Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	June 22, 2023, 8:57 a.m.	June 22, 2023, 8:59 a.m.

Size	172.5KB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`b9676777f6b152c028969287f42931a0`
SHA256	`1fa8a4f8eecacafbb77113e58d39756e575b7e6efc4946ce9fb17fb8c5b37dd0`
CRC32	`8D6E8371`
ssdeep	`3072:Nhn3vIKp+dbr7ZKO7jYxNEaOr369Jh7bTuxti8e8h1:rp+tZvPnFjOJh7bTuxti`
Yara	UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check Win32_Trojan_PWS_Net_1_Zero - Win32 Trojan PWS .NET Azorult Is_DotNET_EXE - (no description) ConfuserEx_Zero - Confuser .NET PE_Header_Zero - PE File Signature IsPE32 - (no description)

Builddd.exe "C:\Users\test22\AppData\Local\Temp\Builddd.exe"
2572

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
89.23.101.91	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043233	ET MALWARE RedLine Stealer TCP CnC net.tcp Init	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 89.23.101.91:1487 -> 192.168.56.101:49162	2043234	ET MALWARE Redline Stealer TCP CnC - Id1Response	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected
TCP 192.168.56.101:49162 -> 89.23.101.91:1487	2043231	ET MALWARE Redline Stealer TCP CnC Activity	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Queries for the computername (12 events)

Time & API	Arguments	Status	Return
GetComputerNameW June 22, 2023, 8:57 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 8:57 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 8:57 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 8:57 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 8:57 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 8:57 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 8:57 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 8:57 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 8:57 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 8:57 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 8:57 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW June 22, 2023, 8:57 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (2 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent June 22, 2023, 8:57 a.m.			0	0
IsDebuggerPresent June 22, 2023, 8:57 a.m.			0	0

Uses Windows APIs to generate a cryptographic key (17 events)

Time & API	Arguments	Status	Return
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b210 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b210 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b210 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b210 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b290 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b290 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b190 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b190 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b190 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b190 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b190 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b210 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b210 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0079b410 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008695c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x008695c0 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey June 22, 2023, 8:57 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x00869a80 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Tries to locate where the browsers are installed (3 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file	C:\Program Files\Mozilla Firefox\firefox.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx June 22, 2023, 8:57 a.m.		1	1	0

One or more processes crashed (27 events)

Time & API	Arguments	Status
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0x579841 0x579643 0x577710 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x579978 registers.esp: 4320660 registers.edi: 4320712 registers.eax: 0 registers.ebp: 4320724 registers.edx: 8034088 registers.ebx: 4322156 registers.esi: 38183000 registers.ecx: 0	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa575d21 0xa575b82 0xa575a55 0xa574e48 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 74 a3 40 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa576962 registers.esp: 4318900 registers.edi: 4319200 registers.eax: 0 registers.ebp: 4319212 registers.edx: 71344472 registers.ebx: 4322156 registers.esi: 40641008 registers.ecx: 0	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a290 0xa5762ec 0xa575b82 0xa575a55 0xa574e48 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa57a2d3 registers.esp: 4319188 registers.edi: 4319532 registers.eax: 0 registers.ebp: 4319196 registers.edx: 0 registers.ebx: 4322156 registers.esi: 40641008 registers.ecx: 38490444	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa575d21 0xa575b82 0xa575a6d 0xa574e48 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 74 a3 40 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa576962 registers.esp: 4318900 registers.edi: 4319200 registers.eax: 0 registers.ebp: 4319212 registers.edx: 71344472 registers.ebx: 4322156 registers.esi: 37865968 registers.ecx: 0	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a290 0xa5762ec 0xa575b82 0xa575a6d 0xa574e48 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa57a2d3 registers.esp: 4319188 registers.edi: 4319532 registers.eax: 0 registers.ebp: 4319196 registers.edx: 0 registers.ebx: 4322156 registers.esi: 37865968 registers.ecx: 39920880	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa575d21 0xa575b82 0xa575a6d 0xa574e48 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 74 a3 40 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa576962 registers.esp: 4318900 registers.edi: 4319200 registers.eax: 0 registers.ebp: 4319212 registers.edx: 71344472 registers.ebx: 4322156 registers.esi: 37865968 registers.ecx: 0	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a290 0xa5762ec 0xa575b82 0xa575a6d 0xa574e48 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa57a2d3 registers.esp: 4319188 registers.edi: 4319532 registers.eax: 0 registers.ebp: 4319196 registers.edx: 0 registers.ebx: 4322156 registers.esi: 37865968 registers.ecx: 41350672	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a808 0xa57a659 0xa575a55 0xa575131 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 74 a3 40 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa576962 registers.esp: 4318876 registers.edi: 4319176 registers.eax: 0 registers.ebp: 4319188 registers.edx: 71344472 registers.ebx: 4322156 registers.esi: 37865968 registers.ecx: 0	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a290 0xa57ad9e 0xa57a659 0xa575a55 0xa575131 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa57a2d3 registers.esp: 4319164 registers.edi: 4319556 registers.eax: 0 registers.ebp: 4319172 registers.edx: 0 registers.ebx: 4322156 registers.esi: 37865968 registers.ecx: 42785544	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a808 0xa57a659 0xa575a6d 0xa575131 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 74 a3 40 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa576962 registers.esp: 4318876 registers.edi: 4319176 registers.eax: 0 registers.ebp: 4319188 registers.edx: 71344472 registers.ebx: 4322156 registers.esi: 37865968 registers.ecx: 0	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a290 0xa57ad9e 0xa57a659 0xa575a6d 0xa575131 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa57a2d3 registers.esp: 4319164 registers.edi: 4319556 registers.eax: 0 registers.ebp: 4319172 registers.edx: 0 registers.ebx: 4322156 registers.esi: 37865968 registers.ecx: 44135232	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a808 0xa57a659 0xa575a6d 0xa575131 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 74 a3 40 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa576962 registers.esp: 4318876 registers.edi: 4319176 registers.eax: 0 registers.ebp: 4319188 registers.edx: 71344472 registers.ebx: 4322156 registers.esi: 37865968 registers.ecx: 0	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a290 0xa57ad9e 0xa57a659 0xa575a6d 0xa575131 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa57a2d3 registers.esp: 4319164 registers.edi: 4319556 registers.eax: 0 registers.ebp: 4319172 registers.edx: 0 registers.ebx: 4322156 registers.esi: 37865968 registers.ecx: 38802644	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57b142 0xa57af51 0xa575a55 0xa575249 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 74 a3 40 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa576962 registers.esp: 4318928 registers.edi: 4319228 registers.eax: 0 registers.ebp: 4319240 registers.edx: 71344472 registers.ebx: 4322156 registers.esi: 37857228 registers.ecx: 0	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a290 0xa57b5aa 0xa57af51 0xa575a55 0xa575249 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa57a2d3 registers.esp: 4319216 registers.edi: 4319556 registers.eax: 0 registers.ebp: 4319224 registers.edx: 0 registers.ebx: 4322156 registers.esi: 37857228 registers.ecx: 40152452	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57b142 0xa57af51 0xa575a6d 0xa575249 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 74 a3 40 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa576962 registers.esp: 4318928 registers.edi: 4319228 registers.eax: 0 registers.ebp: 4319240 registers.edx: 71344472 registers.ebx: 4322156 registers.esi: 37857228 registers.ecx: 0	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a290 0xa57b5aa 0xa57af51 0xa575a6d 0xa575249 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa57a2d3 registers.esp: 4319216 registers.edi: 4319556 registers.eax: 0 registers.ebp: 4319224 registers.edx: 0 registers.ebx: 4322156 registers.esi: 37857228 registers.ecx: 41643248	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57b142 0xa57af51 0xa575a6d 0xa575249 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 74 a3 40 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa576962 registers.esp: 4318928 registers.edi: 4319228 registers.eax: 0 registers.ebp: 4319240 registers.edx: 71344472 registers.ebx: 4322156 registers.esi: 37857228 registers.ecx: 0	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a290 0xa57b5aa 0xa57af51 0xa575a6d 0xa575249 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa57a2d3 registers.esp: 4319216 registers.edi: 4319556 registers.eax: 0 registers.ebp: 4319224 registers.edx: 0 registers.ebx: 4322156 registers.esi: 37857228 registers.ecx: 38495744	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57ba1c 0xa57b839 0xa575a55 0xa57534f 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 74 a3 40 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa576962 registers.esp: 4318960 registers.edi: 4319260 registers.eax: 0 registers.ebp: 4319272 registers.edx: 71344472 registers.ebx: 4322156 registers.esi: 37857228 registers.ecx: 0	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a290 0xa57bddc 0xa57b839 0xa575a55 0xa57534f 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa57a2d3 registers.esp: 4319248 registers.edi: 4319556 registers.eax: 0 registers.ebp: 4319256 registers.edx: 0 registers.ebx: 4322156 registers.esi: 37857228 registers.ecx: 39986388	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57ba1c 0xa57b839 0xa575a6d 0xa57534f 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 74 a3 40 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa576962 registers.esp: 4318960 registers.edi: 4319260 registers.eax: 0 registers.ebp: 4319272 registers.edx: 71344472 registers.ebx: 4322156 registers.esi: 37857228 registers.ecx: 0	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a290 0xa57bddc 0xa57b839 0xa575a6d 0xa57534f 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa57a2d3 registers.esp: 4319248 registers.edi: 4319556 registers.eax: 0 registers.ebp: 4319256 registers.edx: 0 registers.ebx: 4322156 registers.esi: 37857228 registers.ecx: 41479480	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57ba1c 0xa57b839 0xa575a6d 0xa57534f 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 74 a3 40 04 89 85 04 ff ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa576962 registers.esp: 4318960 registers.edi: 4319260 registers.eax: 0 registers.ebp: 4319272 registers.edx: 71344472 registers.ebx: 4322156 registers.esi: 37857228 registers.ecx: 0	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a290 0xa57bddc 0xa57b839 0xa575a6d 0xa57534f 0xa574018 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa57a2d3 registers.esp: 4319248 registers.edi: 4319556 registers.eax: 0 registers.ebp: 4319256 registers.edx: 0 registers.ebx: 4322156 registers.esi: 37857228 registers.ecx: 38901280	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: 0xa57a290 0xa57d163 0xa57c70e 0xa574070 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3 exception.instruction: mov eax, dword ptr [eax + 4] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0xa57a2d3 registers.esp: 4320068 registers.edi: 4320332 registers.eax: 0 registers.ebp: 4320076 registers.edx: 0 registers.ebx: 4322156 registers.esi: 39442964 registers.ecx: 39449940	1
__exception__ June 22, 2023, 8:57 a.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x72951194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x72822ba1 mscorlib+0x36dd51 @ 0x71b4dd51 mscorlib+0x32fea6 @ 0x71b0fea6 mscorlib+0x30ab40 @ 0x71aeab40 0xa5775ad 0xa57fd82 0xa57f414 0xa57e6a1 0x57d9ff 0x577855 0x576f0b 0x573c6b 0x5735d9 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 4319680 registers.edi: 0 registers.eax: 4319680 registers.ebp: 4319760 registers.edx: 0 registers.ebx: 8199872 registers.esi: 8034088 registers.ecx: 1024663907	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 81 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 1638400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00a90000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00be0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 524288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004a0000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x004e0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002c2000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002dc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00570000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00571000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00572000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00573000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002f5000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002fb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002f7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002ca000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00574000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00575000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002cc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002e6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002ea000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002e7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002eb000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002da000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002ec000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002dd000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef58000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef58000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00576000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002ed000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002e8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0496f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04960000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04961000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00577000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00578000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00579000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0057a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0057b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0057c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x002fc000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0057d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory June 22, 2023, 8:57 a.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x04962000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Steals private information from local Internet browsers (6 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State

Checks for the Locally Unique Identifier on the system for a suspicious privilege (1 event)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW June 22, 2023, 8:57 a.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Queries for potentially installed applications (39 events)

Time & API	Arguments	Status
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x00000370 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: AddressBook base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: Connection Manager base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: DirectDrawEx base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: EditPlus base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: ENTERPRISE base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: Fontcore base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: Google Chrome base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: IE40 base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: IE4Data base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: IE5BAKEX base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: IEData base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: MobileOptionPack base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: SchedulingAgent base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: WIC base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExW June 22, 2023, 8:57 a.m.	regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x00000370 key_handle: 0x00000254 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1

Communicates with host for which no DNS query was performed (1 event)

host

89.23.101.91

Harvests credentials from local FTP client softwares (2 events)

file	C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Collects information about installed applications (27 events)

Time & API	Arguments	Status
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW June 22, 2023, 8:57 a.m.	key_handle: 0x00000254 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1

File has been identified by 48 AntiVirus engines on VirusTotal as malicious (48 events)

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Stealer.12!c
tehtris	Generic.Malware
MicroWorld-eScan	Generic.Dacic.F96EFD6C.A.A8E9AFBA
FireEye	Generic.mg.b9676777f6b152c0
McAfee	GenericRXVW-SF!B9676777F6B1
Malwarebytes	Generic.Spyware.Stealer.DDS
VIPRE	Generic.Dacic.F96EFD6C.A.A8E9AFBA
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Spyware ( 0059955a1 )
K7GW	Spyware ( 0059955a1 )
CrowdStrike	win/malicious_confidence_90% (W)
Arcabit	Generic.Dacic.F96EFD6C.A.A8E9AFBA
VirIT	Trojan.Win32.Genus.RAY
Cyren	W32/MSIL_Troj.CNJ.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
Elastic	Windows.Trojan.RedLineStealer
ESET-NOD32	a variant of MSIL/Spy.RedLine.A
Cynet	Malicious (score: 99)
APEX	Malicious
ClamAV	Win.Packed.Lazy-9958163-0
Kaspersky	HEUR:Trojan-Spy.MSIL.Stealer.gen
BitDefender	Generic.Dacic.F96EFD6C.A.A8E9AFBA
Avast	Win32:PWSX-gen [Trj]
Tencent	Trojan.MSIL.RedLine.kd
Sophos	Mal/Reline-F
F-Secure	Heuristic.HEUR/AGEN.1310591
DrWeb	Trojan.PWS.RedLineNET.7
Emsisoft	Generic.Dacic.F96EFD6C.A.A8E9AFBA (B)
Ikarus	Trojan-Spy.RedLineStealer
Avira	HEUR/AGEN.1310591
Gridinsoft	Ransom.Win32.STOP.dd!n
Microsoft	Trojan:MSIL/RedLine.RDCA!MTB
ZoneAlarm	HEUR:Trojan-Spy.MSIL.Stealer.gen
GData	MSIL.Trojan-Stealer.Redline.G
Google	Detected
AhnLab-V3	Trojan/Win.REDLINESTEALER.C5437064
Acronis	suspicious
ALYac	Generic.Dacic.F96EFD6C.A.A8E9AFBA
MAX	malware (ai score=82)
Cylance	unsafe
Rising	Stealer.Agent!1.E5F0 (CLASSIC)
SentinelOne	Static AI - Malicious PE
MaxSecure	Trojan.Malware.300983.susgen
Fortinet	MSIL/RedLine.A!tr
BitDefenderTheta	Gen:NN.ZemsilF.36270.km0@aWQAzae
AVG	Win32:PWSX-gen [Trj]
DeepInstinct	MALICIOUS

Builddd.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All