Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 14, 2023, 5:20 p.m.	Nov. 14, 2023, 5:24 p.m.

Size	4.2MB
Type	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5	`2b0ca4edd1b9b7c6c627798503e9805f`
SHA256	`ea410aaaf4d06dd7ed69e8ae303d70f3d0494ab8e3c62f68ed8b36c52b0b1631`
CRC32	`84F964DD`
ssdeep	`98304:s+G7hCmxd7b75pQA0LjsDJ6DAzrZmjuY0NjYa4Fydtkz0AaVO:270onmKY0N8x0tkz0VO`
PDB Path	kostenlos_testen_software.pdb
Yara	IsPE32 - (no description) PE_Header_Zero - PE File Signature Is_DotNET_EXE - (no description) anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

software.exe "C:\Users\test22\AppData\Local\Temp\software.exe"
2572
- RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  2772
  - taskkill.exe "taskkill.exe" /im chrome.exe /f
    3040

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
138.201.120.172	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 138.201.120.172:15648 -> 192.168.56.101:49165	2029217	ET MALWARE Arechclient2 Backdoor CnC Init	Malware Command and Control Activity Detected

Suricata TLS

No Suricata TLS

Queries for the computername (26 events)

Time & API	Arguments	Status	Return
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:21 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:21 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:21 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:21 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:21 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:21 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:21 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:21 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:21 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:21 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:21 p.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 14, 2023, 5:20 p.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (4 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 14, 2023, 5:20 p.m.			0	0
IsDebuggerPresent Nov. 14, 2023, 5:20 p.m.			0	0
IsDebuggerPresent Nov. 14, 2023, 5:20 p.m.			0	0
IsDebuggerPresent Nov. 14, 2023, 5:20 p.m.			0	0

Uses Windows APIs to generate a cryptographic key (15 events)

Time & API	Arguments	Status	Return
CryptExportKey Nov. 14, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0050bd18 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0050b418 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0050b418 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0050b5d8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0050b5d8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0050b518 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0073b288 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0073b288 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0073b148 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0073b5c8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0073b688 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:20 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0073b688 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:21 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0073bc08 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:21 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0073bc08 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 14, 2023, 5:21 p.m.	buffer: <INVALID POINTER> crypto_handle: 0x0073be08 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

This executable has a PDB path (1 event)

pdb_path

kostenlos_testen_software.pdb

Tries to locate where the browsers are installed (3 events)

file	C:\Program Files\Google\Chrome\Application\65.0.3325.181\
file	C:\Program Files\Mozilla Firefox\firefox.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 14, 2023, 5:20 p.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (1 event)

section

.sdata

The file contains an unknown PE resource name possibly indicative of a packer (3 events)

resource name	AFX_DIALOG_LAYOUT
resource name	XML
resource name	None

One or more processes crashed (22 events)

Time & API	Arguments	Status
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlDeleteBoundaryDescriptor+0x1b RtlAnsiStringToUnicodeString-0x2d ntdll+0x2e688 @ 0x76f3e688 RtlMultiByteToUnicodeN+0x11a RtlDeleteBoundaryDescriptor-0xe ntdll+0x2e65f @ 0x76f3e65f EtwEventRegister+0x17f EtwRegisterTraceGuidsW-0xa ntdll+0x3f839 @ 0x76f4f839 LdrGetProcedureAddressEx+0x11f wcsstr-0x99d ntdll+0x302ea @ 0x76f402ea LdrGetProcedureAddress+0x18 LdrGetProcedureAddressEx-0x9 ntdll+0x301c2 @ 0x76f401c2 New_ntdll_LdrGetProcedureAddress@16+0xcd New_ntdll_LdrLoadDll@16-0x87 @ 0x736ed3cd GetProcAddress+0x44 GetVersion-0x38 kernelbase+0x111c4 @ 0x759811c4 CreateAssemblyNameObject+0xe597 GetMetaDataInternalInterface-0x29ed8 clr+0x3ba30 @ 0x727dba30 CoUninitializeEE+0xa200 CreateAssemblyNameObject-0x3a55 clr+0x29a44 @ 0x727c9a44 CoUninitializeEE+0xa149 CreateAssemblyNameObject-0x3b0c clr+0x2998d @ 0x727c998d CoUninitializeEE+0xa055 CreateAssemblyNameObject-0x3c00 clr+0x29899 @ 0x727c9899 CoUninitializeEE+0x9fee CreateAssemblyNameObject-0x3c67 clr+0x29832 @ 0x727c9832 DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x727bbcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x727a2ae9 system+0x1eafc4 @ 0x7104afc4 0x4db2547 0xc20a80 system+0x1f9799 @ 0x70439799 system+0x1f92c8 @ 0x704392c8 system+0x1eca74 @ 0x7042ca74 system+0x1ec868 @ 0x7042c868 system+0x1f82b8 @ 0x704382b8 system+0x1ee54d @ 0x7042e54d system+0x1f70ea @ 0x704370ea system+0x1e56c0 @ 0x704256c0 system+0x1f8215 @ 0x70438215 system+0x1f6f75 @ 0x70436f75 system+0x1ee251 @ 0x7042e251 system+0x1ee229 @ 0x7042e229 system+0x1ee170 @ 0x7042e170 0x47a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetThreadDesktop+0x185 GetWindowLongW-0x216 user32+0x16de8 @ 0x75856de8 GetThreadDesktop+0x1e1 GetWindowLongW-0x1ba user32+0x16e44 @ 0x75856e44 KiUserCallbackDispatcher+0x2e KiUserExceptionDispatcher-0x1a ntdll+0x1011a @ 0x76f2011a system+0x1ebc85 @ 0x7042bc85 system+0x1f683b @ 0x7043683b system+0x1a5e44 @ 0x703e5e44 system+0x1fd8a0 @ 0x7043d8a0 system+0x1fd792 @ 0x7043d792 system+0x1a14bd @ 0x703e14bd 0xc2018f DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7415f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x741d7f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x741d4de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 89 30 8b 45 e0 8b 55 e4 8d 7e 08 f0 0f c7 0f 3b exception.symbol: RtlInitUnicodeString+0x1f3 RtlMultiByteToUnicodeN-0x14a ntdll+0x2e3fb exception.instruction: mov dword ptr [eax], esi exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189435 exception.address: 0x76f3e3fb registers.esp: 3990616 registers.edi: 3637444608 registers.eax: 763005745 registers.ebp: 3990668 registers.edx: 36700 registers.ebx: 3637453935 registers.esi: 64599225 registers.ecx: 2405191086	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x727a2170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x727a2195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x727a21a6 CoUninitializeEE+0xd8a2 CreateAssemblyNameObject-0x3b3 clr+0x2d0e6 @ 0x727cd0e6 DllGetActivationFactoryImpl+0x5d17 CreateApplicationContext-0x4825 clr+0xa24fe @ 0x728424fe mscorlib+0x2d54f0 @ 0x71ab54f0 mscorlib+0x2d54a5 @ 0x71ab54a5 mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlDeleteBoundaryDescriptor+0x1b RtlAnsiStringToUnicodeString-0x2d ntdll+0x2e688 @ 0x76f3e688 RtlMultiByteToUnicodeN+0x11a RtlDeleteBoundaryDescriptor-0xe ntdll+0x2e65f @ 0x76f3e65f EtwEventRegister+0x17f EtwRegisterTraceGuidsW-0xa ntdll+0x3f839 @ 0x76f4f839 LdrGetProcedureAddressEx+0x11f wcsstr-0x99d ntdll+0x302ea @ 0x76f402ea LdrGetProcedureAddress+0x18 LdrGetProcedureAddressEx-0x9 ntdll+0x301c2 @ 0x76f401c2 New_ntdll_LdrGetProcedureAddress@16+0xcd New_ntdll_LdrLoadDll@16-0x87 @ 0x736ed3cd GetProcAddress+0x44 GetVersion-0x38 kernelbase+0x111c4 @ 0x759811c4 CreateAssemblyNameObject+0xe597 GetMetaDataInternalInterface-0x29ed8 clr+0x3ba30 @ 0x727dba30 CoUninitializeEE+0xa200 CreateAssemblyNameObject-0x3a55 clr+0x29a44 @ 0x727c9a44 CoUninitializeEE+0xa149 CreateAssemblyNameObject-0x3b0c clr+0x2998d @ 0x727c998d CoUninitializeEE+0xa055 CreateAssemblyNameObject-0x3c00 clr+0x29899 @ 0x727c9899 CoUninitializeEE+0x9fee CreateAssemblyNameObject-0x3c67 clr+0x29832 @ 0x727c9832 DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x727bbcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x727a2ae9 system+0x1eafc4 @ 0x7104afc4 0x4db2547 0xc20a80 system+0x1f9799 @ 0x70439799 system+0x1f92c8 @ 0x704392c8 system+0x1eca74 @ 0x7042ca74 exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e exception.instruction: mov eax, dword ptr [esi + 4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189342 exception.address: 0x76f3e39e registers.esp: 3985420 registers.edi: 80406288 registers.eax: 5801152 registers.ebp: 3985472 registers.edx: 80406296 registers.ebx: 80406296 registers.esi: 58798483 registers.ecx: 5177344	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x736e3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x729334e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x72933682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x72935947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x72935b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x72935543 StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x72931e51 StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x72932004 mscorlib+0x355147 @ 0x71b35147 mscorlib+0x985c14 @ 0x72165c14 mscorlib+0x9b45cf @ 0x721945cf mscorlib+0xd224c1 @ 0x725024c1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x727a2170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x727a2195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x727a21a6 CoUninitializeEE+0xd8a2 CreateAssemblyNameObject-0x3b3 clr+0x2d0e6 @ 0x727cd0e6 DllGetActivationFactoryImpl+0x5d17 CreateApplicationContext-0x4825 clr+0xa24fe @ 0x728424fe mscorlib+0x2d54f0 @ 0x71ab54f0 mscorlib+0x2d54a5 @ 0x71ab54a5 mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e exception.instruction: mov eax, dword ptr [esi + 4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189342 exception.address: 0x76f3e39e registers.esp: 3977256 registers.edi: 80406288 registers.eax: 5801152 registers.ebp: 3977308 registers.edx: 80406296 registers.ebx: 80406296 registers.esi: 58798483 registers.ecx: 5177344	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x76f3e0d2 DllGetClassObjectInternal+0x3995f CorDllMainForThunk-0x52b9c clr+0xfe9d8 @ 0x7289e9d8 DllGetClassObjectInternal+0x3cb36 CorDllMainForThunk-0x4f9c5 clr+0x101baf @ 0x728a1baf DllGetClassObjectInternal+0x3cb02 CorDllMainForThunk-0x4f9f9 clr+0x101b7b @ 0x728a1b7b DllGetClassObjectInternal+0x3d036 CorDllMainForThunk-0x4f4c5 clr+0x1020af @ 0x728a20af DllGetClassObjectInternal+0x35473 CorDllMainForThunk-0x57088 clr+0xfa4ec @ 0x7289a4ec DllGetClassObjectInternal+0x354be CorDllMainForThunk-0x5703d clr+0xfa537 @ 0x7289a537 DllGetClassObjectInternal+0x3cc93 CorDllMainForThunk-0x4f868 clr+0x101d0c @ 0x728a1d0c DllGetClassObjectInternal+0x3c9d8 CorDllMainForThunk-0x4fb23 clr+0x101a51 @ 0x728a1a51 DllGetClassObjectInternal+0x34946 CorDllMainForThunk-0x57bb5 clr+0xf99bf @ 0x728999bf DllGetClassObjectInternal+0x349d3 CorDllMainForThunk-0x57b28 clr+0xf9a4c @ 0x72899a4c DllGetClassObjectInternal+0x34a2d CorDllMainForThunk-0x57ace clr+0xf9aa6 @ 0x72899aa6 DllGetClassObjectInternal+0x342b6 CorDllMainForThunk-0x58245 clr+0xf932f @ 0x7289932f DllGetClassObjectInternal+0x342eb CorDllMainForThunk-0x58210 clr+0xf9364 @ 0x72899364 DllGetClassObjectInternal+0x34567 CorDllMainForThunk-0x57f94 clr+0xf95e0 @ 0x728995e0 CreateAssemblyNameObject+0x2728d GetMetaDataInternalInterface-0x111e2 clr+0x54726 @ 0x727f4726 CreateAssemblyNameObject+0x2730f GetMetaDataInternalInterface-0x11160 clr+0x547a8 @ 0x727f47a8 DllGetClassObjectInternal+0x35622 CorDllMainForThunk-0x56ed9 clr+0xfa69b @ 0x7289a69b PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x71ab5f5f mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x736e3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89 exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189172 exception.address: 0x76f3e2f4 registers.esp: 3969900 registers.edi: 66 registers.eax: 80512184 registers.ebp: 3970032 registers.edx: 5207936 registers.ebx: 1904675101 registers.esi: 80512192 registers.ecx: 5801160	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x76f3e0d2 DllGetClassObjectInternal+0x3995f CorDllMainForThunk-0x52b9c clr+0xfe9d8 @ 0x7289e9d8 DllGetClassObjectInternal+0x3cb36 CorDllMainForThunk-0x4f9c5 clr+0x101baf @ 0x728a1baf DllGetClassObjectInternal+0x3cb02 CorDllMainForThunk-0x4f9f9 clr+0x101b7b @ 0x728a1b7b DllGetClassObjectInternal+0x3d036 CorDllMainForThunk-0x4f4c5 clr+0x1020af @ 0x728a20af DllGetClassObjectInternal+0x35473 CorDllMainForThunk-0x57088 clr+0xfa4ec @ 0x7289a4ec DllGetClassObjectInternal+0x354be CorDllMainForThunk-0x5703d clr+0xfa537 @ 0x7289a537 DllGetClassObjectInternal+0x3cc93 CorDllMainForThunk-0x4f868 clr+0x101d0c @ 0x728a1d0c DllGetClassObjectInternal+0x3c9d8 CorDllMainForThunk-0x4fb23 clr+0x101a51 @ 0x728a1a51 DllGetClassObjectInternal+0x34946 CorDllMainForThunk-0x57bb5 clr+0xf99bf @ 0x728999bf DllGetClassObjectInternal+0x349d3 CorDllMainForThunk-0x57b28 clr+0xf9a4c @ 0x72899a4c DllGetClassObjectInternal+0x34a2d CorDllMainForThunk-0x57ace clr+0xf9aa6 @ 0x72899aa6 DllGetClassObjectInternal+0x342b6 CorDllMainForThunk-0x58245 clr+0xf932f @ 0x7289932f DllGetClassObjectInternal+0x342eb CorDllMainForThunk-0x58210 clr+0xf9364 @ 0x72899364 DllGetClassObjectInternal+0x34567 CorDllMainForThunk-0x57f94 clr+0xf95e0 @ 0x728995e0 CreateAssemblyNameObject+0x2728d GetMetaDataInternalInterface-0x111e2 clr+0x54726 @ 0x727f4726 CreateAssemblyNameObject+0x2730f GetMetaDataInternalInterface-0x11160 clr+0x547a8 @ 0x727f47a8 DllGetClassObjectInternal+0x35622 CorDllMainForThunk-0x56ed9 clr+0xfa69b @ 0x7289a69b PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x71ab5f5f mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x736e3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89 exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 225032 exception.address: 0x76f46f08 registers.esp: 3969900 registers.edi: 1904675101 registers.eax: 80512184 registers.ebp: 3970032 registers.edx: 867500099 registers.ebx: 66 registers.esi: 80512192 registers.ecx: 5801160	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllGetClassObjectInternal+0x3c526 CorDllMainForThunk-0x4ffd5 clr+0x10159f @ 0x728a159f DllGetClassObjectInternal+0x3c549 CorDllMainForThunk-0x4ffb2 clr+0x1015c2 @ 0x728a15c2 DllGetClassObjectInternal+0x3d9ef CorDllMainForThunk-0x4eb0c clr+0x102a68 @ 0x728a2a68 DllGetClassObjectInternal+0x3dbca CorDllMainForThunk-0x4e931 clr+0x102c43 @ 0x728a2c43 DllGetClassObjectInternal+0x3dbe2 CorDllMainForThunk-0x4e919 clr+0x102c5b @ 0x728a2c5b DllGetClassObjectInternal+0x3df55 CorDllMainForThunk-0x4e5a6 clr+0x102fce @ 0x728a2fce DllGetClassObjectInternal+0x3dab1 CorDllMainForThunk-0x4ea4a clr+0x102b2a @ 0x728a2b2a DllGetClassObjectInternal+0x3da8e CorDllMainForThunk-0x4ea6d clr+0x102b07 @ 0x728a2b07 DllGetClassObjectInternal+0x349d3 CorDllMainForThunk-0x57b28 clr+0xf9a4c @ 0x72899a4c DllGetClassObjectInternal+0x34a2d CorDllMainForThunk-0x57ace clr+0xf9aa6 @ 0x72899aa6 DllGetClassObjectInternal+0x342b6 CorDllMainForThunk-0x58245 clr+0xf932f @ 0x7289932f DllGetClassObjectInternal+0x342eb CorDllMainForThunk-0x58210 clr+0xf9364 @ 0x72899364 DllGetClassObjectInternal+0x34567 CorDllMainForThunk-0x57f94 clr+0xf95e0 @ 0x728995e0 CreateAssemblyNameObject+0x2728d GetMetaDataInternalInterface-0x111e2 clr+0x54726 @ 0x727f4726 CreateAssemblyNameObject+0x2730f GetMetaDataInternalInterface-0x11160 clr+0x547a8 @ 0x727f47a8 DllGetClassObjectInternal+0x35622 CorDllMainForThunk-0x56ed9 clr+0xfa69b @ 0x7289a69b PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x71ab5f5f mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x736e3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c exception.instruction_r: 89 30 8b 45 e0 8b 55 e4 8d 7e 08 f0 0f c7 0f 3b exception.symbol: RtlInitUnicodeString+0x1f3 RtlMultiByteToUnicodeN-0x14a ntdll+0x2e3fb exception.instruction: mov dword ptr [eax], esi exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189435 exception.address: 0x76f3e3fb registers.esp: 3970328 registers.edi: 3585671168 registers.eax: 1034837105 registers.ebp: 3970380 registers.edx: 22329 registers.ebx: 3585671666 registers.esi: 64599890 registers.ecx: 1463355358	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x727a2170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x727a2195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x727a21a6 CoUninitializeEE+0xd8a2 CreateAssemblyNameObject-0x3b3 clr+0x2d0e6 @ 0x727cd0e6 CoUninitializeEE+0xd911 CreateAssemblyNameObject-0x344 clr+0x2d155 @ 0x727cd155 LoadStringRCEx+0x2a3 LookupHistoryAssembly-0x184 clr+0x1d736e @ 0x7297736e _EH_prolog+0x6f _inp-0x39 msvcr110_clr0400+0x29e7 @ 0x735f29e7 PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x71ab5f5f mscorlib+0x2d5c33 @ 0x71ab5c33 mscorlib+0x2d7894 @ 0x71ab7894 mscorlib+0x2d74ff @ 0x71ab74ff mscorlib+0x2d71c3 @ 0x71ab71c3 mscorlib+0x2d6c3c @ 0x71ab6c3c mscorlib+0x2fcfb1 @ 0x71adcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x736e3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x729334e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x72933682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x72935947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x72935b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x72935543 StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x72931e51 StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x72932004 mscorlib+0x355147 @ 0x71b35147 mscorlib+0x985c14 @ 0x72165c14 exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e exception.instruction: mov eax, dword ptr [esi + 4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189342 exception.address: 0x76f3e39e registers.esp: 3966688 registers.edi: 80406288 registers.eax: 5801152 registers.ebp: 3966740 registers.edx: 80406296 registers.ebx: 80406296 registers.esi: 58798483 registers.ecx: 5177344	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: DllGetClassObjectInternal+0x5f11f CorDllMainForThunk-0x2d3dc clr+0x124198 @ 0x728c4198 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x736e3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x729334e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x72933682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x72935947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x72935b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x72935543 StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x72931e51 StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x72932004 mscorlib+0x355147 @ 0x71b35147 mscorlib+0x985c14 @ 0x72165c14 mscorlib+0x9b45cf @ 0x721945cf mscorlib+0xd224c1 @ 0x725024c1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x71adce7e mscorlib+0x2fcd8c @ 0x71adcd8c mscorlib+0x2fcd0b @ 0x71adcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x7219c1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x736f482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x727a2170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x727a2195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x727a21a6 CoUninitializeEE+0xd8a2 CreateAssemblyNameObject-0x3b3 clr+0x2d0e6 @ 0x727cd0e6 DllGetActivationFactoryImpl+0x5d17 CreateApplicationContext-0x4825 clr+0xa24fe @ 0x728424fe mscorlib+0x2d54f0 @ 0x71ab54f0 exception.instruction_r: 81 38 05 00 00 c0 0f 84 92 1f 10 00 8b c7 5f c9 exception.instruction: cmp dword ptr [eax], 0xc0000005 exception.exception_code: 0xc0000005 exception.symbol: DllGetClassObjectInternal+0x5dc89 CorDllMainForThunk-0x2e872 clr+0x122d02 exception.address: 0x728c2d02 registers.esp: 3974924 registers.edi: 0 registers.eax: 0 registers.ebp: 3974960 registers.edx: 5349224 registers.ebx: 3982536 registers.esi: 5349616 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: 0x54714b2 0x4f2e9bb 0x4f2c74f 0x4f2c1cd 0x4f2b2d1 0x4f29df1 0x4f21efa 0x212d0bb 0x2125497 0x21246f5 0x21242f0 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 bc 8b 45 bc 89 45 b8 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5471767 registers.esp: 78503540 registers.edi: 78503604 registers.eax: 0 registers.ebp: 78503616 registers.edx: 8155696 registers.ebx: 1090824891 registers.esi: 38890356 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: 0x547bc9c 0x547bae9 0x547b9f6 0x547a37a 0x5477ea9 0x5472101 0x4f2c907 0x4f2c1cd 0x4f2b2d1 0x4f29df1 0x4f21efa 0x212d0bb 0x2125497 0x21246f5 0x21242f0 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 3b 38 05 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x547d249 registers.esp: 78501528 registers.edi: 78502036 registers.eax: 0 registers.ebp: 78502048 registers.edx: 87570848 registers.ebx: 5 registers.esi: 39169756 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: 0x547bc9c 0x547bae9 0x547ba0e 0x547a37a 0x5477ea9 0x5472101 0x4f2c907 0x4f2c1cd 0x4f2b2d1 0x4f29df1 0x4f21efa 0x212d0bb 0x2125497 0x21246f5 0x21242f0 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 3b 38 05 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x547d249 registers.esp: 78501528 registers.edi: 78502036 registers.eax: 0 registers.ebp: 78502048 registers.edx: 87570848 registers.ebx: 5 registers.esi: 39169756 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: 0x547bc9c 0x547bae9 0x547ba0e 0x547a37a 0x5477ea9 0x5472101 0x4f2c907 0x4f2c1cd 0x4f2b2d1 0x4f29df1 0x4f21efa 0x212d0bb 0x2125497 0x21246f5 0x21242f0 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 3b 38 05 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x547d249 registers.esp: 78501528 registers.edi: 78502036 registers.eax: 0 registers.ebp: 78502048 registers.edx: 87570848 registers.ebx: 5 registers.esi: 39169756 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: 0x5f26ec9 0x5f26b35 0x547b9f6 0x547a480 0x5477ea9 0x5472101 0x4f2c907 0x4f2c1cd 0x4f2b2d1 0x4f29df1 0x4f21efa 0x212d0bb 0x2125497 0x21246f5 0x21242f0 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 3b 38 05 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x547d249 registers.esp: 78501224 registers.edi: 78501732 registers.eax: 0 registers.ebp: 78501744 registers.edx: 87570848 registers.ebx: 5 registers.esi: 38074828 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: 0x5f26ec9 0x5f26b35 0x547ba0e 0x547a480 0x5477ea9 0x5472101 0x4f2c907 0x4f2c1cd 0x4f2b2d1 0x4f29df1 0x4f21efa 0x212d0bb 0x2125497 0x21246f5 0x21242f0 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 3b 38 05 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x547d249 registers.esp: 78501224 registers.edi: 78501732 registers.eax: 0 registers.ebp: 78501744 registers.edx: 87570848 registers.ebx: 5 registers.esi: 38074828 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: 0x5f26ec9 0x5f26b35 0x547ba0e 0x547a480 0x5477ea9 0x5472101 0x4f2c907 0x4f2c1cd 0x4f2b2d1 0x4f29df1 0x4f21efa 0x212d0bb 0x2125497 0x21246f5 0x21242f0 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 3b 38 05 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x547d249 registers.esp: 78501224 registers.edi: 78501732 registers.eax: 0 registers.ebp: 78501744 registers.edx: 87570848 registers.ebx: 5 registers.esi: 38074828 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: 0x5f29140 0x5f28f59 0x547b9f6 0x547a56d 0x5477ea9 0x5472101 0x4f2c907 0x4f2c1cd 0x4f2b2d1 0x4f29df1 0x4f21efa 0x212d0bb 0x2125497 0x21246f5 0x21242f0 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 3b 38 05 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x547d249 registers.esp: 78501640 registers.edi: 78502148 registers.eax: 0 registers.ebp: 78502160 registers.edx: 87570848 registers.ebx: 5 registers.esi: 38074828 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: 0x5f29140 0x5f28f59 0x547ba0e 0x547a56d 0x5477ea9 0x5472101 0x4f2c907 0x4f2c1cd 0x4f2b2d1 0x4f29df1 0x4f21efa 0x212d0bb 0x2125497 0x21246f5 0x21242f0 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 3b 38 05 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x547d249 registers.esp: 78501640 registers.edi: 78502148 registers.eax: 0 registers.ebp: 78502160 registers.edx: 87570848 registers.ebx: 5 registers.esi: 38074828 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: 0x5f29140 0x5f28f59 0x547ba0e 0x547a56d 0x5477ea9 0x5472101 0x4f2c907 0x4f2c1cd 0x4f2b2d1 0x4f29df1 0x4f21efa 0x212d0bb 0x2125497 0x21246f5 0x21242f0 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 3b 38 05 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x547d249 registers.esp: 78501640 registers.edi: 78502148 registers.eax: 0 registers.ebp: 78502160 registers.edx: 87570848 registers.ebx: 5 registers.esi: 38074828 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: 0x5f29b59 0x5f2998c 0x547b9f6 0x547a6bc 0x5477ea9 0x5472101 0x4f2c907 0x4f2c1cd 0x4f2b2d1 0x4f29df1 0x4f21efa 0x212d0bb 0x2125497 0x21246f5 0x21242f0 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 3b 38 05 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x547d249 registers.esp: 78501216 registers.edi: 78501724 registers.eax: 0 registers.ebp: 78501736 registers.edx: 87570848 registers.ebx: 5 registers.esi: 38074828 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: 0x5f29b59 0x5f2998c 0x547ba0e 0x547a6bc 0x5477ea9 0x5472101 0x4f2c907 0x4f2c1cd 0x4f2b2d1 0x4f29df1 0x4f21efa 0x212d0bb 0x2125497 0x21246f5 0x21242f0 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 3b 38 05 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x547d249 registers.esp: 78501216 registers.edi: 78501724 registers.eax: 0 registers.ebp: 78501736 registers.edx: 87570848 registers.ebx: 5 registers.esi: 38074828 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:20 p.m.	stacktrace: 0x5f29b59 0x5f2998c 0x547ba0e 0x547a6bc 0x5477ea9 0x5472101 0x4f2c907 0x4f2c1cd 0x4f2b2d1 0x4f29df1 0x4f21efa 0x212d0bb 0x2125497 0x21246f5 0x21242f0 system+0x205d05 @ 0x71065d05 system+0x205cdf @ 0x71065cdf mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 system+0x205c60 @ 0x71065c60 system+0x205467 @ 0x71065467 mscorlib+0x34bb1e @ 0x71b2bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 10 3b 38 05 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x547d249 registers.esp: 78501216 registers.edi: 78501724 registers.eax: 0 registers.ebp: 78501736 registers.edx: 87570848 registers.ebx: 5 registers.esi: 38070992 registers.ecx: 0	1
__exception__ Nov. 14, 2023, 5:21 p.m.	stacktrace: 0x54714b2 0x4f2e9bb 0x4f2c74f 0x4f2c1cd 0x68ccbde 0x61fa254 0x61f8790 mscorlib+0x30c9ff @ 0x71aec9ff mscorlib+0x302367 @ 0x71ae2367 mscorlib+0x3022a6 @ 0x71ae22a6 mscorlib+0x302261 @ 0x71ae2261 mscorlib+0x30ca7c @ 0x71aeca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 bc 8b 45 bc 89 45 b8 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5471767 registers.esp: 115860032 registers.edi: 115860096 registers.eax: 0 registers.ebp: 115860108 registers.edx: 8432824 registers.ebx: 7642 registers.esi: 44222336 registers.ecx: 0	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

Allocates read-write-execute memory (usually to unpack itself) (50 out of 208 events)

Time & API	Arguments	Status
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 1638400 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00750000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008a0000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x727a2000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 1572864 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c00000 allocation_type: 8192 (MEM_RESERVE) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00d40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00462000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00495000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0049b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00497000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047d000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047e000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c00000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c01000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c02000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c03000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c04000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c20000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 327680 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef50000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef58000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 65536 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 1056768 (MEM_RESERVE\|MEM_TOP_DOWN) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7ef40000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0048a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00487000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0047a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6fa22000 process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00486000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c21000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c25000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 12288 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c26000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c29000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0046c000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008a1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008a3000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008a4000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008a6000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008a7000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008a8000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 16384 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008a9000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 69632 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008ad000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008be000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c05000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 8192 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008bf000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x008c1000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2572 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00c2a000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1

Steals private information from local Internet browsers (9 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ckpaelocniggkheibcacecnmmlmeodfa
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn

Creates executable files on the filesystem (4 events)

file	C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll
file	C:\ProgramData\GoogleDriveAdvodrs\jquery.js
file	C:\ProgramData\GoogleDriveAdvodrs\background.js
file	C:\ProgramData\GoogleDriveAdvodrs\content.js

Drops an executable to the user AppData folder (1 event)

file	C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll

Executes one or more WMI queries (1 event)

wmi	SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "chrome.exe")

A process created a hidden window (1 event)

Time & API	Arguments	Status	Return	Repeated
CreateProcessInternalW Nov. 14, 2023, 5:20 p.m.	thread_identifier: 3044 thread_handle: 0x0000043c process_identifier: 3040 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: "taskkill.exe" /im chrome.exe /f filepath_r: stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) inherit_handles: 1 process_handle: 0x0000044c	1	1	0

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Nov. 14, 2023, 5:20 p.m.	flags: 1158 family: 0	1	0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00387c00', u'virtual_address': u'0x00002000', u'entropy': 7.6646240275445825, u'name': u'.text', u'virtual_size': u'0x00387ac4'}

entropy

7.66462402754

description

A section with a high entropy has been found

entropy

0.834680212422

description

Overall entropy of this PE file is high

Checks for the Locally Unique Identifier on the system for a suspicious privilege (2 events)

Time & API	Arguments	Status	Return	Repeated
LookupPrivilegeValueW Nov. 14, 2023, 5:20 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0
LookupPrivilegeValueW Nov. 14, 2023, 5:20 p.m.	system_name: privilege_name: SeDebugPrivilege	1	1	0

Yara rule detected in process memory (9 events)

description	PWS Memory	rule	Generic_PWS_Memory_Zero
description	(no description)	rule	DebuggerCheck__GlobalFlags
description	(no description)	rule	DebuggerCheck__QueryInfo
description	(no description)	rule	DebuggerHiding__Thread
description	(no description)	rule	DebuggerHiding__Active
description	(no description)	rule	ThreadControl__Context
description	(no description)	rule	SEH__vectored
description	Checks if being debugged	rule	anti_dbg
description	Bypass DEP	rule	disable_dep

Queries for potentially installed applications (50 out of 78 events)

Time & API	Arguments	Status
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x0000021c options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: AddressBook base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: Connection Manager base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: DirectDrawEx base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: EditPlus base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: ENTERPRISE base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: Fontcore base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: Google Chrome base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: IE40 base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: IE4Data base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: IE5BAKEX base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: IEData base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: MobileOptionPack base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: SchedulingAgent base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: WIC base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {01B845D4-B73E-4CF7-A377-94BC7BB4F77B} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {1D91F7DA-F517-4727-9E62-B7EA978BE980} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-0015-0412-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-0016-0412-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-0018-0412-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-0019-0412-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-001A-0412-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-001B-0412-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-001F-0409-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-001F-0412-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-0028-0412-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-002C-0412-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-0030-0000-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-0044-0412-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-006E-0409-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-006E-0412-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-00A1-0412-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-00BA-0409-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {90120000-0114-0412-0000-0000000FF1CE} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {939659F3-71D2-461F-B24D-91D05A4389B4} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {9B84A461-3B4C-40E2-B44F-CE22E215EE40} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}	1
RegOpenKeyExW Nov. 14, 2023, 5:20 p.m.	regkey_r: {d992c12e-cab2-426f-bde3-fb8c53950b0d} base_handle: 0x0000021c key_handle: 0x00000210 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}	1
RegOpenKeyExW Nov. 14, 2023, 5:21 p.m.	regkey_r: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall base_handle: 0x80000002 key_handle: 0x00000420 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall	1
RegOpenKeyExW Nov. 14, 2023, 5:21 p.m.	regkey_r: AddressBook base_handle: 0x00000420 key_handle: 0x00000404 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook	1
RegOpenKeyExW Nov. 14, 2023, 5:21 p.m.	regkey_r: Connection Manager base_handle: 0x00000420 key_handle: 0x00000404 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager	1
RegOpenKeyExW Nov. 14, 2023, 5:21 p.m.	regkey_r: DirectDrawEx base_handle: 0x00000420 key_handle: 0x00000404 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx	1
RegOpenKeyExW Nov. 14, 2023, 5:21 p.m.	regkey_r: EditPlus base_handle: 0x00000420 key_handle: 0x00000404 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus	1
RegOpenKeyExW Nov. 14, 2023, 5:21 p.m.	regkey_r: ENTERPRISE base_handle: 0x00000420 key_handle: 0x00000404 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE	1
RegOpenKeyExW Nov. 14, 2023, 5:21 p.m.	regkey_r: Fontcore base_handle: 0x00000420 key_handle: 0x00000404 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore	1
RegOpenKeyExW Nov. 14, 2023, 5:21 p.m.	regkey_r: Google Chrome base_handle: 0x00000420 key_handle: 0x00000404 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome	1
RegOpenKeyExW Nov. 14, 2023, 5:21 p.m.	regkey_r: Haansoft HWord 80 Korean base_handle: 0x00000420 key_handle: 0x00000404 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean	1
RegOpenKeyExW Nov. 14, 2023, 5:21 p.m.	regkey_r: IE40 base_handle: 0x00000420 key_handle: 0x00000404 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40	1
RegOpenKeyExW Nov. 14, 2023, 5:21 p.m.	regkey_r: IE4Data base_handle: 0x00000420 key_handle: 0x00000404 options: 0 access: 0x00020019 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data	1

Terminates another process (2 events)

Time & API	Arguments	Status	Return	Repeated
NtTerminateProcess Nov. 14, 2023, 5:20 p.m.	status_code: 0x00000000 process_identifier: 2736 process_handle: 0x000002c4		0	0
NtTerminateProcess Nov. 14, 2023, 5:20 p.m.	status_code: 0x00000000 process_identifier: 2736 process_handle: 0x000002c4	1	0	0

Uses Windows utilities for basic Windows functionality (1 event)

cmdline

"taskkill.exe" /im chrome.exe /f

Communicates with host for which no DNS query was performed (1 event)

host

138.201.120.172

Allocates execute permission to another process indicative of possible code injection (2 events)

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2736 region_size: 860160 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002c4		3221225496	0
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2772 region_size: 860160 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002c8	1	0	0

Looks for the Windows Idle Time to determine the uptime (1 event)

Time & API	Arguments	Status	Return	Repeated
NtQuerySystemInformation Nov. 14, 2023, 5:20 p.m.	information_class: 8 (SystemProcessorPerformanceInformation)	1	0	0

A process attempted to delay the analysis task. (1 event)

description

RegSvcs.exe tried to sleep 2728193 seconds, actually delayed analysis time by 2728193 seconds

Harvests credentials from local FTP client softwares (2 events)

file	C:\Users\test22\AppData\Roaming\FileZilla\sitemanager.xml
file	C:\Users\test22\AppData\Roaming\FileZilla\recentservers.xml

Manipulates memory of a non-child process indicative of process injection (3 events)

Time & API	Arguments	Return	Repeated
Process injection	Process 2572 manipulating memory of non-child process 2736
NtUnmapViewOfSection Nov. 14, 2023, 5:20 p.m.	base_address: 0x00400000 region_size: 315392 process_identifier: 2736 process_handle: 0x000002c4	3221225497	0
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2736 region_size: 860160 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002c4	3221225496	0

Potential code injection by writing to the memory of another process (4 events)

Time & API	Arguments	Status	Return
WriteProcessMemory Nov. 14, 2023, 5:20 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELö#Oeà°>Ï @ ðÎKà H.textD¯ ° `.rsrcà²@@.reloc ¸@B base_address: 0x00400000 process_identifier: 2772 process_handle: 0x000002c8	1	1
WriteProcessMemory Nov. 14, 2023, 5:20 p.m.	buffer: P8h àÔtãêÔ4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°4StringFileInfo000004b0Comments"CompanyNameFileDescription0FileVersion1.0.0.08InternalNamebladfin.exe&LegalCopyrightLegalTrademarks@OriginalFilenamebladfin.exe"ProductName4ProductVersion1.0.0.08Assembly Version1.0.0.0ï»¿<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly> base_address: 0x004ce000 process_identifier: 2772 process_handle: 0x000002c8	1	1
WriteProcessMemory Nov. 14, 2023, 5:20 p.m.	buffer: À@? base_address: 0x004d0000 process_identifier: 2772 process_handle: 0x000002c8	1	1
WriteProcessMemory Nov. 14, 2023, 5:20 p.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2772 process_handle: 0x000002c8	1	1

Code injection by writing an executable or DLL to the memory of another process (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteProcessMemory Nov. 14, 2023, 5:20 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELö#Oeà°>Ï @ ðÎKà H.textD¯ ° `.rsrcà²@@.reloc ¸@B base_address: 0x00400000 process_identifier: 2772 process_handle: 0x000002c8	1	1	0

Collects information about installed applications (50 out of 54 events)

Time & API	Arguments	Status
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove Setup Metadata MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0114-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 ActiveX regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{939659F3-71D2-461F-B24D-91D05A4389B4}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Adobe Flash Player 13 NPAPI regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B84A461-3B4C-40E2-B44F-CE22E215EE40}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:20 p.m.	key_handle: 0x00000210 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d992c12e-cab2-426f-bde3-fb8c53950b0d}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: EditPlus regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EditPlus\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ENTERPRISE\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Chrome regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Haansoft HWord 80 Korean\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: HttpWatch Professional 9.3.39 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: 한컴오피스 한글 2010 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D91F7DA-F517-4727-9E62-B7EA978BE980}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Google Update Helper regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Access MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0015-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Excel MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0016-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office PowerPoint MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0018-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Publisher MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0019-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Outlook MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001A-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Word MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001B-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proof (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-001F-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office IME (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0028-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Proofing (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-002C-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Enterprise 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0030-0000-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office InfoPath MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0044-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0409-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Shared MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-006E-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office OneNote MUI (Korean) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00A1-0412-0000-0000000FF1CE}\DisplayName	1
RegQueryValueExW Nov. 14, 2023, 5:21 p.m.	key_handle: 0x00000404 regkey_r: DisplayName reg_type: 1 (REG_SZ) value: Microsoft Office Groove MUI (English) 2007 regkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00BA-0409-0000-0000000FF1CE}\DisplayName	1

Used NtSetContextThread to modify a thread in a remote process indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2572 called NtSetContextThread to modify thread in remote process 2772
NtSetContextThread Nov. 14, 2023, 5:20 p.m.	registers.eip: 1995571652 registers.esp: 1767564 registers.edi: 0 registers.eax: 5033790 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000002cc process_identifier: 2772	1	0	0

Resumed a suspended thread in a remote process potentially indicative of process injection (2 events)

Time & API	Arguments	Status	Return	Repeated
Process injection	Process 2572 resumed a thread in remote process 2772
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x000002cc suspend_count: 1 process_identifier: 2772	1	0	0

Executed a process and injected code into it, probably while unpacking (39 events)

Time & API	Arguments	Status	Return
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x000000e0 suspend_count: 1 process_identifier: 2572	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x00000158 suspend_count: 1 process_identifier: 2572	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x00000194 suspend_count: 1 process_identifier: 2572	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x00000240 suspend_count: 1 process_identifier: 2572	1	0
CreateProcessInternalW Nov. 14, 2023, 5:20 p.m.	thread_identifier: 2740 thread_handle: 0x000002c0 process_identifier: 2736 current_directory: filepath: track: 1 command_line: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe filepath_r: stack_pivoted: 0 creation_flags: 564 (CREATE_NEW_CONSOLE\|CREATE_NEW_PROCESS_GROUP\|CREATE_SUSPENDED\|NORMAL_PRIORITY_CLASS) inherit_handles: 0 process_handle: 0x000002c4	1	1
NtUnmapViewOfSection Nov. 14, 2023, 5:20 p.m.	base_address: 0x00400000 region_size: 315392 process_identifier: 2736 process_handle: 0x000002c4		3221225497
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2736 region_size: 860160 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002c4		3221225496
CreateProcessInternalW Nov. 14, 2023, 5:20 p.m.	thread_identifier: 2776 thread_handle: 0x000002cc process_identifier: 2772 current_directory: filepath: track: 1 command_line: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe filepath_r: stack_pivoted: 0 creation_flags: 564 (CREATE_NEW_CONSOLE\|CREATE_NEW_PROCESS_GROUP\|CREATE_SUSPENDED\|NORMAL_PRIORITY_CLASS) inherit_handles: 0 process_handle: 0x000002c8	1	1
NtUnmapViewOfSection Nov. 14, 2023, 5:20 p.m.	base_address: 0x00400000 region_size: 1989345280 process_identifier: 2772 process_handle: 0x000002c8		3221225497
NtAllocateVirtualMemory Nov. 14, 2023, 5:20 p.m.	process_identifier: 2772 region_size: 860160 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x00400000 allocation_type: 12288 (MEM_COMMIT\|MEM_RESERVE) process_handle: 0x000002c8	1	0
WriteProcessMemory Nov. 14, 2023, 5:20 p.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PELö#Oeà°>Ï @ ðÎKà H.textD¯ ° `.rsrcà²@@.reloc ¸@B base_address: 0x00400000 process_identifier: 2772 process_handle: 0x000002c8	1	1
WriteProcessMemory Nov. 14, 2023, 5:20 p.m.	buffer: base_address: 0x00402000 process_identifier: 2772 process_handle: 0x000002c8	1	1
WriteProcessMemory Nov. 14, 2023, 5:20 p.m.	buffer: P8h àÔtãêÔ4VS_VERSION_INFO½ïþ?DVarFileInfo$Translation°4StringFileInfo000004b0Comments"CompanyNameFileDescription0FileVersion1.0.0.08InternalNamebladfin.exe&LegalCopyrightLegalTrademarks@OriginalFilenamebladfin.exe"ProductName4ProductVersion1.0.0.08Assembly Version1.0.0.0ï»¿<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly> base_address: 0x004ce000 process_identifier: 2772 process_handle: 0x000002c8	1	1
WriteProcessMemory Nov. 14, 2023, 5:20 p.m.	buffer: À@? base_address: 0x004d0000 process_identifier: 2772 process_handle: 0x000002c8	1	1
NtGetContextThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x000002cc	1	0
WriteProcessMemory Nov. 14, 2023, 5:20 p.m.	buffer: @ base_address: 0x7efde008 process_identifier: 2772 process_handle: 0x000002c8	1	1
NtSetContextThread Nov. 14, 2023, 5:20 p.m.	registers.eip: 1995571652 registers.esp: 1767564 registers.edi: 0 registers.eax: 5033790 registers.ebp: 0 registers.edx: 0 registers.ebx: 2130567168 registers.esi: 0 registers.ecx: 0 thread_handle: 0x000002cc process_identifier: 2772	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x000002cc suspend_count: 1 process_identifier: 2772	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x000000dc suspend_count: 1 process_identifier: 2772	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x00000154 suspend_count: 1 process_identifier: 2772	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x00000194 suspend_count: 1 process_identifier: 2772	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x0000028c suspend_count: 1 process_identifier: 2772	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x000002a0 suspend_count: 1 process_identifier: 2772	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x000003a4 suspend_count: 1 process_identifier: 2772	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x0000024c suspend_count: 1 process_identifier: 2772	1	0
NtGetContextThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x0000028c	1	0
NtGetContextThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x0000028c	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x0000028c suspend_count: 1 process_identifier: 2772	1	0
NtGetContextThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x0000028c	1	0
NtGetContextThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x0000028c	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x0000028c suspend_count: 1 process_identifier: 2772	1	0
NtGetContextThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x0000028c	1	0
NtGetContextThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x0000028c	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x0000028c suspend_count: 1 process_identifier: 2772	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x000003dc suspend_count: 1 process_identifier: 2772	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x000003fc suspend_count: 1 process_identifier: 2772	1	0
NtResumeThread Nov. 14, 2023, 5:20 p.m.	thread_handle: 0x0000041c suspend_count: 1 process_identifier: 2772	1	0
CreateProcessInternalW Nov. 14, 2023, 5:20 p.m.	thread_identifier: 3044 thread_handle: 0x0000043c process_identifier: 3040 current_directory: C:\Users\test22\AppData\Local\Temp filepath: track: 1 command_line: "taskkill.exe" /im chrome.exe /f filepath_r: stack_pivoted: 0 creation_flags: 134217728 (CREATE_NO_WINDOW) inherit_handles: 1 process_handle: 0x0000044c	1	1
NtResumeThread Nov. 14, 2023, 5:21 p.m.	thread_handle: 0x0000029c suspend_count: 1 process_identifier: 2772	1	0

software.exe

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All