Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 3, 2023, 5:20 p.m.	June 3, 2023, 5:27 p.m.

Size	369.0KB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`8072726bf6f29230d619ec971b3d2a29`
SHA256	`afbd589d3c919482f8d1e3b52c5fe9031522d20ed918362fc36796f1afe2822d`
CRC32	`80E6E501`
ssdeep	`6144:6cu6maE4YCKnle7zFHMCurk4RqRDQ8yiLUIJoisacKdG:636maEtne1MCGhqRSkJois1Kd`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsPE32 - (no description)

setup.exe "C:\Users\test22\AppData\Local\Temp\setup.exe"
2560
- setup.exe "C:\Users\test22\AppData\Local\Temp\setup.exe"
  2648

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
179.43.175.252	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043233	ET MALWARE RedLine Stealer TCP CnC net.tcp Init	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 179.43.175.252:15205 -> 192.168.56.101:49165	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49165 -> 179.43.175.252:15205	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Queries for the computername (12 events)

Time & API	Arguments	Status	Return
GetComputerNameW June 3, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 3, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 3, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 3, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 3, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 3, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 3, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 3, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 3, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 3, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 3, 2023, 5:21 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 3, 2023, 5:21 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (3 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 3, 2023, 5:20 p.m.			0	0
IsDebuggerPresent June 3, 2023, 5:20 p.m.			0	0
IsDebuggerPresent June 3, 2023, 5:20 p.m.			0	0

Uses Windows APIs to generate a cryptographic key (23 events)

Time & API	Arguments	Status	Return
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928460 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928460 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x009284a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x009284a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x009287a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928860 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928860 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928860 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928860 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928920 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928920 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928820 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928820 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928820 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928820 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928820 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928820 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x009290a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x009290a0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x00928c20 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:21 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x009289e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:21 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x009289e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 3, 2023, 5:21 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x009291e0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Tries to locate where the browsers are installed (3 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file	C:\Program Files\Mozilla Firefox\firefox.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 3, 2023, 5:20 p.m.		1	1	0

The file contains an unknown PE resource name possibly indicative of a packer (1 event)

resource name

None

One or more processes crashed (27 events)

Time & API	Arguments	Status
__exception__ June 3, 2023, 5:20 p.m.	stacktrace: 0xc873d99 0xc873b9b 0x568c8f8 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xc873ed0 registers.esp: 1633060 registers.edi: 1633112 registers.eax: 0 registers.ebp: 1633124 registers.edx: 9219696 registers.ebx: 1634804 registers.esi: 43137624 registers.ecx: 0	1
__exception__ June 3, 2023, 5:20 p.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x72951194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x72822ba1 mscorlib+0x36dd51 @ 0x71b4dd51 mscorlib+0x32fea6 @ 0x71b0fea6 mscorlib+0x30ab40 @ 0x71aeab40 0xc87e165 0xc87e027 0xc87d6b4 0xc87c911 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 1632080 registers.edi: 0 registers.eax: 1632080 registers.ebp: 1632160 registers.edx: 0 registers.ebx: 9429000 registers.esi: 9219696 registers.ecx: 1842302163	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5693831 0x5693692 0x5693565 0x5692723 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 39 09 ff 15 74 26 d5 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5694472 registers.esp: 1631272 registers.edi: 1631572 registers.eax: 0 registers.ebp: 1631584 registers.edx: 81077764 registers.ebx: 1634804 registers.esi: 42846504 registers.ecx: 0	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5697cf0 0x5693dfc 0x5693692 0x5693565 0x5692723 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5697d33 registers.esp: 1631560 registers.edi: 1631904 registers.eax: 0 registers.ebp: 1631568 registers.edx: 0 registers.ebx: 1634804 registers.esi: 42846504 registers.ecx: 44093240	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5693831 0x5693692 0x569357d 0x5692723 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 39 09 ff 15 74 26 d5 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5694472 registers.esp: 1631272 registers.edi: 1631572 registers.eax: 0 registers.ebp: 1631584 registers.edx: 81077764 registers.ebx: 1634804 registers.esi: 42846504 registers.ecx: 0	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5697cf0 0x5693dfc 0x5693692 0x569357d 0x5692723 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5697d33 registers.esp: 1631560 registers.edi: 1631904 registers.eax: 0 registers.ebp: 1631568 registers.edx: 0 registers.ebx: 1634804 registers.esi: 42846504 registers.ecx: 45523676	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5693831 0x5693692 0x569357d 0x5692723 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 39 09 ff 15 74 26 d5 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5694472 registers.esp: 1631272 registers.edi: 1631572 registers.eax: 0 registers.ebp: 1631584 registers.edx: 81077764 registers.ebx: 1634804 registers.esi: 42846504 registers.ecx: 0	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5697cf0 0x5693dfc 0x5693692 0x569357d 0x5692723 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5697d33 registers.esp: 1631560 registers.edi: 1631904 registers.eax: 0 registers.ebp: 1631568 registers.edx: 0 registers.ebx: 1634804 registers.esi: 42846504 registers.ecx: 46953468	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5698268 0x56980b9 0x5693565 0x5692ac0 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 39 09 ff 15 74 26 d5 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5694472 registers.esp: 1631248 registers.edi: 1631548 registers.eax: 0 registers.ebp: 1631560 registers.edx: 81077764 registers.ebx: 1634804 registers.esi: 42846504 registers.ecx: 0	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5697cf0 0x56987fe 0x56980b9 0x5693565 0x5692ac0 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5697d33 registers.esp: 1631536 registers.edi: 1631928 registers.eax: 0 registers.ebp: 1631544 registers.edx: 0 registers.ebx: 1634804 registers.esi: 42846504 registers.ecx: 43706292	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5698268 0x56980b9 0x569357d 0x5692ac0 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 39 09 ff 15 74 26 d5 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5694472 registers.esp: 1631248 registers.edi: 1631548 registers.eax: 0 registers.ebp: 1631560 registers.edx: 81077764 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 0	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5697cf0 0x56987fe 0x56980b9 0x569357d 0x5692ac0 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5697d33 registers.esp: 1631536 registers.edi: 1631928 registers.eax: 0 registers.ebp: 1631544 registers.edx: 0 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 45055980	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5698268 0x56980b9 0x569357d 0x5692ac0 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 39 09 ff 15 74 26 d5 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5694472 registers.esp: 1631248 registers.edi: 1631548 registers.eax: 0 registers.ebp: 1631560 registers.edx: 81077764 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 0	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5697cf0 0x56987fe 0x56980b9 0x569357d 0x5692ac0 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5697d33 registers.esp: 1631536 registers.edi: 1631928 registers.eax: 0 registers.ebp: 1631544 registers.edx: 0 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 46405668	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5698ba2 0x56989b1 0x5693565 0x5692c14 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 39 09 ff 15 74 26 d5 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5694472 registers.esp: 1631300 registers.edi: 1631600 registers.eax: 0 registers.ebp: 1631612 registers.edx: 81077764 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 0	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5697cf0 0x569900a 0x56989b1 0x5693565 0x5692c14 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5697d33 registers.esp: 1631588 registers.edi: 1631928 registers.eax: 0 registers.ebp: 1631596 registers.edx: 0 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 43166740	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5698ba2 0x56989b1 0x569357d 0x5692c14 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 39 09 ff 15 74 26 d5 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5694472 registers.esp: 1631300 registers.edi: 1631600 registers.eax: 0 registers.ebp: 1631612 registers.edx: 81077764 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 0	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5697cf0 0x569900a 0x56989b1 0x569357d 0x5692c14 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5697d33 registers.esp: 1631588 registers.edi: 1631928 registers.eax: 0 registers.ebp: 1631596 registers.edx: 0 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 44657536	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5698ba2 0x56989b1 0x569357d 0x5692c14 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 39 09 ff 15 74 26 d5 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5694472 registers.esp: 1631300 registers.edi: 1631600 registers.eax: 0 registers.ebp: 1631612 registers.edx: 81077764 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 0	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5697cf0 0x569900a 0x56989b1 0x569357d 0x5692c14 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5697d33 registers.esp: 1631588 registers.edi: 1631928 registers.eax: 0 registers.ebp: 1631596 registers.edx: 0 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 46148044	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x569947c 0x5699299 0x5693565 0x5692d56 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 39 09 ff 15 74 26 d5 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5694472 registers.esp: 1631332 registers.edi: 1631632 registers.eax: 0 registers.ebp: 1631644 registers.edx: 81077764 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 0	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5697cf0 0x569983c 0x5699299 0x5693565 0x5692d56 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5697d33 registers.esp: 1631620 registers.edi: 1631928 registers.eax: 0 registers.ebp: 1631628 registers.edx: 0 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 43166772	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x569947c 0x5699299 0x569357d 0x5692d56 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 39 09 ff 15 74 26 d5 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5694472 registers.esp: 1631332 registers.edi: 1631632 registers.eax: 0 registers.ebp: 1631644 registers.edx: 81077764 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 0	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5697cf0 0x569983c 0x5699299 0x569357d 0x5692d56 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5697d33 registers.esp: 1631620 registers.edi: 1631928 registers.eax: 0 registers.ebp: 1631628 registers.edx: 0 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 44659864	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x569947c 0x5699299 0x569357d 0x5692d56 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 39 09 ff 15 74 26 d5 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5694472 registers.esp: 1631332 registers.edi: 1631632 registers.eax: 0 registers.ebp: 1631644 registers.edx: 81077764 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 0	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5697cf0 0x569983c 0x5699299 0x569357d 0x5692d56 0x56918d0 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5697d33 registers.esp: 1631620 registers.edi: 1631928 registers.eax: 0 registers.ebp: 1631628 registers.edx: 0 registers.ebx: 1634804 registers.esi: 42538932 registers.ecx: 46152668	1
__exception__ June 3, 2023, 5:21 p.m.	stacktrace: 0x5697cf0 0x569ac43 0x569a14a 0x5691928 0xc87460f 0x568ca3d 0x568c0f3 0x5682cbc 0x56826d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d36ad @ 0x71ab36ad mscorlib+0x308f2d @ 0x71ae8f2d 0x4cf0398 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f LogHelp_TerminateOnAssert+0x12cf8 GetPrivateContextsPerfCounters-0x674a clr+0x81838 @ 0x72821838 LogHelp_TerminateOnAssert+0x12bf7 GetPrivateContextsPerfCounters-0x684b clr+0x81737 @ 0x72821737 mscorlib+0x2d3711 @ 0x71ab3711 mscorlib+0x308f2d @ 0x71ae8f2d mscorlib+0x3133fd @ 0x71af33fd mscorlib+0x9873b1 @ 0x721673b1 mscorlib+0x97b352 @ 0x7215b352 DllUnregisterServerInternal-0x7666 clr+0x2a8e @ 0x727a2a8e DllGetClassObjectInternal+0x37c9b CorDllMainForThunk-0x54860 clr+0xfcd14 @ 0x7289cd14 0x1e3a062 setup+0x2403 @ 0x402403 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5697d33 registers.esp: 1632464 registers.edi: 1632728 registers.eax: 0 registers.ebp: 1632472 registers.edx: 0 registers.ebx: 1634804 registers.esi: 46694352 registers.ecx: 46701328	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 112 events)

Time & API	Arguments	Status
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 212992 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x007a1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2560 region_size: 303104 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00700000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73921000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 1703936 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x023f0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02550000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73492000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 655360 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e30000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e90000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x72de2000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7340b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 1966080 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02590000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x02730000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e32000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e91000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e92000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e3a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e3c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bd1000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e93000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e4c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e94000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e6b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e67000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x732fa000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cf0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e65000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e4d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73111000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x73bbf000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 53248 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cf1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cfe000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e56000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e5a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e57000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04cff000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05680000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05681000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05682000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6deb1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6de8e000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6dd0b000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05683000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05684000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 20480 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x05685000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0568a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e4a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0568b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x01e5b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Steals private information from local Internet browsers (6 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00034000', u'virtual_address': u'0x00018000', u'entropy': 7.966311637928791, u'name': u'.data', u'virtual_size': u'0x002b37e8'}

entropy

7.96631163793

description

A section with a high entropy has been found

entropy

0.565217391304

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW June 3, 2023, 5:20 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (8 events)

description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Queries for potentially installed applications (39 events)

Time & API	Arguments	Status
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x000002b8 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: AddressBook base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: Connection Manager base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: DirectDrawEx base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: EditPlus base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: ENTERPRISE base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: Fontcore base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: Google Chrome base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: IE40 base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: IE4Data base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: IE5BAKEX base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: IEData base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: MobileOptionPack base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: SchedulingAgent base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: WIC base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExW June 3, 2023, 5:21 p.m.	regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x000002b8 key_handle: 0x000002b4 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1

Executes one or more WMI queries which can be used to identify virtual machines (1 event)

wmi	SELECT * FROM Win32_Processor

Communicates with host for which no DNS query was performed (1 event)

host

179.43.175.252

Allocates execute permission to another process indicative of possible code injection (1 event)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 311296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000118	1	0	0

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation June 3, 2023, 5:20 p.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

Harvests credentials from local FTP client softwares (2 events)

file	C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Executes one or more WMI queries (8 events)

wmi	SELECT * FROM AntivirusProduct
wmi	SELECT * FROM Win32_VideoController
wmi	SELECT * FROM Win32_OperatingSystem
wmi	SELECT * FROM Win32_Process Where SessionId='1'
wmi	SELECT * FROM AntiSpyWareProduct
wmi	SELECT * FROM FirewallProduct
wmi	SELECT * FROM Win32_DiskDrive
wmi	SELECT * FROM Win32_Processor

Potential code injection by writing to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory June 3, 2023, 5:20 p.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2648 process_handle: 0x00000118	1	1	0

Collects information about installed applications (27 events)

Time & API	Arguments	Status
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW June 3, 2023, 5:21 p.m.	key_handle: 0x000002b4 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2560 called NtSetContextThread to modify thread in remote process 2648
NtSetContextThread June 3, 2023, 5:20 p.m.	registers.eip: 1995571652 registers.esp: 1638384 registers.edi: 0 registers.eax: 4246831 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000114 process_identifier: 2648	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2560 resumed a thread in remote process 2648
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x00000114 suspend_count: 1 process_identifier: 2648	1	0	0

Executed a process and injected code into it, probably while unpacking (37 events)

Time & API	Arguments	Status	Return
CreateProcessInternalW June 3, 2023, 5:20 p.m.	thread_identifier: 2652 thread_handle: 0x00000114 process_identifier: 2648 current_directory: filepath: C:\Users\test22\AppData\Local\Temp\setup.exe track: 1 command_line: "C:\Users\test22\AppData\Local\Temp\setup.exe" filepath_r: C:\Users\test22\AppData\Local\Temp\setup.exe stack_pivoted: 0 creation_flags: 134217732 (CREATE_NO_WINDOW\|CREATE_SUSPENDED) inherit_handles: 0 process_handle: 0x00000118	1	1
NtGetContextThread June 3, 2023, 5:20 p.m.	thread_handle: 0x00000114	1	0
NtUnmapViewOfSection June 3, 2023, 5:20 p.m.	base_address: 0x00400000 region_size: 4096 process_identifier: 2648 process_handle: 0x00000118	1	0
NtAllocateVirtualMemory June 3, 2023, 5:20 p.m.	process_identifier: 2648 region_size: 311296 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x00000118	1	0
WriteProcessMemory June 3, 2023, 5:20 p.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2648 process_handle: 0x00000118	1	1
NtSetContextThread June 3, 2023, 5:20 p.m.	registers.eip: 1995571652 registers.esp: 1638384 registers.edi: 0 registers.eax: 4246831 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x00000114 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x00000114 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x00000184 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x000001f8 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x00000234 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x000002bc suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread June 3, 2023, 5:20 p.m.	thread_handle: 0x0000018c	1	0
NtGetContextThread June 3, 2023, 5:20 p.m.	thread_handle: 0x0000018c	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x0000018c suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x000002fc suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x00000318 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x0000042c suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x00000450 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x000004c0 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x000004e0 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x000004f0 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x00000510 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x00000528 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x00000544 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x00000550 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x00000574 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x0000058c suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread June 3, 2023, 5:20 p.m.	thread_handle: 0x0000018c	1	0
NtGetContextThread June 3, 2023, 5:20 p.m.	thread_handle: 0x0000018c	1	0
NtGetContextThread June 3, 2023, 5:20 p.m.	thread_handle: 0x0000018c	1	0
NtSetContextThread June 3, 2023, 5:20 p.m.	registers.eip: 1921133444 registers.esp: 1632288 registers.edi: 66514944 registers.eax: 205652480 registers.ebp: 1632328 registers.edx: 92 registers.ebx: 0 registers.esi: 92 registers.ecx: 42212816 thread_handle: 0x0000018c process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x0000018c suspend_count: 1 process_identifier: 2648	1	0
NtGetContextThread June 3, 2023, 5:20 p.m.	thread_handle: 0x0000018c	1	0
NtGetContextThread June 3, 2023, 5:20 p.m.	thread_handle: 0x0000018c	1	0
NtResumeThread June 3, 2023, 5:20 p.m.	thread_handle: 0x0000018c suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:21 p.m.	thread_handle: 0x00000338 suspend_count: 1 process_identifier: 2648	1	0
NtResumeThread June 3, 2023, 5:21 p.m.	thread_handle: 0x00000544 suspend_count: 1 process_identifier: 2648	1	0

File has been identified by 42 AntiVirus engines on VirusTotal as malicious (42 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Yakes.4!c
MicroWorld-eScan	Gen:Variant.Zusy.470978
FireEye	Generic.mg.8072726bf6f29230
McAfee	Artemis!8072726BF6F2
Malwarebytes	Trojan.MalPack.GS
Sangfor	Trojan.Win32.Save.a
CrowdStrike	win/malicious_confidence_100% (W)
Alibaba	Trojan:Win32/Kryptik.49d0b4fd
Arcabit	Trojan.Zusy.D72FC2
Cyren	W32/Kryptik.JYI.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
Cynet	Malicious (score: 100)
APEX	Malicious
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Gen:Variant.Zusy.470978
Avast	Win32:RansomX-gen [Ransom]
Emsisoft	Gen:Variant.Zusy.470978 (B)
VIPRE	Gen:Variant.Zusy.470978
McAfee-GW-Edition	BehavesLike.Win32.VBObfus.fc
Trapmine	malicious.high.ml.score
Sophos	Troj/Krypt-XU
Ikarus	Trojan.Agent
Antiy-AVL	Trojan/Win32.Zenpak
Gridinsoft	Ransom.Win32.STOP.dg!n
Microsoft	Trojan:Win32/RedLine.EM!MTB
ZoneAlarm	UDS:DangerousObject.Multi.Generic
GData	Gen:Variant.Zusy.470978
Google	Detected
AhnLab-V3	Ransomware/Win.StopCrypt.R583596
VBA32	BScope.Backdoor.Tofsee
ALYac	Gen:Variant.Zusy.470978
MAX	malware (ai score=85)
Cylance	unsafe
Panda	Trj/Genetic.gen
Rising	Trojan.Generic@AI.100 (RDML:V9Ejg3PTEhrE5pkVVxhiWQ)
SentinelOne	Static AI - Malicious PE
Fortinet	W32/Kryptik.HTSA!tr
AVG	Win32:RansomX-gen [Ransom]
Cybereason	malicious.bf6f29
DeepInstinct	MALICIOUS

setup.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All