Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Nov. 27, 2023, 9:23 a.m.	Nov. 27, 2023, 9:36 a.m.

Size	3.2MB
Type	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	`f4ba796f39305262e65d0ebd9d0ee33e`
SHA256	`ffad1db3679cbb413b1b72a358c986f37327530dddaf91f8feefaff59099b225`
CRC32	`7266CF2D`
ssdeep	`49152:OlK6hZB6fbUdfVXiZgX/uvuV6YM2bt831GstdvlbROZuaK60ZsOz/C:GK6hQUNMZgPehs1sP7OZqZs`
Yara	Malicious_Library_Zero - Malicious_Library IsPE32 - (no description) PE_Header_Zero - PE File Signature anti_vm_detect - Possibly employs anti-virtualization techniques UPX_Zero - UPX packed file themida_packer - themida packer

amd.exe "C:\Users\test22\AppData\Local\Temp\amd.exe"
2560
- Utsysc.exe "C:\Users\test22\AppData\Local\Temp\b64c58644b\Utsysc.exe"
  2716
  - schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\test22\AppData\Local\Temp\b64c58644b\Utsysc.exe" /F
    2788
  - hv.exe "C:\Users\test22\AppData\Local\Temp\1000078001\hv.exe"
    2904
    - RegAsm.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      3068
explorer.exe C:\Windows\Explorer.EXE
1452

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
142.251.220.46	Active	Moloch
138.201.120.172	Active	Moloch
185.172.128.100	Active	Moloch
185.172.128.113	Active	Moloch
45.77.97.135	Active	Moloch

Suricata Alerts

Flow	SID	Signature	Category
TCP 192.168.56.101:49166 -> 185.172.128.113:80	2016141	ET INFO Executable Download from dotted-quad Host	Potentially Bad Traffic
TCP 192.168.56.101:49166 -> 185.172.128.113:80	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	Potentially Bad Traffic
TCP 185.172.128.113:80 -> 192.168.56.101:49166	2018959	ET POLICY PE EXE or DLL Windows file download HTTP	Potential Corporate Privacy Violation
TCP 185.172.128.113:80 -> 192.168.56.101:49166	2016538	ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download	Potentially Bad Traffic
TCP 185.172.128.113:80 -> 192.168.56.101:49166	2021076	ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response	Potentially Bad Traffic
TCP 138.201.120.172:15648 -> 192.168.56.101:49172	2029217	ET MALWARE Arechclient2 Backdoor CnC Init	Malware Command and Control Activity Detected
TCP 192.168.56.101:49169 -> 185.172.128.100:80	2044696	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M2	A Network Trojan was detected

Suricata TLS

No Suricata TLS

Queries for the computername (26 events)

Time & API	Arguments	Status	Return
GetComputerNameW Nov. 27, 2023, 9:23 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameA Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1
GetComputerNameW Nov. 27, 2023, 9:24 a.m.	computer_name: TEST22-PC	1	1

Checks if process is being debugged by a debugger (6 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Nov. 27, 2023, 9:23 a.m.			0	0
IsDebuggerPresent Nov. 27, 2023, 9:23 a.m.			0	0
IsDebuggerPresent Nov. 27, 2023, 9:24 a.m.			0	0
IsDebuggerPresent Nov. 27, 2023, 9:24 a.m.			0	0
IsDebuggerPresent Nov. 27, 2023, 9:24 a.m.			0	0
IsDebuggerPresent Nov. 27, 2023, 9:24 a.m.			0	0

Command line console output was observed (1 event)

Time & API	Arguments	Status	Return	Repeated
WriteConsoleW Nov. 27, 2023, 9:23 a.m.	buffer: SUCCESS: The scheduled task "Utsysc.exe" has successfully been created. console_handle: 0x00000007	1	1	0

Uses Windows APIs to generate a cryptographic key (15 events)

Time & API	Arguments	Status	Return
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0036b9e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0036b7e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0036b7e8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0036b7a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0036b7a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x0036b5a8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007b4118 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007b4118 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007b3fd8 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007b4458 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007b4518 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007b4518 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007b4a18 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007b4a18 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1
CryptExportKey Nov. 27, 2023, 9:24 a.m.	buffer: <INVALID POINTER> crypto_handle: 0x007b4c18 flags: 0 crypto_export_handle: 0x00000000 blob_type: 6	1	1

Tries to locate where the browsers are installed (3 events)

file	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
file	C:\Program Files\Mozilla Firefox\firefox.exe
registry	HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome

Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available (1 event)

Time & API	Arguments	Status	Return	Repeated
GlobalMemoryStatusEx Nov. 27, 2023, 9:23 a.m.		1	1	0

The executable contains unknown PE section names indicative of a packer (could be a false positive) (3 events)

section
section	.themida
section	.boot

The file contains an unknown PE resource name possibly indicative of a packer (2 events)

resource name	ACTIONS
resource name	MUI

One or more processes crashed (43 events)

Time & API	Arguments	Status
__exception__ Nov. 27, 2023, 9:23 a.m.	stacktrace: amd+0x3debc5 @ 0x4cebc5 amd+0x407396 @ 0x4f7396 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc e9 ba 58 98 8a 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 10025248 registers.edi: 1826816 registers.eax: 10025248 registers.ebp: 10025328 registers.edx: 2130566132 registers.ebx: 32 registers.esi: 1995994155 registers.ecx: 2139488256	1
__exception__ Nov. 27, 2023, 9:23 a.m.	stacktrace: exception.instruction_r: ed e9 cf af 04 00 ad 03 3a 92 f2 c6 fe ff 94 f0 exception.symbol: amd+0x403863 exception.instruction: in eax, dx exception.module: amd.exe exception.exception_code: 0xc0000096 exception.offset: 4208739 exception.address: 0x4f3863 registers.esp: 10025368 registers.edi: 3490928 registers.eax: 1750617430 registers.ebp: 1826816 registers.edx: 2130532438 registers.ebx: 0 registers.esi: 13 registers.ecx: 20	1
__exception__ Nov. 27, 2023, 9:23 a.m.	stacktrace: exception.instruction_r: ed e9 05 09 02 00 c3 e9 09 08 03 00 ef b2 a9 4d exception.symbol: amd+0x3f6cdf exception.instruction: in eax, dx exception.module: amd.exe exception.exception_code: 0xc0000096 exception.offset: 4156639 exception.address: 0x4e6cdf registers.esp: 10025368 registers.edi: 3490928 registers.eax: 1447909480 registers.ebp: 1826816 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 13 registers.ecx: 10	1
__exception__ Nov. 27, 2023, 9:23 a.m.	stacktrace: utsysc+0x3debc5 @ 0xbfebc5 utsysc+0x407396 @ 0xc27396 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc e9 ba 58 0b 8b 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xc000008e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 3865820 registers.edi: 9363456 registers.eax: 3865820 registers.ebp: 3865900 registers.edx: 2130566132 registers.ebx: 32 registers.esi: 1995994155 registers.ecx: 1667104768	1
__exception__ Nov. 27, 2023, 9:23 a.m.	stacktrace: exception.instruction_r: ed e9 cf af 04 00 ad 03 3a 92 f2 c6 fe ff 94 f0 exception.symbol: utsysc+0x403863 exception.instruction: in eax, dx exception.module: Utsysc.exe exception.exception_code: 0xc0000096 exception.offset: 4208739 exception.address: 0xc23863 registers.esp: 3865940 registers.edi: 11027568 registers.eax: 1750617430 registers.ebp: 9363456 registers.edx: 2130532438 registers.ebx: 0 registers.esi: 13 registers.ecx: 20	1
__exception__ Nov. 27, 2023, 9:23 a.m.	stacktrace: exception.instruction_r: ed e9 05 09 02 00 c3 e9 09 08 03 00 ef b2 a9 4d exception.symbol: utsysc+0x3f6cdf exception.instruction: in eax, dx exception.module: Utsysc.exe exception.exception_code: 0xc0000096 exception.offset: 4156639 exception.address: 0xc16cdf registers.esp: 3865940 registers.edi: 11027568 registers.eax: 1447909480 registers.ebp: 9363456 registers.edx: 22104 registers.ebx: 2256917605 registers.esi: 13 registers.ecx: 10	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlDeleteBoundaryDescriptor+0x1b RtlAnsiStringToUnicodeString-0x2d ntdll+0x2e688 @ 0x76f3e688 RtlMultiByteToUnicodeN+0x11a RtlDeleteBoundaryDescriptor-0xe ntdll+0x2e65f @ 0x76f3e65f EtwEventRegister+0x17f EtwRegisterTraceGuidsW-0xa ntdll+0x3f839 @ 0x76f4f839 LdrGetProcedureAddressEx+0x11f wcsstr-0x99d ntdll+0x302ea @ 0x76f402ea LdrGetProcedureAddress+0x18 LdrGetProcedureAddressEx-0x9 ntdll+0x301c2 @ 0x76f401c2 New_ntdll_LdrGetProcedureAddress@16+0xcd New_ntdll_LdrLoadDll@16-0x87 @ 0x734dd3cd GetProcAddress+0x44 GetVersion-0x38 kernelbase+0x111c4 @ 0x759811c4 CreateAssemblyNameObject+0xe597 GetMetaDataInternalInterface-0x29ed8 clr+0x3ba30 @ 0x727dba30 CoUninitializeEE+0xa200 CreateAssemblyNameObject-0x3a55 clr+0x29a44 @ 0x727c9a44 CoUninitializeEE+0xa149 CreateAssemblyNameObject-0x3b0c clr+0x2998d @ 0x727c998d CoUninitializeEE+0xa055 CreateAssemblyNameObject-0x3c00 clr+0x29899 @ 0x727c9899 CoUninitializeEE+0x9fee CreateAssemblyNameObject-0x3c67 clr+0x29832 @ 0x727c9832 DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x727bbcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x727a2ae9 system+0x1eafc4 @ 0x70f6afc4 0xbca402 0xbc08a5 system+0x1f9799 @ 0x701b9799 system+0x1f92c8 @ 0x701b92c8 system+0x1eca74 @ 0x701aca74 system+0x1ec868 @ 0x701ac868 system+0x1f82b8 @ 0x701b82b8 system+0x1ee54d @ 0x701ae54d system+0x1f70ea @ 0x701b70ea system+0x1e56c0 @ 0x701a56c0 system+0x1f8215 @ 0x701b8215 system+0x1f6f75 @ 0x701b6f75 system+0x1ee251 @ 0x701ae251 system+0x1ee229 @ 0x701ae229 system+0x1ee170 @ 0x701ae170 0x53a08e gapfnScSendMessage+0x332 GetAppCompatFlags2-0x8ea user32+0x162fa @ 0x758562fa GetThreadDesktop+0xd7 GetWindowLongW-0x2c4 user32+0x16d3a @ 0x75856d3a GetWindow+0x3f0 SendMessageW-0x1b user32+0x1965e @ 0x7585965e SendMessageW+0x4c GetAncestor-0xc0 user32+0x196c5 @ 0x758596c5 system+0x208b08 @ 0x701c8b08 system+0xaa9bfd @ 0x70a69bfd system+0x1a5e44 @ 0x70165e44 system+0x1fd8a0 @ 0x701bd8a0 system+0x1fd792 @ 0x701bd792 system+0x1a14bd @ 0x701614bd 0xbc006a DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x2473 CorDllMainForThunk-0x8a088 clr+0xc74ec @ 0x728674ec DllGetClassObjectInternal+0x2597 CorDllMainForThunk-0x89f64 clr+0xc7610 @ 0x72867610 CorDllMainForThunk+0x850 _CorExeMain-0x238a clr+0x151dc4 @ 0x728f1dc4 CorDllMainForThunk+0x8f3 _CorExeMain-0x22e7 clr+0x151e67 @ 0x728f1e67 CorDllMainForThunk+0xa06 _CorExeMain-0x21d4 clr+0x151f7a @ 0x728f1f7a _CorExeMain+0x1c ClrCreateManagedInstance-0x35cd clr+0x15416a @ 0x728f416a _CorExeMain+0x71 GetFileVersion-0x293a mscoreei+0xf5a3 @ 0x7371f5a3 CreateConfigStream+0x13f GetProcessExecutableHeap-0xad6 mscoree+0x7f16 @ 0x73797f16 _CorExeMain+0x8 CreateConfigStream-0x2ff4 mscoree+0x4de3 @ 0x73794de3 RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e exception.instruction: mov eax, dword ptr [esi + 4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189342 exception.address: 0x76f3e39e registers.esp: 2286280 registers.edi: 82564752 registers.eax: 0 registers.ebp: 2286332 registers.edx: 82564760 registers.ebx: 82564760 registers.esi: 1013240700 registers.ecx: 3473408	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x727a2170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x727a2195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x727a21a6 CoUninitializeEE+0xd8a2 CreateAssemblyNameObject-0x3b3 clr+0x2d0e6 @ 0x727cd0e6 DllGetActivationFactoryImpl+0x5d17 CreateApplicationContext-0x4825 clr+0xa24fe @ 0x728424fe mscorlib+0x2d54f0 @ 0x719d54f0 mscorlib+0x2d54a5 @ 0x719d54a5 mscorlib+0x2d5c33 @ 0x719d5c33 mscorlib+0x2d7894 @ 0x719d7894 mscorlib+0x2d74ff @ 0x719d74ff mscorlib+0x2d71c3 @ 0x719d71c3 mscorlib+0x2d6c3c @ 0x719d6c3c mscorlib+0x2fcfb1 @ 0x719fcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x719fce7e mscorlib+0x2fcd8c @ 0x719fcd8c mscorlib+0x2fcd0b @ 0x719fcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x720bc1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x734e482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlDeleteBoundaryDescriptor+0x1b RtlAnsiStringToUnicodeString-0x2d ntdll+0x2e688 @ 0x76f3e688 RtlMultiByteToUnicodeN+0x11a RtlDeleteBoundaryDescriptor-0xe ntdll+0x2e65f @ 0x76f3e65f EtwEventRegister+0x17f EtwRegisterTraceGuidsW-0xa ntdll+0x3f839 @ 0x76f4f839 LdrGetProcedureAddressEx+0x11f wcsstr-0x99d ntdll+0x302ea @ 0x76f402ea LdrGetProcedureAddress+0x18 LdrGetProcedureAddressEx-0x9 ntdll+0x301c2 @ 0x76f401c2 New_ntdll_LdrGetProcedureAddress@16+0xcd New_ntdll_LdrLoadDll@16-0x87 @ 0x734dd3cd GetProcAddress+0x44 GetVersion-0x38 kernelbase+0x111c4 @ 0x759811c4 CreateAssemblyNameObject+0xe597 GetMetaDataInternalInterface-0x29ed8 clr+0x3ba30 @ 0x727dba30 CoUninitializeEE+0xa200 CreateAssemblyNameObject-0x3a55 clr+0x29a44 @ 0x727c9a44 CoUninitializeEE+0xa149 CreateAssemblyNameObject-0x3b0c clr+0x2998d @ 0x727c998d CoUninitializeEE+0xa055 CreateAssemblyNameObject-0x3c00 clr+0x29899 @ 0x727c9899 CoUninitializeEE+0x9fee CreateAssemblyNameObject-0x3c67 clr+0x29832 @ 0x727c9832 DllRegisterServerInternal+0x98c9 CoUninitializeEE-0x3b6f clr+0x1bcd5 @ 0x727bbcd5 DllUnregisterServerInternal-0x760b clr+0x2ae9 @ 0x727a2ae9 system+0x1eafc4 @ 0x70f6afc4 0xbca402 0xbc08a5 system+0x1f9799 @ 0x701b9799 system+0x1f92c8 @ 0x701b92c8 system+0x1eca74 @ 0x701aca74 exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e exception.instruction: mov eax, dword ptr [esi + 4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189342 exception.address: 0x76f3e39e registers.esp: 2281084 registers.edi: 82564568 registers.eax: 82521120 registers.ebp: 2281136 registers.edx: 82564576 registers.ebx: 82564576 registers.esi: 948961077 registers.ecx: 3473408	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x734d3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x729334e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x72933682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x72935947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x72935b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x72935543 StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x72931e51 StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x72932004 mscorlib+0x355147 @ 0x71a55147 mscorlib+0x985c14 @ 0x72085c14 mscorlib+0x9b45cf @ 0x720b45cf mscorlib+0xd224c1 @ 0x724224c1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x719fce7e mscorlib+0x2fcd8c @ 0x719fcd8c mscorlib+0x2fcd0b @ 0x719fcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x720bc1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x734e482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 HeapFree+0x14 GetProcessHeap-0xc kernel32+0x114dd @ 0x755c14dd DllUnregisterServerInternal-0x7f84 clr+0x2170 @ 0x727a2170 DllUnregisterServerInternal-0x7f5f clr+0x2195 @ 0x727a2195 DllUnregisterServerInternal-0x7f4e clr+0x21a6 @ 0x727a21a6 CoUninitializeEE+0xd8a2 CreateAssemblyNameObject-0x3b3 clr+0x2d0e6 @ 0x727cd0e6 DllGetActivationFactoryImpl+0x5d17 CreateApplicationContext-0x4825 clr+0xa24fe @ 0x728424fe mscorlib+0x2d54f0 @ 0x719d54f0 mscorlib+0x2d54a5 @ 0x719d54a5 mscorlib+0x2d5c33 @ 0x719d5c33 mscorlib+0x2d7894 @ 0x719d7894 mscorlib+0x2d74ff @ 0x719d74ff mscorlib+0x2d71c3 @ 0x719d71c3 mscorlib+0x2d6c3c @ 0x719d6c3c mscorlib+0x2fcfb1 @ 0x719fcfb1 exception.instruction_r: 8b 46 04 89 45 f4 c6 47 07 80 c6 47 06 00 8b 5e exception.symbol: RtlInitUnicodeString+0x196 RtlMultiByteToUnicodeN-0x1a7 ntdll+0x2e39e exception.instruction: mov eax, dword ptr [esi + 4] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189342 exception.address: 0x76f3e39e registers.esp: 2272920 registers.edi: 82568720 registers.eax: 1344882 registers.ebp: 2272972 registers.edx: 82568728 registers.ebx: 82568728 registers.esi: 1013993502 registers.ecx: 3473408	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x76f3e0d2 DllUnregisterServerInternal-0x7fe0 clr+0x2114 @ 0x727a2114 DllUnregisterServerInternal-0x7fa5 clr+0x214f @ 0x727a214f CreateAssemblyNameObject+0x263 GetMetaDataInternalInterface-0x3820c clr+0x2d6fc @ 0x727cd6fc CreateAssemblyNameObject+0x1af GetMetaDataInternalInterface-0x382c0 clr+0x2d648 @ 0x727cd648 CreateAssemblyNameObject+0x27106 GetMetaDataInternalInterface-0x11369 clr+0x5459f @ 0x727f459f DllGetClassObjectInternal+0x355f9 CorDllMainForThunk-0x56f02 clr+0xfa672 @ 0x7289a672 PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x719d5f5f mscorlib+0x2d5c33 @ 0x719d5c33 mscorlib+0x2d7894 @ 0x719d7894 mscorlib+0x2d74ff @ 0x719d74ff mscorlib+0x2d71c3 @ 0x719d71c3 mscorlib+0x2d6c3c @ 0x719d6c3c mscorlib+0x2fcfb1 @ 0x719fcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x719fce7e mscorlib+0x2fcd8c @ 0x719fcd8c mscorlib+0x2fcd0b @ 0x719fcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x720bc1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x734e482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x734d3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x729334e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x72933682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x72935947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x72935b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x72935543 StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x72931e51 StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x72932004 mscorlib+0x355147 @ 0x71a55147 mscorlib+0x985c14 @ 0x72085c14 mscorlib+0x9b45cf @ 0x720b45cf mscorlib+0xd224c1 @ 0x724224c1 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89 exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189172 exception.address: 0x76f3e2f4 registers.esp: 2266264 registers.edi: 73 registers.eax: 82914776 registers.ebp: 2266396 registers.edx: 3504048 registers.ebx: 3583143157 registers.esi: 82914784 registers.ecx: 82521128	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x76f3e0d2 DllUnregisterServerInternal-0x7fe0 clr+0x2114 @ 0x727a2114 DllUnregisterServerInternal-0x7fa5 clr+0x214f @ 0x727a214f CreateAssemblyNameObject+0x263 GetMetaDataInternalInterface-0x3820c clr+0x2d6fc @ 0x727cd6fc CreateAssemblyNameObject+0x1af GetMetaDataInternalInterface-0x382c0 clr+0x2d648 @ 0x727cd648 CreateAssemblyNameObject+0x27106 GetMetaDataInternalInterface-0x11369 clr+0x5459f @ 0x727f459f DllGetClassObjectInternal+0x355f9 CorDllMainForThunk-0x56f02 clr+0xfa672 @ 0x7289a672 PreBindAssemblyEx+0xe96a StrongNameSignatureVerification-0x35e1 clr+0x1864d5 @ 0x729264d5 mscorlib+0x2d5f5f @ 0x719d5f5f mscorlib+0x2d5c33 @ 0x719d5c33 mscorlib+0x2d7894 @ 0x719d7894 mscorlib+0x2d74ff @ 0x719d74ff mscorlib+0x2d71c3 @ 0x719d71c3 mscorlib+0x2d6c3c @ 0x719d6c3c mscorlib+0x2fcfb1 @ 0x719fcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x719fce7e mscorlib+0x2fcd8c @ 0x719fcd8c mscorlib+0x2fcd0b @ 0x719fcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x720bc1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x734e482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x734d3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x729334e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x72933682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x72935947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x72935b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x72935543 StrongNameSignatureVerification+0x839b GetMetaDataPublicInterfaceFromInternal-0x34b5 clr+0x191e51 @ 0x72931e51 StrongNameSignatureVerification+0x854e GetMetaDataPublicInterfaceFromInternal-0x3302 clr+0x192004 @ 0x72932004 mscorlib+0x355147 @ 0x71a55147 mscorlib+0x985c14 @ 0x72085c14 mscorlib+0x9b45cf @ 0x720b45cf mscorlib+0xd224c1 @ 0x724224c1 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89 exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 225032 exception.address: 0x76f46f08 registers.esp: 2266264 registers.edi: 3583143157 registers.eax: 82914776 registers.ebp: 2266396 registers.edx: 2868904010 registers.ebx: 73 registers.esi: 82914784 registers.ecx: 82521128	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x76f3e0d2 DllGetClassObjectInternal+0x3995f CorDllMainForThunk-0x52b9c clr+0xfe9d8 @ 0x7289e9d8 DllGetClassObjectInternal+0x3cb36 CorDllMainForThunk-0x4f9c5 clr+0x101baf @ 0x728a1baf DllGetClassObjectInternal+0x3cb02 CorDllMainForThunk-0x4f9f9 clr+0x101b7b @ 0x728a1b7b DllGetClassObjectInternal+0x3d036 CorDllMainForThunk-0x4f4c5 clr+0x1020af @ 0x728a20af DllGetClassObjectInternal+0x3d08d CorDllMainForThunk-0x4f46e clr+0x102106 @ 0x728a2106 DllGetClassObjectInternal+0x3c8ff CorDllMainForThunk-0x4fbfc clr+0x101978 @ 0x728a1978 DllGetClassObjectInternal+0x3c9d8 CorDllMainForThunk-0x4fb23 clr+0x101a51 @ 0x728a1a51 DllGetClassObjectInternal+0x3e19b CorDllMainForThunk-0x4e360 clr+0x103214 @ 0x728a3214 DllGetClassObjectInternal+0x3e4b7 CorDllMainForThunk-0x4e044 clr+0x103530 @ 0x728a3530 DllGetClassObjectInternal+0x3e3ed CorDllMainForThunk-0x4e10e clr+0x103466 @ 0x728a3466 DllGetClassObjectInternal+0x3ce60 CorDllMainForThunk-0x4f69b clr+0x101ed9 @ 0x728a1ed9 DllGetClassObjectInternal+0x3cf04 CorDllMainForThunk-0x4f5f7 clr+0x101f7d @ 0x728a1f7d DllGetClassObjectInternal+0x3cf99 CorDllMainForThunk-0x4f562 clr+0x102012 @ 0x728a2012 DllGetClassObjectInternal+0x41789 CorDllMainForThunk-0x4ad72 clr+0x106802 @ 0x728a6802 DllGetClassObjectInternal+0x417dc CorDllMainForThunk-0x4ad1f clr+0x106855 @ 0x728a6855 DllGetClassObjectInternal+0x40b7e CorDllMainForThunk-0x4b97d clr+0x105bf7 @ 0x728a5bf7 DllGetClassObjectInternal+0x3a1da CorDllMainForThunk-0x52321 clr+0xff253 @ 0x7289f253 CreateAssemblyNameObject+0x368 GetMetaDataInternalInterface-0x38107 clr+0x2d801 @ 0x727cd801 CreateAssemblyNameObject+0x8d GetMetaDataInternalInterface-0x383e2 clr+0x2d526 @ 0x727cd526 mscorlib+0x3915ca @ 0x71a915ca mscorlib+0x34f009 @ 0x71a4f009 mscorlib+0x2d5f6a @ 0x719d5f6a mscorlib+0x2d5c33 @ 0x719d5c33 mscorlib+0x2d7894 @ 0x719d7894 mscorlib+0x2d74ff @ 0x719d74ff mscorlib+0x2d71c3 @ 0x719d71c3 mscorlib+0x2d6c3c @ 0x719d6c3c mscorlib+0x2fcfb1 @ 0x719fcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x719fce7e mscorlib+0x2fcd8c @ 0x719fcd8c mscorlib+0x2fcd0b @ 0x719fcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x720bc1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x734e482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89 exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189172 exception.address: 0x76f3e2f4 registers.esp: 2264304 registers.edi: 73 registers.eax: 82914776 registers.ebp: 2264436 registers.edx: 3504048 registers.ebx: 3583143159 registers.esi: 82914784 registers.ecx: 82521128	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x76f3e0d2 DllGetClassObjectInternal+0x3995f CorDllMainForThunk-0x52b9c clr+0xfe9d8 @ 0x7289e9d8 DllGetClassObjectInternal+0x3cb36 CorDllMainForThunk-0x4f9c5 clr+0x101baf @ 0x728a1baf DllGetClassObjectInternal+0x3cb02 CorDllMainForThunk-0x4f9f9 clr+0x101b7b @ 0x728a1b7b DllGetClassObjectInternal+0x3d036 CorDllMainForThunk-0x4f4c5 clr+0x1020af @ 0x728a20af DllGetClassObjectInternal+0x3d08d CorDllMainForThunk-0x4f46e clr+0x102106 @ 0x728a2106 DllGetClassObjectInternal+0x3c8ff CorDllMainForThunk-0x4fbfc clr+0x101978 @ 0x728a1978 DllGetClassObjectInternal+0x3c9d8 CorDllMainForThunk-0x4fb23 clr+0x101a51 @ 0x728a1a51 DllGetClassObjectInternal+0x3e19b CorDllMainForThunk-0x4e360 clr+0x103214 @ 0x728a3214 DllGetClassObjectInternal+0x3e4b7 CorDllMainForThunk-0x4e044 clr+0x103530 @ 0x728a3530 DllGetClassObjectInternal+0x3e3ed CorDllMainForThunk-0x4e10e clr+0x103466 @ 0x728a3466 DllGetClassObjectInternal+0x3ce60 CorDllMainForThunk-0x4f69b clr+0x101ed9 @ 0x728a1ed9 DllGetClassObjectInternal+0x3cf04 CorDllMainForThunk-0x4f5f7 clr+0x101f7d @ 0x728a1f7d DllGetClassObjectInternal+0x3cf99 CorDllMainForThunk-0x4f562 clr+0x102012 @ 0x728a2012 DllGetClassObjectInternal+0x41789 CorDllMainForThunk-0x4ad72 clr+0x106802 @ 0x728a6802 DllGetClassObjectInternal+0x417dc CorDllMainForThunk-0x4ad1f clr+0x106855 @ 0x728a6855 DllGetClassObjectInternal+0x40b7e CorDllMainForThunk-0x4b97d clr+0x105bf7 @ 0x728a5bf7 DllGetClassObjectInternal+0x3a1da CorDllMainForThunk-0x52321 clr+0xff253 @ 0x7289f253 CreateAssemblyNameObject+0x368 GetMetaDataInternalInterface-0x38107 clr+0x2d801 @ 0x727cd801 CreateAssemblyNameObject+0x8d GetMetaDataInternalInterface-0x383e2 clr+0x2d526 @ 0x727cd526 mscorlib+0x3915ca @ 0x71a915ca mscorlib+0x34f009 @ 0x71a4f009 mscorlib+0x2d5f6a @ 0x719d5f6a mscorlib+0x2d5c33 @ 0x719d5c33 mscorlib+0x2d7894 @ 0x719d7894 mscorlib+0x2d74ff @ 0x719d74ff mscorlib+0x2d71c3 @ 0x719d71c3 mscorlib+0x2d6c3c @ 0x719d6c3c mscorlib+0x2fcfb1 @ 0x719fcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x719fce7e mscorlib+0x2fcd8c @ 0x719fcd8c mscorlib+0x2fcd0b @ 0x719fcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x720bc1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x734e482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b d8 0b fa 89 exception.symbol: LdrUnlockLoaderLock+0x2cc RtlInitUnicodeStringEx-0xe6b ntdll+0x36f08 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 225032 exception.address: 0x76f46f08 registers.esp: 2264304 registers.edi: 3583143159 registers.eax: 82914776 registers.ebp: 2264436 registers.edx: 2868904010 registers.ebx: 73 registers.esi: 82914784 registers.ecx: 82521128	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: RtlAllocateHeap+0xac RtlFreeAnsiString-0x54 ntdll+0x2e0d2 @ 0x76f3e0d2 DllUnregisterServerInternal-0x7fe0 clr+0x2114 @ 0x727a2114 DllUnregisterServerInternal-0x7fa5 clr+0x214f @ 0x727a214f CreateAssemblyNameObject+0x263 GetMetaDataInternalInterface-0x3820c clr+0x2d6fc @ 0x727cd6fc CreateAssemblyNameObject+0x1af GetMetaDataInternalInterface-0x382c0 clr+0x2d648 @ 0x727cd648 CreateAssemblyNameObject+0x73f GetMetaDataInternalInterface-0x37d30 clr+0x2dbd8 @ 0x727cdbd8 CreateAssemblyNameObject+0x7e0 GetMetaDataInternalInterface-0x37c8f clr+0x2dc79 @ 0x727cdc79 DllGetClassObjectInternal+0x41f5a CorDllMainForThunk-0x4a5a1 clr+0x106fd3 @ 0x728a6fd3 DllGetClassObjectInternal+0x41e52 CorDllMainForThunk-0x4a6a9 clr+0x106ecb @ 0x728a6ecb DllGetClassObjectInternal+0x3a4ea CorDllMainForThunk-0x52011 clr+0xff563 @ 0x7289f563 CreateAssemblyNameObject+0x368 GetMetaDataInternalInterface-0x38107 clr+0x2d801 @ 0x727cd801 CreateAssemblyNameObject+0x8d GetMetaDataInternalInterface-0x383e2 clr+0x2d526 @ 0x727cd526 mscorlib+0x3915ca @ 0x71a915ca mscorlib+0x34f009 @ 0x71a4f009 mscorlib+0x2d5f6a @ 0x719d5f6a mscorlib+0x2d5c33 @ 0x719d5c33 mscorlib+0x2d7894 @ 0x719d7894 mscorlib+0x2d74ff @ 0x719d74ff mscorlib+0x2d71c3 @ 0x719d71c3 mscorlib+0x2d6c3c @ 0x719d6c3c mscorlib+0x2fcfb1 @ 0x719fcfb1 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x38b0b CorDllMainForThunk-0x539f0 clr+0xfdb84 @ 0x7289db84 DllGetClassObjectInternal+0x38c16 CorDllMainForThunk-0x538e5 clr+0xfdc8f @ 0x7289dc8f mscorlib+0x2fce7e @ 0x719fce7e mscorlib+0x2fcd8c @ 0x719fcd8c mscorlib+0x2fcd0b @ 0x719fcd0b DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetClassObjectInternal+0x6069a CorDllMainForThunk-0x2be61 clr+0x125713 @ 0x728c5713 DllGetClassObjectInternal+0x6075c CorDllMainForThunk-0x2bd9f clr+0x1257d5 @ 0x728c57d5 mscorlib+0x9bc1c8 @ 0x720bc1c8 DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f CoUninitializeEE+0xa5b4 CreateAssemblyNameObject-0x36a1 clr+0x29df8 @ 0x727c9df8 CoUninitializeEE+0xa5eb CreateAssemblyNameObject-0x366a clr+0x29e2f @ 0x727c9e2f DllGetClassObjectInternal+0xc874 CorDllMainForThunk-0x7fc87 clr+0xd18ed @ 0x728718ed DllGetClassObjectInternal+0xcb84 CorDllMainForThunk-0x7f977 clr+0xd1bfd @ 0x72871bfd CreateHistoryReader+0x13d0e PostErrorVA-0x155251 clr+0x223553 @ 0x729c3553 LookupHistoryAssembly+0x1550 CoEEShutDownCOM-0x2c2c clr+0x1d8a42 @ 0x72978a42 DllGetClassObjectInternal+0x5fe1c CorDllMainForThunk-0x2c6df clr+0x124e95 @ 0x728c4e95 DllGetClassObjectInternal+0x5fd5f CorDllMainForThunk-0x2c79c clr+0x124dd8 @ 0x728c4dd8 RtlDosSearchPath_Ustr+0xada RtlCaptureContext-0x72 ntdll+0x46ab9 @ 0x76f56ab9 RtlDosSearchPath_Ustr+0xaac RtlCaptureContext-0xa0 ntdll+0x46a8b @ 0x76f56a8b New_ntdll_RtlDispatchException@8+0xf6 New_ntdll_RtlRemoveVectoredContinueHandler@4-0x23 @ 0x734e482b KiUserExceptionDispatcher+0xf KiRaiseUserExceptionDispatcher-0x41 ntdll+0x10143 @ 0x76f20143 RtlFreeHeap+0x7e RtlAllocateHeap-0x23 ntdll+0x2e003 @ 0x76f3e003 RtlFreeSid+0x1b RtlAllocateAndInitializeSid-0x15 ntdll+0x393cd @ 0x76f493cd GetComputerNameA+0xa84 GetFileInformationByHandleEx-0x62b kernel32+0x2c164 @ 0x755dc164 GetComputerNameA+0xaef GetFileInformationByHandleEx-0x5c0 kernel32+0x2c1cf @ 0x755dc1cf GetComputerNameA+0xab1 GetFileInformationByHandleEx-0x5fe kernel32+0x2c191 @ 0x755dc191 MapViewOfFileEx+0x21 InitializeCriticalSectionEx-0x84 kernel32+0x14ca4 @ 0x755c4ca4 RegOpenKeyExW+0xf6 LocalFree-0x935 kernel32+0x12407 @ 0x755c2407 RegOpenKeyExW+0x21 LocalFree-0xa0a kernel32+0x12332 @ 0x755c2332 New_advapi32_RegOpenKeyExW@20+0x4f New_advapi32_RegQueryInfoKeyA@48-0x173 @ 0x734d3ca1 CreateAssemblyNameObject+0xc283 GetMetaDataInternalInterface-0x2c1ec clr+0x3971c @ 0x727d971c StrongNameSignatureVerification+0x9a32 GetMetaDataPublicInterfaceFromInternal-0x1e1e clr+0x1934e8 @ 0x729334e8 StrongNameSignatureVerification+0x9bcc GetMetaDataPublicInterfaceFromInternal-0x1c84 clr+0x193682 @ 0x72933682 GetMetaDataPublicInterfaceFromInternal+0x641 CopyPDBs-0x2fb clr+0x195947 @ 0x72935947 GetMetaDataPublicInterfaceFromInternal+0x850 CopyPDBs-0xec clr+0x195b56 @ 0x72935b56 GetMetaDataPublicInterfaceFromInternal+0x23d CopyPDBs-0x6ff clr+0x195543 @ 0x72935543 exception.instruction_r: 0f b7 06 99 0f a4 c2 10 c1 e0 10 0b f8 0b da 89 exception.symbol: RtlInitUnicodeString+0xec RtlMultiByteToUnicodeN-0x251 ntdll+0x2e2f4 exception.instruction: movzx eax, word ptr [esi] exception.module: ntdll.dll exception.exception_code: 0xc0000005 exception.offset: 189172 exception.address: 0x76f3e2f4 registers.esp: 2265256 registers.edi: 73 registers.eax: 82914776 registers.ebp: 2265388 registers.edx: 3504048 registers.ebx: 3583143160 registers.esi: 82914784 registers.ecx: 82521128	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x55914b2 0x25ceaeb 0x25cc74f 0x25cc1cd 0x25cb2d1 0x25c9df1 0x25c1efa 0xbdd0bb 0xbd5497 0xbd46f5 0xbd42f0 system+0x205d05 @ 0x70f85d05 system+0x205cdf @ 0x70f85cdf mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 system+0x205c60 @ 0x70f85c60 system+0x205467 @ 0x70f85467 mscorlib+0x34bb1e @ 0x71a4bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 bc 8b 45 bc 89 45 b8 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5591767 registers.esp: 88397540 registers.edi: 88397604 registers.eax: 0 registers.ebp: 88397616 registers.edx: 8276352 registers.ebx: 1090824891 registers.esi: 44675860 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x559606c 0x5595eb9 0x5595dc6 0x559474a 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x25cb2d1 0x25c9df1 0x25c1efa 0xbdd0bb 0xbd5497 0xbd46f5 0xbd42f0 system+0x205d05 @ 0x70f85d05 system+0x205cdf @ 0x70f85cdf mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 system+0x205c60 @ 0x70f85c60 system+0x205467 @ 0x70f85467 mscorlib+0x34bb1e @ 0x71a4bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 88395528 registers.edi: 88396036 registers.eax: 0 registers.ebp: 88396048 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44883360 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x559606c 0x5595eb9 0x5595dde 0x559474a 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x25cb2d1 0x25c9df1 0x25c1efa 0xbdd0bb 0xbd5497 0xbd46f5 0xbd42f0 system+0x205d05 @ 0x70f85d05 system+0x205cdf @ 0x70f85cdf mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 system+0x205c60 @ 0x70f85c60 system+0x205467 @ 0x70f85467 mscorlib+0x34bb1e @ 0x71a4bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 88395528 registers.edi: 88396036 registers.eax: 0 registers.ebp: 88396048 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44883360 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x559606c 0x5595eb9 0x5595dde 0x559474a 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x25cb2d1 0x25c9df1 0x25c1efa 0xbdd0bb 0xbd5497 0xbd46f5 0xbd42f0 system+0x205d05 @ 0x70f85d05 system+0x205cdf @ 0x70f85cdf mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 system+0x205c60 @ 0x70f85c60 system+0x205467 @ 0x70f85467 mscorlib+0x34bb1e @ 0x71a4bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 88395528 registers.edi: 88396036 registers.eax: 0 registers.ebp: 88396048 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44883360 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x559ee39 0x559eaa5 0x5595dc6 0x5594850 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x25cb2d1 0x25c9df1 0x25c1efa 0xbdd0bb 0xbd5497 0xbd46f5 0xbd42f0 system+0x205d05 @ 0x70f85d05 system+0x205cdf @ 0x70f85cdf mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 system+0x205c60 @ 0x70f85c60 system+0x205467 @ 0x70f85467 mscorlib+0x34bb1e @ 0x71a4bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 88395224 registers.edi: 88395732 registers.eax: 0 registers.ebp: 88395744 registers.edx: 82326768 registers.ebx: 5 registers.esi: 43838772 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x559ee39 0x559eaa5 0x5595dde 0x5594850 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x25cb2d1 0x25c9df1 0x25c1efa 0xbdd0bb 0xbd5497 0xbd46f5 0xbd42f0 system+0x205d05 @ 0x70f85d05 system+0x205cdf @ 0x70f85cdf mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 system+0x205c60 @ 0x70f85c60 system+0x205467 @ 0x70f85467 mscorlib+0x34bb1e @ 0x71a4bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 88395224 registers.edi: 88395732 registers.eax: 0 registers.ebp: 88395744 registers.edx: 82326768 registers.ebx: 5 registers.esi: 43838772 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x559ee39 0x559eaa5 0x5595dde 0x5594850 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x25cb2d1 0x25c9df1 0x25c1efa 0xbdd0bb 0xbd5497 0xbd46f5 0xbd42f0 system+0x205d05 @ 0x70f85d05 system+0x205cdf @ 0x70f85cdf mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 system+0x205c60 @ 0x70f85c60 system+0x205467 @ 0x70f85467 mscorlib+0x34bb1e @ 0x71a4bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 88395224 registers.edi: 88395732 registers.eax: 0 registers.ebp: 88395744 registers.edx: 82326768 registers.ebx: 5 registers.esi: 43838772 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x57f1100 0x57f0f19 0x5595dc6 0x559493d 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x25cb2d1 0x25c9df1 0x25c1efa 0xbdd0bb 0xbd5497 0xbd46f5 0xbd42f0 system+0x205d05 @ 0x70f85d05 system+0x205cdf @ 0x70f85cdf mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 system+0x205c60 @ 0x70f85c60 system+0x205467 @ 0x70f85467 mscorlib+0x34bb1e @ 0x71a4bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 88395640 registers.edi: 88396148 registers.eax: 0 registers.ebp: 88396160 registers.edx: 82326768 registers.ebx: 5 registers.esi: 43838772 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x57f1100 0x57f0f19 0x5595dde 0x559493d 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x25cb2d1 0x25c9df1 0x25c1efa 0xbdd0bb 0xbd5497 0xbd46f5 0xbd42f0 system+0x205d05 @ 0x70f85d05 system+0x205cdf @ 0x70f85cdf mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 system+0x205c60 @ 0x70f85c60 system+0x205467 @ 0x70f85467 mscorlib+0x34bb1e @ 0x71a4bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 88395640 registers.edi: 88396148 registers.eax: 0 registers.ebp: 88396160 registers.edx: 82326768 registers.ebx: 5 registers.esi: 43838772 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x57f1100 0x57f0f19 0x5595dde 0x559493d 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x25cb2d1 0x25c9df1 0x25c1efa 0xbdd0bb 0xbd5497 0xbd46f5 0xbd42f0 system+0x205d05 @ 0x70f85d05 system+0x205cdf @ 0x70f85cdf mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 system+0x205c60 @ 0x70f85c60 system+0x205467 @ 0x70f85467 mscorlib+0x34bb1e @ 0x71a4bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 88395640 registers.edi: 88396148 registers.eax: 0 registers.ebp: 88396160 registers.edx: 82326768 registers.ebx: 5 registers.esi: 43838772 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x57f1b19 0x57f194c 0x5595dc6 0x5594a8c 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x25cb2d1 0x25c9df1 0x25c1efa 0xbdd0bb 0xbd5497 0xbd46f5 0xbd42f0 system+0x205d05 @ 0x70f85d05 system+0x205cdf @ 0x70f85cdf mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 system+0x205c60 @ 0x70f85c60 system+0x205467 @ 0x70f85467 mscorlib+0x34bb1e @ 0x71a4bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 88395216 registers.edi: 88395724 registers.eax: 0 registers.ebp: 88395736 registers.edx: 82326768 registers.ebx: 5 registers.esi: 43838772 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x57f1b19 0x57f194c 0x5595dde 0x5594a8c 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x25cb2d1 0x25c9df1 0x25c1efa 0xbdd0bb 0xbd5497 0xbd46f5 0xbd42f0 system+0x205d05 @ 0x70f85d05 system+0x205cdf @ 0x70f85cdf mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 system+0x205c60 @ 0x70f85c60 system+0x205467 @ 0x70f85467 mscorlib+0x34bb1e @ 0x71a4bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 88395216 registers.edi: 88395724 registers.eax: 0 registers.ebp: 88395736 registers.edx: 82326768 registers.ebx: 5 registers.esi: 43838772 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x57f1b19 0x57f194c 0x5595dde 0x5594a8c 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x25cb2d1 0x25c9df1 0x25c1efa 0xbdd0bb 0xbd5497 0xbd46f5 0xbd42f0 system+0x205d05 @ 0x70f85d05 system+0x205cdf @ 0x70f85cdf mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 system+0x205c60 @ 0x70f85c60 system+0x205467 @ 0x70f85467 mscorlib+0x34bb1e @ 0x71a4bb1e DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0x79c6 CoUninitializeEE-0x5a72 clr+0x19dd2 @ 0x727b9dd2 DllGetClassObjectInternal+0x74073 CorDllMainForThunk-0x18488 clr+0x1390ec @ 0x728d90ec LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetClassObjectInternal+0x7412f CorDllMainForThunk-0x183cc clr+0x1391a8 @ 0x728d91a8 DllGetClassObjectInternal+0x74178 CorDllMainForThunk-0x18383 clr+0x1391f1 @ 0x728d91f1 GetMetaDataInternalInterfaceFromPublic+0xab22 PreBindAssemblyEx-0x982 clr+0x1771e9 @ 0x729171e9 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 88395216 registers.edi: 88395724 registers.eax: 0 registers.ebp: 88395736 registers.edx: 82326768 registers.ebx: 5 registers.esi: 43838772 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x55914b2 0x25ceaeb 0x25cc74f 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 8b 01 8b 40 28 ff 10 89 45 bc 8b 45 bc 89 45 b8 exception.instruction: mov eax, dword ptr [ecx] exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5591767 registers.esp: 113567600 registers.edi: 113567664 registers.eax: 0 registers.ebp: 113567676 registers.edx: 93672736 registers.ebx: 1090824891 registers.esi: 44431060 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x559606c 0x5595eb9 0x5595dc6 0x559474a 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 113565588 registers.edi: 113566096 registers.eax: 0 registers.ebp: 113566108 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44608944 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x559606c 0x5595eb9 0x5595dde 0x559474a 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 113565588 registers.edi: 113566096 registers.eax: 0 registers.ebp: 113566108 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44608944 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x559606c 0x5595eb9 0x5595dde 0x559474a 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 113565588 registers.edi: 113566096 registers.eax: 0 registers.ebp: 113566108 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44608944 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x559ee39 0x559eaa5 0x5595dc6 0x5594850 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 113565284 registers.edi: 113565792 registers.eax: 0 registers.ebp: 113565804 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44004684 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x559ee39 0x559eaa5 0x5595dde 0x5594850 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 113565284 registers.edi: 113565792 registers.eax: 0 registers.ebp: 113565804 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44004684 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x559ee39 0x559eaa5 0x5595dde 0x5594850 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 113565284 registers.edi: 113565792 registers.eax: 0 registers.ebp: 113565804 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44004684 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x57f1100 0x57f0f19 0x5595dc6 0x559493d 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 113565700 registers.edi: 113566208 registers.eax: 0 registers.ebp: 113566220 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44004684 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x57f1100 0x57f0f19 0x5595dde 0x559493d 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 113565700 registers.edi: 113566208 registers.eax: 0 registers.ebp: 113566220 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44004684 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x57f1100 0x57f0f19 0x5595dde 0x559493d 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 113565700 registers.edi: 113566208 registers.eax: 0 registers.ebp: 113566220 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44004684 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x57f1b19 0x57f194c 0x5595dc6 0x5594a8c 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 113565276 registers.edi: 113565784 registers.eax: 0 registers.ebp: 113565796 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44004684 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x57f1b19 0x57f194c 0x5595dde 0x5594a8c 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 113565276 registers.edi: 113565784 registers.eax: 0 registers.ebp: 113565796 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44004684 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: 0x57f1b19 0x57f194c 0x5595dde 0x5594a8c 0x5592271 0x5591fd1 0x25cc907 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: 39 09 ff 15 60 36 e8 04 89 85 30 fe ff ff 8b 85 exception.instruction: cmp dword ptr [ecx], ecx exception.exception_code: 0xc0000005 exception.symbol: exception.address: 0x5597619 registers.esp: 113565276 registers.edi: 113565784 registers.eax: 0 registers.ebp: 113565796 registers.edx: 82326768 registers.ebx: 5 registers.esi: 44001552 registers.ecx: 0	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x72951194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x72822ba1 mscorlib+0x36dd51 @ 0x71a6dd51 mscorlib+0x32fea6 @ 0x71a2fea6 mscorlib+0x30ab40 @ 0x71a0ab40 0x5597c84 0x644d3dc 0x644c913 0x57f63b4 0x5591fd1 0x25cc907 0x25cc1cd 0x6444116 0x64428cc 0x6440e08 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 113567416 registers.edi: 0 registers.eax: 113567416 registers.ebp: 113567496 registers.edx: 0 registers.ebx: 7790568 registers.esi: 93672736 registers.ecx: 996760119	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x72951194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x72822ba1 mscorlib+0x2f034b @ 0x719f034b mscorlib+0x357162 @ 0x71a57162 mscorlib+0x30ab40 @ 0x71a0ab40 0x64425ad mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 113569752 registers.edi: 0 registers.eax: 113569752 registers.ebp: 113569832 registers.edx: 997 registers.ebx: 7790568 registers.esi: 93672736 registers.ecx: 996758295	1
__exception__ Nov. 27, 2023, 9:24 a.m.	stacktrace: CopyPDBs+0x1b552 DllCanUnloadNowInternal-0x25a85 clr+0x1b1194 @ 0x72951194 LogHelp_TerminateOnAssert+0x14061 GetPrivateContextsPerfCounters-0x53e1 clr+0x82ba1 @ 0x72822ba1 mscorlib+0x32477f @ 0x71a2477f mscorlib+0x324631 @ 0x71a24631 mscorlib+0x324568 @ 0x71a24568 0x6441455 mscorlib+0x30c9ff @ 0x71a0c9ff mscorlib+0x302367 @ 0x71a02367 mscorlib+0x3022a6 @ 0x71a022a6 mscorlib+0x302261 @ 0x71a02261 mscorlib+0x30ca7c @ 0x71a0ca7c DllUnregisterServerInternal-0x7aa2 clr+0x2652 @ 0x727a2652 DllRegisterServerInternal+0x243 CoUninitializeEE-0xd1f5 clr+0x1264f @ 0x727b264f DllRegisterServerInternal+0xa89 CoUninitializeEE-0xc9af clr+0x12e95 @ 0x727b2e95 DllGetActivationFactoryImpl+0x3ff1 CreateApplicationContext-0x654b clr+0xa07d8 @ 0x728407d8 LogHelp_TerminateOnAssert+0x920d GetPrivateContextsPerfCounters-0x10235 clr+0x77d4d @ 0x72817d4d LogHelp_TerminateOnAssert+0x927b GetPrivateContextsPerfCounters-0x101c7 clr+0x77dbb @ 0x72817dbb LogHelp_TerminateOnAssert+0x9348 GetPrivateContextsPerfCounters-0x100fa clr+0x77e88 @ 0x72817e88 DllUnregisterServerInternal+0x22cb DllRegisterServerInternal-0x604d clr+0xc3bf @ 0x727ac3bf DllGetActivationFactoryImpl+0x3ead CreateApplicationContext-0x668f clr+0xa0694 @ 0x72840694 DllGetClassObjectInternal+0x55056 CorDllMainForThunk-0x374a5 clr+0x11a0cf @ 0x728ba0cf BaseThreadInitThunk+0x12 VerifyConsoleIoHandle-0xb3 kernel32+0x133ca @ 0x755c33ca RtlInitializeExceptionChain+0x63 RtlAllocateActivationContextStack-0xa1 ntdll+0x39ed2 @ 0x76f49ed2 RtlInitializeExceptionChain+0x36 RtlAllocateActivationContextStack-0xce ntdll+0x39ea5 @ 0x76f49ea5 exception.instruction_r: c9 c2 10 00 cc cc cc cc cc 8b ff 55 8b ec 56 8b exception.symbol: RaiseException+0x58 CloseHandle-0x9 kernelbase+0xb727 exception.instruction: leave exception.module: KERNELBASE.dll exception.exception_code: 0xe0434f4e exception.offset: 46887 exception.address: 0x7597b727 registers.esp: 113569764 registers.edi: 0 registers.eax: 113569764 registers.ebp: 113569844 registers.edx: 997 registers.ebx: 7790568 registers.esi: 93672736 registers.ecx: 996758279	1

One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.

HTTP traffic contains suspicious features which may be indicative of malware related traffic (2 events)

suspicious_features	POST method with no referer header, POST method with no useragent header, Connection to IP address				suspicious_request	POST http://185.172.128.100/u6vhSc3PPq/index.php
suspicious_features	GET method with no useragent header, Connection to IP address				suspicious_request	GET http://185.172.128.113/hv.exe

Performs some HTTP requests (2 events)

request	POST http://185.172.128.100/u6vhSc3PPq/index.php
request	GET http://185.172.128.113/hv.exe

Sends data using the HTTP POST Method (1 event)

request

POST http://185.172.128.100/u6vhSc3PPq/index.php

Allocates read-write-execute memory (usually to unpack itself) (50 out of 484 events)

Time & API	Arguments	Status
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755dc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75984000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755da000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75981000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755dc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75981000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c3000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75981000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75981000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75703000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75981000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75980000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75981000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755ec000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755ed000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597c000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755dc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597b000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755dc000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75988000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75988000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755ec000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75988000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x75988000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597d000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7563f000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c5000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c4000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597d000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c1000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x7597d000 process_handle: 0xffffffff	1
NtProtectVirtualMemory Nov. 27, 2023, 9:23 a.m.	process_identifier: 2560 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x755c4000 process_handle: 0xffffffff	1

Steals private information from local Internet browsers (9 events)

file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Web Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Login Data
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Cookies
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ckpaelocniggkheibcacecnmmlmeodfa
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Local State
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
file	C:\Users\test22\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn

Creates executable files on the filesystem (2 events)

file	C:\Users\test22\AppData\Local\Temp\1000078001\hv.exe
file	C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll

Creates a suspicious process (2 events)

cmdline	SCHTASKS /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\test22\AppData\Local\Temp\b64c58644b\Utsysc.exe" /F
cmdline	"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\test22\AppData\Local\Temp\b64c58644b\Utsysc.exe" /F

Drops a binary and executes it (2 events)

file	C:\Users\test22\AppData\Local\Temp\b64c58644b\Utsysc.exe
file	C:\Users\test22\AppData\Local\Temp\1000078001\hv.exe

Drops an executable to the user AppData folder (3 events)

file	C:\Users\test22\AppData\Local\Temp\Protect544cd51a.dll
file	C:\Users\test22\AppData\Local\Temp\1000078001\hv.exe
file	C:\Users\test22\AppData\Local\Temp\b64c58644b\Utsysc.exe

A process created a hidden window (3 events)

Time & API	Arguments	Status	Return
ShellExecuteExW Nov. 27, 2023, 9:23 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\b64c58644b\Utsysc.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\b64c58644b\Utsysc.exe	1	1
ShellExecuteExW Nov. 27, 2023, 9:23 a.m.	show_type: 0 filepath_r: SCHTASKS parameters: /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\test22\AppData\Local\Temp\b64c58644b\Utsysc.exe" /F filepath: SCHTASKS	1	1
ShellExecuteExW Nov. 27, 2023, 9:23 a.m.	show_type: 0 filepath_r: C:\Users\test22\AppData\Local\Temp\1000078001\hv.exe parameters: filepath: C:\Users\test22\AppData\Local\Temp\1000078001\hv.exe	1	1

Checks adapter addresses which can be used to detect virtual network interfaces (1 event)

Time & API	Arguments	Status	Return	Repeated
GetAdaptersAddresses Nov. 27, 2023, 9:24 a.m.	flags: 1158 family: 0	1	0	0

An executable file was downloaded by the process utsysc.exe (1 event)

Time & API	Arguments	Status	Return	Repeated
InternetReadFile Nov. 27, 2023, 9:23 a.m.	buffer: MZÿÿ¸@º´ Í!¸LÍ!This program cannot be run in DOS mode. $PEL6±ü°à\v~,\ @\@ ^@0,\K`\oà]Ð+\ H.text\ \ `.sdataH@\\@À.rsrco`\p\@@.relocà]]@B`,\HäÚÐF¾~Aj+ (È%U&-ù(;1( B+ (:cp:&-ùB+ (P&-ùj+ (g``F&-ù((V+ (ú"g&-ù(;1b+ (º $3&-ùþ ( B+ (n¯4Q&-ùB+ (ãÈz4&-ù0Ý+ (2Ñ:W&-ù(9 & 8+(;1 8s 8@ þþE ¬ÿÿÿ<2N»ÿÿÿ ¬ÿÿÿd 8Íÿÿÿs 8¹ÿÿÿs 8¥ÿÿÿs 8Ýÿÿÿ& 9ÿÿÿ&s 9tÿÿÿ&f+ (Q`&-ù~o f+ (ö8L&-ù~o f+ (_.0M&-ù~o f+ (mfc&-ù~o f+ (ìwH&-ù~o B+ (¨`mN&-ùB+ (#JS&-ù0B+ (F+k&-ù~ (3 9r¹pÐ (6o4 s5 ~ R+ (¶ñaW&-ù~ V+ (E³02&-ù ¶+ (µ:Y&-ù(9rp~ (:(;t ¶+ (Å¨lQ&-ù(9r)p~ (:(;t f+ (ÿ,.O&-ùþ ( B+ (×/0&-ùB+ (ÒÛ`A&-ùV+ (Ñ¢P:&-ù(1+ (mØ[a&-ùþ þ þ o6 f+ (ÀaB&-ùþ (, ¢+ (¦N!`&-ù(?s=(7 t j+ (@qCe&-ù(;1(BR+ (ÁØC/&-ù~V+ (»,1&-ù(;1B+ ( od&-ùB+ (ok&-ùb+ (a&-ùþ (8 R+ (J@;f&-ù(DV+ (åcC&-ù(>0+ (G5e&-ù(9& 9.&(}8& 8(~86 þþE¶ÿÿÿ»ÿÿÿËÿÿÿ¶ÿÿÿ( :Øÿÿÿ&þws9 ( 8»ÿÿÿz+ (Q&-ù( o(: V+ (MäY>&-ù{Z+ (@ 6&-ù}V+ (?gm&-ù(Z+ (¶ z\&-ùoHV+ ("eL&-ù{ Z+ ($¸.W&-ù} V+ (ß/0&-ù(Z+ (£ÒIA&-ù(V+ (8a!h&-ù{Z+ ( O7&-ù}V+ (÷"3&-ù(Z+ (IZ&-ù(V+ ((ÿ~`&-ù{Z+ (ùßf`&-ù}V+ (ø_AR&-ùoSZ+ (µ9&-ù(V+ (/Ã!=&-ù{Z+ (0C&-ù}V+ (¨·sT&-ù(Z+ (VD 2&-ù(V+ (ÙU&-ù{Z+ (_.1&-ù}V+ (leC&-ùo[Z+ (O&-ùo\V+ (Df&-ù{Z+ (ö M&-ù}V+ (Ui&-ù(Z+ (51X&-ù(V+ ((ÉNL&-ù{Z+ (qD]&-ù}V+ (ï×3H&-ùocZ+ (¤ózE&-ù(V+ (xrFS&-ù{Z+ (°%LC&-ù}V+ (q@&-ù(Z+ (/»}<&-ùohV+ ( ÀVT&-ù{Z+ (×tOd&-ù}V+ (IR&-ù(Z+ (R¸_I&-ù(V+ ('V.&-ù{Z+ (ê??&-ù}V+ (îñCH&-ù(Z+ (`&-ù(V+ (ÌbE&-ù{Z+ (P"OR&-ù}V+ (Y$A&-ù(Z+ (Ë;b&-ùotV+ (j#=W&-ù{Z+ (ID&-ù}V+ (£g>&-ù(Z+ (\|»5&-ùoxV+ (:.&-ù{Z+ (Á9i&-ù}V+ (ú·>\&-ù(Z+ ()e&-ù(V+ ("JT&-ù{Z+ (UW&-ù}V+ (úó}Q&-ù(Z+ (]/p[&-ù(V+ (tï#O&-ù{Z+ (Q¿df&-ù}V+ (ÊpB&-ù(Z+ (,G&-ù(V+ (¡N9&-ù{Z+ (² m& request_handle: 0x00cc000c	1	1	0

The binary likely contains encrypted or compressed data indicative of a packer (6 events)

section

{u'size_of_data': u'0x00024a00', u'virtual_address': u'0x00001000', u'entropy': 7.981885161659386, u'name': u' ', u'virtual_size': u'0x00049212'}

entropy

7.98188516166

description