 16, 2023, 9:28 a.m.	snapshot_handle: 0x00000320 process_name: SearchProtocolHost.exe process_identifier: 1516	1	1
Process32NextW March 16, 2023, 9:28 a.m.	snapshot_handle: 0x00000320 process_name: svchost.exe process_identifier: 2408	1	1
Process32NextW March 16, 2023, 9:28 a.m.	snapshot_handle: 0x00000320 process_name: mscorsvw.exe process_identifier: 2436	1	1
Process32NextW March 16, 2023, 9:28 a.m.	snapshot_handle: 0x00000320 process_name: mscorsvw.exe process_identifier: 2484	1	1
Process32NextW March 16, 2023, 9:28 a.m.	snapshot_handle: 0x00000320 process_name: sppsvc.exe process_identifier: 2528	1	1
Process32NextW March 16, 2023, 9:28 a.m.	snapshot_handle: 0x00000320 process_name: AcroRd32.exe process_identifier: 2924	1	1
Process32NextW March 16, 2023, 9:28 a.m.	snapshot_handle: 0x00000320 process_name: RegSvcs.exe process_identifier: 2084	1	1
Process32NextW March 16, 2023, 9:28 a.m.	snapshot_handle: 0x00000320 process_name: RdrCEF.exe process_identifier: 2576	1	1
Process32NextW March 16, 2023, 9:28 a.m.	snapshot_handle: 0x00000320 process_name: RdrCEF.exe process_identifier: 524	1	1
Process32NextW March 16, 2023, 9:28 a.m.	snapshot_handle: 0x00000320 process_name: RdrCEF.exe process_identifier: 2288	1	1
Process32NextW March 16, 2023, 9:29 a.m.	snapshot_handle: 0x00000760 process_name: cmd.exe process_identifier: 2764	1	1
Process32NextW March 16, 2023, 9:29 a.m.	snapshot_handle: 0x00000760 process_name: conhost.exe process_identifier: 2760	1	1
Process32NextW March 16, 2023, 9:29 a.m.	snapshot_handle: 0x00000760 process_name: pw.exe process_identifier: 2832	1	1
Process32NextW March 16, 2023, 9:29 a.m.	snapshot_handle: 0x00000760 process_name: RdrCEF.exe process_identifier: 2916	1	1

File has been identified by 9 AntiVirus engines on VirusTotal as malicious (9 events)

McAfee	PS/Dropper.c
Symantec	Scr.Malcode!gdn30
ESET-NOD32	PowerShell/TrojanDropper.Agent.ABZ
Avast	Other:Malware-gen [Trj]
Kaspersky	UDS:DangerousObject.Multi.Generic
McAfee-GW-Edition	BehavesLike.PS.Dropper.tn
Ikarus	Trojan.MSIL.Crypt
Google	Detected
AVG	Other:Malware-gen [Trj]

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses March 16, 2023, 9:28 a.m.	flags: 15 family: 0		111	0

Checks for the Locally Unique Identifier on the system for a suspicious privilege (36 events)

Time & API	Arguments	Status	Return
LookupPrivilegeValueW March 16, 2023, 9:28 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:28 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeCreateTokenPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeAssignPrimaryTokenPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeMachineAccountPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeTcbPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeSecurityPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeTakeOwnershipPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeLoadDriverPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeBackupPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeRestorePrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeRemoteShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeEnableDelegationPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeManageVolumePrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeCreateGlobalPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:28 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:28 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1
LookupPrivilegeValueW March 16, 2023, 9:29 a.m.	system_name: privilege_name: SeShutdownPrivilege	1	1

Yara rule detected in process memory (12 events)

description	Communications smtp	rule	Network_SMTP_dotNet
description	PWS Memory	rule	Generic_PWS_Memory_Zero
description	Run a KeyLogger	rule	KeyLogger
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep
description	Affect hook table	rule	win_hook

Queries for potentially installed applications (50 out of 79 events)

Time & API	Arguments	Status
RegOpenKeyExW March 16, 2023, 9:28 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000001e4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:28 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000001e8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:28 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x00000338 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:28 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x00000338 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:28 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x00000338 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:28 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x00000450 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:28 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000004a4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:28 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x00000498 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1
RegOpenKeyExW March 16, 2023, 9:29 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100} base_handle: 0x80000002 key_handle: 0x000006ac options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-FFFF-7B44-AC0F074E4100}	1

Terminates another process (12 events)

Time & API	Arguments	Status
NtTerminateProcess March 16, 2023, 9:28 a.m.	status_code: 0x00000000 process_identifier: 2576 process_handle: 0x00000284
NtTerminateProcess March 16, 2023, 9:28 a.m.	status_code: 0x00000000 process_identifier: 2576 process_handle: 0x00000284	1
NtTerminateProcess March 16, 2023, 9:28 a.m.	status_code: 0x00000000 process_identifier: 524 process_handle: 0x00000284
NtTerminateProcess March 16, 2023, 9:28 a.m.	status_code: 0x00000000 process_identifier: 524 process_handle: 0x00000284	1
NtTerminateProcess March 16, 2023, 9:28 a.m.	status_code: 0x00000000 process_identifier: 2612 process_handle: 0x00000328
NtTerminateProcess March 16, 2023, 9:28 a.m.	status_code: 0x00000000 process_identifier: 2612 process_handle: 0x00000328	1
NtTerminateProcess March 16, 2023, 9:28 a.m.	status_code: 0x00000000 process_identifier: 2288 process_handle: 0x00000328
NtTerminateProcess March 16, 2023, 9:28 a.m.	status_code: 0x00000000 process_identifier: 2288 process_handle: 0x00000328	1
NtTerminateProcess March 16, 2023, 9:29 a.m.	status_code: 0x00000000 process_identifier: 2680 process_handle: 0x00000750
NtTerminateProcess March 16, 2023, 9:29 a.m.	status_code: 0x00000000 process_identifier: 2680 process_handle: 0x00000750	1
NtTerminateProcess March 16, 2023, 9:29 a.m.	status_code: 0x00000000 process_identifier: 2916 process_handle: 0x00000750
NtTerminateProcess March 16, 2023, 9:29 a.m.	status_code: 0x00000000 process_identifier: 2916 process_handle: 0x00000750	1

Uses Windows utilities for basic Windows functionality (4 events)

cmdline	"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\TfOyvHCStQAJyb" /XML "C:\Users\test22\AppData\Local\Temp\tmp72C5.tmp"
cmdline	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\test22\AppData\Local\Temp\golden.pdf"
cmdline	schtasks.exe /Create /TN "Updates\TfOyvHCStQAJyb" /XML "C:\Users\test22\AppData\Local\Temp\tmp72C5.tmp"
cmdline	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

Communicates with host for which no DNS query was performed (1 event)

host

37.139.128.83

Allocates execute permission to another process indicative of possible code injection (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2084 region_size: 155648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000059c	1	0	0

Attempts to identify installed AV products by installation directory (1 event)

file	C:\Users\test22\AppData\Local\AVAST Software\Browser\User Data\Default\Login Data

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation March 16, 2023, 9:29 a.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

Drops a binary and executes it (2 events)

file	C:\Users\Public\boy1.pif
file	C:\Users\test22\AppData\Local\Temp\golden.pdf

Harvests credentials from local FTP client softwares (1 event)

file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Harvests information related to installed instant messenger clients (1 event)

file	C:\Users\test22\AppData\Roaming\.purple\accounts.xml

Potential code injection by writing to the memory of another process (3 events)

Time & API	Arguments	Status	Return
WriteProcessMemory March 16, 2023, 9:28 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELÇÝmcàPèî @ `@O §@ H.textôæ è `.rsrc§ ê@@.reloc@ü@B base_address: 0x00400000 process_identifier: 2084 process_handle: 0x0000059c	1	1
WriteProcessMemory March 16, 2023, 9:28 a.m.	buffer: ð6 base_address: 0x00424000 process_identifier: 2084 process_handle: 0x0000059c	1	1
WriteProcessMemory March 16, 2023, 9:28 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2084 process_handle: 0x0000059c	1	1

Code injection by writing an executable or DLL to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory March 16, 2023, 9:28 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELÇÝmcàPèî @ `@O §@ H.textôæ è `.rsrc§ ê@@.reloc@ü@B base_address: 0x00400000 process_identifier: 2084 process_handle: 0x0000059c	1	1	0

Harvests credentials from local email clients (3 events)

registry	HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
registry	HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
registry	HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Attempts to create or modify system certificates (1 event)

registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F81F111D0E5AB58D396F7BF525577FD30FDC95AA\Blob

Network communications indicative of a potential document or script payload download was initiated by the process acrord32.exe (13 events)

Time & API	Arguments	Status	Return
send March 16, 2023, 9:28 a.m.	buffer: ! socket: 984 sent: 1	1	1
send March 16, 2023, 9:28 a.m.	buffer: GET /20/rdr/ENU/win/nooem/none/consumer/278_20_6_20042.zip HTTP/1.1 Accept: / If-Modified-Since: Wed, 15 Mar 2023 08:28:57 GMT User-Agent: IPM Host: acroipm2.adobe.com Connection: Keep-Alive Cache-Control: no-cache socket: 1140 sent: 226	1	226
send March 16, 2023, 9:28 a.m.	buffer: ! socket: 984 sent: 1	1	1
send March 16, 2023, 9:28 a.m.	buffer: ! socket: 984 sent: 1	1	1
send March 16, 2023, 9:28 a.m.	buffer: GET /20/rdr/ENU/win/nooem/none/consumer/281_20_6_20042.zip HTTP/1.1 Accept: / If-Modified-Since: Wed, 15 Mar 2023 08:28:57 GMT User-Agent: IPM Host: acroipm2.adobe.com Connection: Keep-Alive Cache-Control: no-cache socket: 1140 sent: 226	1	226
send March 16, 2023, 9:28 a.m.	buffer: ! socket: 984 sent: 1	1	1
send March 16, 2023, 9:28 a.m.	buffer: ! socket: 984 sent: 1	1	1
send March 16, 2023, 9:28 a.m.	buffer: GET /20/rdr/ENU/win/nooem/none/consumer/280_20_6_20042.zip HTTP/1.1 Accept: / If-Modified-Since: Wed, 15 Mar 2023 08:28:57 GMT User-Agent: IPM Host: acroipm2.adobe.com Connection: Keep-Alive Cache-Control: no-cache socket: 1096 sent: 226	1	226
send March 16, 2023, 9:28 a.m.	buffer: ! socket: 984 sent: 1	1	1
send March 16, 2023, 9:28 a.m.	buffer: GET /20/rdr/ENU/win/nooem/none/consumer/277_20_6_20042.zip HTTP/1.1 Accept: / If-Modified-Since: Wed, 15 Mar 2023 08:28:57 GMT User-Agent: IPM Host: acroipm2.adobe.com Connection: Keep-Alive Cache-Control: no-cache socket: 1208 sent: 226	1	226
send March 16, 2023, 9:28 a.m.	buffer: ! socket: 984 sent: 1	1	1
send March 16, 2023, 9:28 a.m.	buffer: GET /20/rdr/ENU/win/nooem/none/consumer/message.zip HTTP/1.1 Accept: / If-Modified-Since: Fri, 30 Jul 2021 19:28:16 GMT User-Agent: IPM Host: acroipm2.adobe.com Connection: Keep-Alive Cache-Control: no-cache socket: 1140 sent: 219	1	219
send March 16, 2023, 9:28 a.m.	buffer: ! socket: 984 sent: 1	1	1

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2180 called NtSetContextThread to modify thread in remote process 2084
NtSetContextThread March 16, 2023, 9:28 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4327150 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000005a0 process_identifier: 2084	1	0	0

One or more non-whitelisted processes were created (3 events)

parent_process	acrord32.exe	martian_process	"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
parent_process	powershell.exe	martian_process	C:\Users\Public\boy1.pif
parent_process	powershell.exe	martian_process	"C:\Users\Public\boy1.pif"

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2180 resumed a thread in remote process 2084
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000005a0 suspend_count: 1 process_identifier: 2084	1	0	0

Executed a process and injected code into it, probably while unpacking (47 events)

Time & API	Arguments	Status	Return
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000003d4 suspend_count: 1 process_identifier: 316	1	0
CreateProcessInternalW March 16, 2023, 9:28 a.m.	thread_identifier: 2184 thread_handle: 0x000003a8 process_identifier: 2180 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Users\Public\boy1.pif track: 1 command_line: "C:\Users\Public\boy1.pif" filepath_r: C:\Users\Public\boy1.pif stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003a4	1	1
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000003a8 suspend_count: 1 process_identifier: 316	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2180	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x00000150 suspend_count: 1 process_identifier: 2180	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x0000018c suspend_count: 1 process_identifier: 2180	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x0000024c suspend_count: 1 process_identifier: 2180	1	0
NtGetContextThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000000e0	1	0
NtGetContextThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000000e0	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 2180	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x00000268 suspend_count: 1 process_identifier: 2180	1	0
CreateProcessInternalW March 16, 2023, 9:28 a.m.	thread_identifier: 2816 thread_handle: 0x000003c8 process_identifier: 2812 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Public\boy1.pif" filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000003d0	1	1
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000004ec suspend_count: 1 process_identifier: 2180	1	0
CreateProcessInternalW March 16, 2023, 9:28 a.m.	thread_identifier: 2928 thread_handle: 0x000005a4 process_identifier: 2924 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe track: 1 command_line: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\test22\AppData\Local\Temp\golden.pdf" filepath_r: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000005a0	1	1
CreateProcessInternalW March 16, 2023, 9:28 a.m.	thread_identifier: 2972 thread_handle: 0x00000594 process_identifier: 2968 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe track: 1 command_line: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\test22\AppData\Roaming\TfOyvHCStQAJyb.exe" filepath_r: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x000005ac	1	1
CreateProcessInternalW March 16, 2023, 9:28 a.m.	thread_identifier: 3024 thread_handle: 0x00000580 process_identifier: 3020 current_directory: C:\Users\test22\AppData\Local\Temp filepath: C:\Windows\System32\schtasks.exe track: 1 command_line: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\TfOyvHCStQAJyb" /XML "C:\Users\test22\AppData\Local\Temp\tmp72C5.tmp" filepath_r: C:\Windows\System32\schtasks.exe stack_pivoted: 0 creation_flags: 67634192 (CREATE_DEFAULT_ERROR_MODE\|CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT\|EXTENDED_STARTUPINFO_PRESENT) inherit_handles: 0 process_handle: 0x00000590	1	1
CreateProcessInternalW March 16, 2023, 9:28 a.m.	thread_identifier: 2076 thread_handle: 0x000005a0 process_identifier: 2084 current_directory: filepath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe track: 1 command_line: filepath_r: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x0000059c	1	1
NtGetContextThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000005a0	1	0
NtAllocateVirtualMemory March 16, 2023, 9:28 a.m.	process_identifier: 2084 region_size: 155648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x0000059c	1	0
WriteProcessMemory March 16, 2023, 9:28 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELÇÝmcàPèî @ `@O §@ H.textôæ è `.rsrc§ ê@@.reloc@ü@B base_address: 0x00400000 process_identifier: 2084 process_handle: 0x0000059c	1	1
WriteProcessMemory March 16, 2023, 9:28 a.m.	buffer: base_address: 0x00402000 process_identifier: 2084 process_handle: 0x0000059c	1	1
WriteProcessMemory March 16, 2023, 9:28 a.m.	buffer: base_address: 0x00422000 process_identifier: 2084 process_handle: 0x0000059c	1	1
WriteProcessMemory March 16, 2023, 9:28 a.m.	buffer: ð6 base_address: 0x00424000 process_identifier: 2084 process_handle: 0x0000059c	1	1
WriteProcessMemory March 16, 2023, 9:28 a.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2084 process_handle: 0x0000059c	1	1
NtSetContextThread March 16, 2023, 9:28 a.m.	registers.eip: 0 registers.esp: 0 registers.edi: 0 registers.eax: 4327150 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000005a0 process_identifier: 2084	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000005a0 suspend_count: 1 process_identifier: 2084	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000005ac suspend_count: 1 process_identifier: 2180	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000002a8 suspend_count: 1 process_identifier: 2812	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000002fc suspend_count: 1 process_identifier: 2812	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x00000448 suspend_count: 1 process_identifier: 2812	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000004a8 suspend_count: 1 process_identifier: 2812	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000000e8 suspend_count: 1 process_identifier: 2924	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x00000168 suspend_count: 1 process_identifier: 2924	1	0
CreateProcessInternalW March 16, 2023, 9:28 a.m.	thread_identifier: 2580 thread_handle: 0x000002e0 process_identifier: 2576 current_directory: filepath: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe track: 1 command_line: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 filepath_r: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe stack_pivoted: 0 creation_flags: 1040 (CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT) inherit_handles: 1 process_handle: 0x000002e8	1	1
CreateProcessInternalW March 16, 2023, 9:28 a.m.	thread_identifier: 1800 thread_handle: 0x00000288 process_identifier: 524 current_directory: filepath: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe track: 1 command_line: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 filepath_r: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe stack_pivoted: 0 creation_flags: 1040 (CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT) inherit_handles: 1 process_handle: 0x00000284	1	1
CreateProcessInternalW March 16, 2023, 9:28 a.m.	thread_identifier: 2604 thread_handle: 0x00000288 process_identifier: 2612 current_directory: filepath: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe track: 1 command_line: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 filepath_r: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe stack_pivoted: 0 creation_flags: 1040 (CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT) inherit_handles: 1 process_handle: 0x00000284	1	1
CreateProcessInternalW March 16, 2023, 9:28 a.m.	thread_identifier: 1948 thread_handle: 0x00000324 process_identifier: 2288 current_directory: filepath: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe track: 1 command_line: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 filepath_r: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe stack_pivoted: 0 creation_flags: 1040 (CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT) inherit_handles: 1 process_handle: 0x00000320	1	1
CreateProcessInternalW March 16, 2023, 9:28 a.m.	thread_identifier: 2668 thread_handle: 0x00000324 process_identifier: 2680 current_directory: filepath: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe track: 1 command_line: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 filepath_r: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe stack_pivoted: 0 creation_flags: 1040 (CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT) inherit_handles: 1 process_handle: 0x00000328	1	1
CreateProcessInternalW March 16, 2023, 9:28 a.m.	thread_identifier: 2892 thread_handle: 0x00000324 process_identifier: 2916 current_directory: filepath: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe track: 1 command_line: "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043 filepath_r: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe stack_pivoted: 0 creation_flags: 1040 (CREATE_NEW_CONSOLE\|CREATE_UNICODE_ENVIRONMENT) inherit_handles: 1 process_handle: 0x00000288	1	1
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000002a8 suspend_count: 1 process_identifier: 2968	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000002fc suspend_count: 1 process_identifier: 2968	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x00000448 suspend_count: 1 process_identifier: 2968	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000004a8 suspend_count: 1 process_identifier: 2968	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2084	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x0000014c suspend_count: 1 process_identifier: 2084	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000001dc suspend_count: 1 process_identifier: 2084	1	0
NtResumeThread March 16, 2023, 9:28 a.m.	thread_handle: 0x000003a8 suspend_count: 1 process_identifier: 2084	1	0

The process powershell.exe wrote an executable file to disk which it then attempted to execute (1 event)

file	C:\Users\Public\boy1.pif

boy1start.ps1

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All